Deny users in a certain group access to dovecot

Posted by celil on Server Fault See other posts from Server Fault or by celil
Published on 2011-01-10T23:38:22Z Indexed on 2011/01/10 23:55 UTC
Read the original article Hit count: 269

Filed under:

dovecot

|

admin

|

blocked

I installed the dovecot-imapd package in Ubuntu, and my setup is as follows:

$ sudo dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-27-generic-pae i686 Ubuntu 10.04.1 LTS 
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imaps
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl dotlock
auth default:
  passdb:
    driver: pam
  userdb:
    driver: passwd

For security reasons I would like to deny all users that are in the admin group ability to do imap login via dovecot. This is done in order to prevent a brute force attacker from discovering the admin passwords, and obtaining administrator privileges on the system.

How can this be achieved? Presumably, I will have to modify some settings in /etc/dovecot/dovecot.conf, but I am hesitant to change the default settings lest I create other security vulnerabilities.

© Server Fault or respective owner

Related posts about dovecot

Thunderbird doesn't show folders on a new Dovecot install

as seen on Server Fault - Search for 'Server Fault'
Hey, I set up a new mailserver with postfix and Dovecot some days ago, everything is working except for Thunderbird not showing any folders. Evolution shows me all folders. I migrated from a Courier install using imapsync. In the filesystem the folders don't have a INBOX in their name, so the… >>> More
How to start dovecot?

as seen on Server Fault - Search for 'Server Fault'
I'm building a web server to host multiple websites. I got everything working except the mail server. I'm using linode to host my vps and I've been following their tutorials. FYI, I'm using Ubuntu 11.10. Here is the link I've been following, http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10… >>> More
Dovecot install: what does this error mean?

as seen on Server Fault - Search for 'Server Fault'
I have postfix and dovecot installed on CentOS 6 (linode) along with MySQL. The table and user is already set up, postfix installed fine, but dovecot gives me this error in the mail log: Warning: Killed with signal 15 (by pid=9415 uid=0 code=kill) The next few lines say this: Apr 7 16:13:35 dovecot:… >>> More
Couldn't drop privileges: User is missing UID (see mail_uid setting)

as seen on Server Fault - Search for 'Server Fault'
I'm hoping I can use some help. I'm configuring dovecot_ldap, but I can't seem to be able to get dovecot to authenticate the ldap user. Below is my config and log info: hosts = 192.168.128.45:3268 dn = cn=Administrator,cn=Users,dc=company,dc=example,dc=com dnpass = "passwd" auth_bind = yes ldap_version… >>> More
Dovecot throws obsolete warnings, even though dovecot.conf updated on Ubuntu 11

as seen on Server Fault - Search for 'Server Fault'
In trying to set up SASL for dovecot on Ubuntu 11, I keep getting obsolete warnings in my log: Sep 10 15:33:53 server1 dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:24: passdb {} has been replaced by passdb { driver= } Sep 10 15:33:53 server1 dovecot: config: Warning:… >>> More

Related posts about admin

Django-admin.py not working (-bash:django-admin.py: command not found)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm having trouble getting django-admin.py to work... it's in this first location: /Users/mycomp/bin/ but I think I need it in another location for the terminal to recognize it, no? Noob, Please help. Thanks!! my-computer:~/Django-1.1.1 mycomp$ sudo ln -s /Users/mycomp/bin/django-admin.py /Users/mycomp/django-1… >>> More
Macports irssi & perl5 installation issues

as seen on Super User - Search for 'Super User'
Long time reader, first time poster. Big, appreciative thanks for everyone's collective questioning and answering here and at stackoverflow, it's helped me quite a lot over the time I've been learning answers through these sites! Apologies in advance if I didn't search hard enough on posts already… >>> More
Django: Using 2 different AdminSite instances with different models registered

as seen on Stack Overflow - Search for 'Stack Overflow'
Apart from the usual admin, I want to create a limited admin for non-staff users. This admin site will have different registered ModelAdmins. I created a folder /useradmin/ in my project directory and similar to contrib/admin/_init_.py I added an autodiscover() which will register models defined… >>> More
is there any way to have admin privileges in non-admin accounts in xp

as seen on Super User - Search for 'Super User'
I mean, like in windows 7 that you can access the files of other users only if you provide a correct password. Is there any way that we could implement this kind of OS behavior in xp? >>> More
Windows 7 - Non Admin run as Admin for Explorer - still can't see all tmp internet files

as seen on Super User - Search for 'Super User'
I'm trying to retrieve video files from the IE 8 cache for a user that's not an admin in Win 7. As a non admin user, I run Explorer as admin and still can't see the temp internet files for the non admin user. Only if I login as a user that is admin can I see the files. Is there any way I can… >>> More