I have a Debian Jessie server that provides (web-)mail using postfix, dovecot and roundcube.
To log-in to roundcube webmail, I have to use my system user name and password. This seems like a major security flaw - although roundcube uses an ssl encryption I might one day use a corrupted computer in an internet café. If somebody else gets the webmail log-in information she also has access to my server including sudo (root) privileges.
I would like to use a different password for (web-)mail (and also for all other services that I might use on different computers).
Therefore, I have the following questions:
- In which part(s) of the mail server do I have to make a change to alter the mail password?
- What precisely do I have to change?