El 8/9/23 a les 10:07, Michel Verdier ha escrit:
On 2023-09-08, jeremy ardley via dovecot wrote:
The scenario you describe does not consider a breach of the web mail service
that allows root access to the file system.
If the web service is compromised to that extent then the mail file store is
also compromised.
If the mail file store is on a different device then an exploit has to not
only breach the web service on the interface device, it then has to breach the
remote store. This will be extremely difficult compared to simply breaching a
web server and locally exploiting it.
When the dovecot server is on a remote system and correct firewalls are in
place, then the attacker has to breach the imap protocols as well
But if root access is gained on the web server, root access is also
gained on roundcube. And mails, the important thing to protect, can be
freely read/deleted. At this point root access on the dovecot server
does not matter.
In a webmail-only container, the only information attacker can reach
gaining root permissions is what Roundcube stores:
- Logged-in account preferences (identifying used usernames)
- Data cache
MDA/IMAP server stores full mailboxes data, nor full accounts directory.
IMAP-only users are not compromised because of a remote webmail breach.
Another reason to separate software can be maintenance organisation:
- Separate administrators
- Update/upgrade OS as needed by one service but not the other
--
Narcis Garcia
__________
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
