Paul J Stevens wrote: > Dbmail should be started as root, where the effective user is set to a > non-privileged user. Doing so will > result in a single process running as root, with the forked children > running as for instance user dbmail.
In this case, why does the comment to dbmail.conf say that the effective user should be root to bind to a port <1024? > However, having dbmail.conf world-readable is *very* unwise. This will > expose your whole maildatabase to all > kinds of ugliness. Actually I use dbmail for local storage, so security is provided by only binding dbmail-imap (and mysql) to localhost. I would prefer to not let mysql listen on tcp at all (unix socket only) but I was unable to find this option in its config file, so I told it to bind to localhost. Another layer is added by iptables, as port 1043 (which I use for local IMAP) is closed. The passwords on mysql and IMAP are therefore redundant, so I set them to simple values and there is no need to hide dbmail.conf . But on a server that feeds anything to the outside, I would agree. The usage as local storage (for big folders) has uncovered some bottlenecks in dbmail-imapd. I'll write about them to the dev list now. Yours, Mikhail Ramendik
