[Dovecot] replication howto
tss at iki.fi
Thu Mar 15 23:05:54 EET 2012
On 15.3.2012, at 22.48, Michael Grimm wrote:
> On 15.03.2012, at 18:57, Matteo Cazzador wrote:
>> Hi, yes it'a good idea but i'm using now root i hope this not
>> invalid all
> Actually it's a bad idea to use root for ssh from a security point
> of view. A hacked root account isn't fun. Thus, normally one needs
> to explicitly change the config of the sshd daemon to allow root
> logins (at least with FreeBSD what I'm using). Thus, I do recommend
> to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
More information about the dovecot