> > I am running roundcube and dovecot on the same machine. To avoid the > described scenario, I have: > > 1. Enabled and configured selinux on that machine, > 2. Enabled mail-crypt plugin with user keys in dovecot. > > This should make it hard for an attacker to get access to the emails > even with root access gained through a compromised web server. >
That depends on your selinux rules. If you want to go a little further. Use podman/docker to run roundcube and run it as a seperate user and give the container bind low port capabilities. I think docker/podman support this. Just in case juse separate uids with containers. _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org