On 9/13/2013 3:18 PM, Eric Shubert wrote:
I think that's the case with qmailadmin to some extent. The postmaster
can control all accounts in the domain.
What would be the purpose of allowing the postmaster to read/delete
people's emails?
The QMT administrator can of course grep through emails and look at
them with "less" or whatever tools are available there. I would like
to see an option where even this would not be possible. I'm not in
favor of using the mbox format though (in case someone's wondering).
The objective here is to ensure that emails are as private as
possible, and the user is entirely in control as much as practical.
OK, so you want to "secure" email messages in a Maildir (or mbox, for
that matter) format so that even root cannot read them? Good luck with
that! :-) (You might be able to do this with SELinux, but even then,
root can dynamically turn off enforcement, so you're outta luck!)
The only way the *I* know of to protect data against root access is to....
.... drum roll....
_*turn off the system and destroy the hard drives.*_
Otherwise, the root user can accomplish whatever s/he has the heart,
mind, desire, and skills to accomplish on that system... which is why a
rootkitted *nix system is such a dangerous animal! (When I did security
consulting, I told clients who had been rooted to not even TRY to
re-secure such a system... build a NEW system & just copy over the data.)
Quick aside: Its also why I insist on having a /home filesystem that
I can put ALL user accessible storage on -- and then set the NODEV &
NOSUID flags on the mount!
Mind you -- not being *able *to access data is not the same thing as not
being able to EASILY access that data!
Thus, when my users inquire, I tell them that:
a) Yes, I am the root user on the mail server, so I CAN see
EVERYTHING! But...
b) I am not a snoop, and my privacy policy states that I WON'T
actually read any emails or other documents that belong to them unless
specifically authorized to do so.
They have to trust me NOT to read their mail with a mail reader, open a
word document with a document reader, etc... while at the same time
giving me the ability to read the file with various other programs --
like virus scanners, backups, and other system admin activities.
If you don't trust your system admin, move to another system (or other
system admin!)
Dan McAllister
--
PLEASE TAKE NOTE OF OUR NEW ADDRESS
===================================
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
