mail server recommendations?

[Mark Johnston]

Miroslav Lachman <000.fbsd at quip.cz> wrote:
> Hi, I am running similar configuration on several machines (Postfix +
> Courier-IMAP [with POP3ssl/IMAP4ssl] + MySQL). I have a guestion about
> one general difference - unique UID / GID for each user. I guess it
> provide more security, but also some troubles. If all virtual users
> (stored in MySQL) have same UID/GID, postfix can be configured to create
> maildirs itself with first incoming message. If each user has unique
> UID, maildirs must be created manualy (or from shellscript) and chowned
> to UID/GID.

Exactly - that's the tradeoff.

> My question: "If all virtual users have same UID/GID, is there some real
> security risk?".

Sharing UIDs and GIDs can have good or bad effects on security.  On a server 
with no users logging in, like mine, it's moot; nobody (well, nobody who 
hasn't compromised the server) can get at the maildir storage on disk, so 
nobody (ditto) can play with the mailboxes.  On a server where users do log 
in, you can go two routes:

- Unique UIDs/GIDs.  This makes things more convenient for the user, since 
they can use mail clients on the server and get right at their mail.  If you 
want to have local mail clients work at all, you have to do this.

- Shared UID/GID.  In this case, the user can't get at their own maildir, and 
they'll have to use LDAP/POP3 over loopback to read their mail.  It does make 
management easier, though.

It sounds to me like you're working with a server where users don't log in, 
since you're using MySQL to manage user accounts.  In that case, unique UIDs 
buy you essentially nothing.

> I'll be glad to read if same UID/GID is secure or not, because I am
> writing webbased administration tool in PHP and main problem is creation
> of maildirs for new accounts. Same UID/GID could solve my problem.

The only time that unique UIDs and GIDs are useful is when the user will be 
logging in locally, so you can just look in /etc/passwd, find the user's UID, 
and create the maildir with that.  If the user doesn't have a system account, 
you've got no reason to start making up UIDs to give them one; just share a 
single UID.

> PS: sorry for my bad english and a little offtopic message

Since you say "offtopic", I assume you intended this for the freebsd-isp list, 
instead of private mail.  I've taken the liberty of including the list in the 
Cc again, since security advice like this shouldn't go unreviewed.  :)  You 
might also want to move this thread to freebsd-security at freebsd.org, to reach 
people with more security know-how.

> PPS: I'll publish webbased administration tool on sourceforge.net after
> completition