Thanks for the explanations. I don’t think these security concerns are applicable in my case. My email system is a closed one. No mail is accepted from unauthenticated users. All users know their mail is monitored/administered by the admistrator.
I don’t believe that allowing IMAP access to all users mailboxes from a localhost script is any more insecure than allowing access to the underlying db through direct connection to MySQL. Anyway, I’d still like to know what is the best way to set up a localhost IMAP admin user. It would be nice if DBMail had the concept of “admin” user from localhost built in, but I think I’m going to have to create an ACL for all mailboxes (perhaps by an SQL trigger) and have a huge ACL table (unless a wildcard ACL were supported). Maybe I’ll hack in an admin user or wildcard ACLs in my build of DBMail, if it is not supported now. I’m no expert programmer, but I did manage to hack in support for Blowfish password hashing. So my confidence has grown a little in the last couple of days. Kevin On Jan 31, 2014, at 11:31 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 31.01.2014 17:20, schrieb KT Walrus: >>>> Lastly, I want to have an admin IMAP user that can login (only from >>>> localhost) and access/update/create/delete >>> do not setup such users, i don't know if it is possible >> >> Why? >> >> It should be safe if the admin IMAP user is restricted from logging in from >> a limited number of IPs (e.g., localhost only access). IMAP abstracts the >> mail store so my PHP scripts don’t need to know how the database is setup >> and how to manipulate the data in the database to retrieve messages, update >> mailboxes, etc. And, my PHP admin scripts should be much more portable in >> case I want to migrate to another mail storage system (e.g. Dovecot). >> >> Anyway, I’d like to understand more why you say “do not setup such users” as >> I currently think this is a reasonable thing to do and better than having my >> scripts messing around directly in the backend db. > > mostly because i am responsilble for security in my daily job and i am aware > how easy it is to miss a not closed restrcition as well as in my definition > of security the local network is handeled like a potential attacker > > doing so and only open as less as possible exeptions in the LAN leads > finally to not get a problem by misconfiguration for the WAN side and > thinking "ok that's possible because i sit where i sit" > > any "holes" and exceptions needs permanently reviewed and verified > ______________________________________________________ > > the other component is a legal / privacy thing > > per definition i am not allowed to login as a user with access to > his emails, but remove two of the three "trash"-incarnations or > add folders for a backend which does not show messages is no > problem - login as a user or as super-admin with access to every > users mailbox enforces to ask everytime before do so > > _______________________________________________ > DBmail mailing list > DBmail@dbmail.org > http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
