>
> I am running roundcube and dovecot on the same machine. To avoid the
> described scenario, I have:
>
> 1. Enabled and configured selinux on that machine,
> 2. Enabled mail-crypt plugin with user keys in dovecot.
>
> This should make it hard for an attacker to get access to the emails
> even
On 2023-09-08, Robert Senger wrote:
> I am running roundcube and dovecot on the same machine. To avoid the
> described scenario, I have:
>
> 1. Enabled and configured selinux on that machine,
yes selinux is a must have
> 2. Enabled mail-crypt plugin with user keys in dovecot.
>
> This should
I am running roundcube and dovecot on the same machine. To avoid the
described scenario, I have:
1. Enabled and configured selinux on that machine,
2. Enabled mail-crypt plugin with user keys in dovecot.
This should make it hard for an attacker to get access to the emails
even with root access
Hi Joe,
The only issue I had, is that for cryptic reasons (FreeBSD 13-STABLE)
"localhost" did not resolve, I had too replace it with "127.0.0.1"
But YMMV
Regards,
Xavier
Le 9/7/23 23:00, joe a a écrit :
Any known issues with installing/running roundcube and dovecot on the
same server?
On 9/7/2023 17:00:51, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Placing roundcube on its
El 8/9/23 a les 11:59, Marc ha escrit:
Since when does a hacked website gain root? What argument is next, when
your
storage solution is hacked they have access to your files? Are you not
working
with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley
> > Since when does a hacked website gain root? What argument is next, when
> your
> > storage solution is hacked they have access to your files? Are you not
> working
> > with linux? How frequent are exploits that give you a root.
>
> I was responding to jeremy ardley considering root access
>
> A web search on 'linux web server exploits that gain root' will give
> many examples.
No, not. And you better get your info for this type of stuff from cve websites
or apache vulnerability list.
> Security design by first principle assumes that an attacker will gain
> root access.
I
On 2023-09-08, Marc wrote:
> Since when does a hacked website gain root? What argument is next, when your
> storage solution is hacked they have access to your files? Are you not working
> with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley considering
On 8/9/23 16:24, Marc wrote:
Since when does a hacked website gain root?
A web search on 'linux web server exploits that gain root' will give
many examples.
Security design by first principle assumes that an attacker will gain
root access.
Best practise is to limit the damage that can
>
> There is a generic issue with doing this. That is if you have roundcube
> (or any other web mail interface) on the same server as dovecot, a
> breach of the web interface could be quite serious and allow access to
> the complete mail store.
No this is crap. user/group is are preventing this.
>
> On 2023-09-08, jeremy ardley via dovecot wrote:
>
> > The scenario you describe does not consider a breach of the web mail
> service
> > that allows root access to the file system.
> >
> > If the web service is compromised to that extent then the mail file store
> is
> > also compromised.
>
El 8/9/23 a les 10:07, Michel Verdier ha escrit:
On 2023-09-08, jeremy ardley via dovecot wrote:
The scenario you describe does not consider a breach of the web mail service
that allows root access to the file system.
If the web service is compromised to that extent then the mail file store
On 2023-09-08, jeremy ardley via dovecot wrote:
> The scenario you describe does not consider a breach of the web mail service
> that allows root access to the file system.
>
> If the web service is compromised to that extent then the mail file store is
> also compromised.
>
> If the mail file
El 8/9/23 a les 0:50, jeremy ardley via dovecot ha escrit:
On 8/9/23 05:00, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
There is a generic issue with doing this. That is if you have roundcube
(or any other web mail interface) on the same
On 8/9/23 07:38, dovecot--- via dovecot wrote:
Roundcube does not have direct file access to the emails even on the
same server. Roundcube opens a connection to dovecot, supplies the
user/pass/login credentials to dovecot, and dovecot fetches the email
stores and serves it to roundcube.
Any known issues with installing/running roundcube and dovecot on the same
server?
There is a generic issue with doing this. That is if you have roundcube (or any
other web mail interface) on the same server as dovecot, a breach of the web
interface could be quite serious and allow access
On 8/9/23 05:00, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
There is a generic issue with doing this. That is if you have roundcube
(or any other web mail interface) on the same server as dovecot, a
breach of the web interface could be
On Thu, Sep 07, 2023 at 05:00:51PM -0400, joe a wrote:
> Any known issues with installing/running roundcube and dovecot on the same
> server?
>
No!
___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to
Thanks.
On 9/7/2023 17:09:25, robert k Wild wrote:
Simple answer is no issues at all, I've done it all on the same server and
my server has
Postfix, dovecote and roundcube
On Thu, 7 Sept 2023, 22:05 joe a, wrote:
Any known issues with installing/running roundcube and dovecot on the
same
On 9/7/23 17:00, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
I'm running two such installations; no difficulty.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
___
dovecot mailing
Simple answer is no issues at all, I've done it all on the same server and
my server has
Postfix, dovecote and roundcube
On Thu, 7 Sept 2023, 22:05 joe a, wrote:
> Any known issues with installing/running roundcube and dovecot on the
> same server?
>
22 matches
Mail list logo