[CentOS] Need help in securing maildir so that root user should not able to read anyother user's mail

Sun Mar 18 20:40:46 UTC 2007
John Summerfield <debian at herakles.homelinux.org>

ankush grover wrote:
> Hi friends,
> 
> My company is currently using Exchange Servers for Mail Server
> solutions but now they want to move to Linux Servers due to heavy cost
> involved with the Exchange Users.We will be using the latest version
> of Centos.
> 
> So the kind of solution we are looking is below:
> 
> 
> a) Postfix or Sendmail as MTA.
> b) Dovecot or Cyrus Imap with Quota as Pop & Imap server.
> c) Security of Maildir means even root user should not be able to read
> any user's mail.

How could you back it up?

> d) Global Address Book on Ldap or any other.
> e) Using samba/ldap for client authentication.

You can authenticate against AD.

In principal you could use standard LDAP tools to extract the info and 
insert it into openldap, but I don't know about passwords, and probably 
you will want to keep AD anyway.

> 
> Most concerned part here is part c as we don't want any user to be
> able to read any other user's mail including root.

Root must be able to "become" the imap server, otherwise you couldn't 
start it. Being able to do that, even if root couldn't read it directly, 
it would be possible by "su cyrus"

Is this less secure than Windows? Give me the right to boot a CD of my 
choice and five minutes and we'll see.




-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list