-1

I have a Debian Jessie server that provides (web-)mail using postfix, dovecot and roundcube.

To log-in to roundcube webmail, I have to use my system user name and password. This seems like a major security flaw - although roundcube uses an ssl encryption I might one day use a corrupted computer in an internet café. If somebody else gets the webmail log-in information she also has access to my server including sudo (root) privileges.

I would like to use a different password for (web-)mail (and also for all other services that I might use on different computers).

Therefore, I have the following questions:

  1. In which part(s) of the mail server do I have to make a change to alter the mail password?
  2. What precisely do I have to change?
speendo
  • 123
  • 7

2 Answers2

2

It's fine to use PAM for authentication, but separate the user accounts for the administrative access and applications on user-level like mail. You have to either separate the user database and authentication of dovecot and postfix from PAM, the system one's, or you have to create another system account you use for administration via SSH and not for mail.

The second option is very easy, just use adduser to create a new user, allow SSH login and sudo only for this user. Optionally require Public-Key-Authentication, so you won't need your password to log in remotely anymore (and it's not allowed). Changing the password system-wide for PAM is performed with passwd.

The other possibility is to change the authentication backend of dovecot's saslauth, configured in /etc/dovecot/conf.d/10-auth.conf.

sebix
  • 4,175
  • 2
  • 25
  • 45
  • Creating another account while conserving a sudo-user reaching emails does not sound like a good idea. Furthermore, speendo never speaks about SSH, public-key-authentication looks like off-topic. – philippe May 10 '15 at 13:01
  • @philippe Thanks, I added that sudo has to be configured accordingly. If public-key is required to administer the server remotely, the password of the user account is not enough to get access to it. – sebix May 10 '15 at 13:18
  • in fact I do use ssh public-key authentication but I am indeed looking for a solution where I can use a password as well. – speendo May 10 '15 at 13:19
  • @sebix: Ok, I didn't get your point. This is clearer indeed now. SSH works better with key authentication; and regarding this aspect, sebix gets the point: enforcing public-key authentication avoids connexion even if password leeks – philippe May 10 '15 at 15:43
1

There is a security flaw because you are using a privileged account (sudo account) to perform a task a normal user (without being privileged) would normally perform.

I would add a simple system account and use it to authenticate against roundcube to reach my emails.

Furthermore, I don't believe you needa system account for this. There must be another way to manage accounts (such as accounts stored in a database, (MySQL or LDAP)). The fact is, this is simpler for a basic installation to lay on system authentication, and this may fit a single usage. If you have hundreds of e-mail users, you would certainly not use system accounts. you may want to read this.

philippe
  • 2,131
  • 4
  • 30
  • 53
  • thanks for your response! For the moment we have only 4 users on the server. I didn't think it might pay to go too deep into LDAP or a different user database. Do you think so? – speendo May 10 '15 at 12:59
  • 1
    LDAP may be over-sized. And for less than 30 users, MySQL also. http://www.postfix.org/VIRTUAL_README.html#local provide a way to use system account; but I think then reaching users from a text file does not look too bad neither (http://lukas-schulze.de/2012/02/setup-postfix-and-dovecot-on-debian-squeeze-with-users-stored-text-file/) – philippe May 10 '15 at 13:05
  • this looks like a great solution. However, I have to read it through and understand it first - it doesn't look too simple... – speendo May 10 '15 at 13:32