On 2023-09-08, Robert Senger wrote: > I am running roundcube and dovecot on the same machine. To avoid the > described scenario, I have: > > 1. Enabled and configured selinux on that machine,
yes selinux is a must have > 2. Enabled mail-crypt plugin with user keys in dovecot. > > This should make it hard for an attacker to get access to the emails > even with root access gained through a compromised web server. mail-crypt is useful if attacker get access to the mails but not to the keys. If you store mails on the same system it's useless _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org