CentOS - Mar 2007 - Need help in securing maildir so that root user should not able to read anyother user's mail

Hi friends,

My company is currently using Exchange Servers for Mail Server
solutions but now they want to move to Linux Servers due to heavy cost
involved with the Exchange Users.We will be using the latest version
of Centos.

So the kind of solution we are looking is below:


a) Postfix or Sendmail as MTA.
b) Dovecot or Cyrus Imap with Quota as Pop & Imap server.
c) Security of Maildir means even root user should not be able to read
any user's mail.
d) Global Address Book on Ldap or any other.
e) Using samba/ldap for client authentication.

Most concerned part here is part c as we don't want any user to be
able to read any other user's mail including root.

Regards

Ankush

ankush grover wrote:
> c) Security of Maildir means even root user should not be able to read
> any user's mail.
You can do that with SElinux... you would have to limit filesystem 
access AND user access so that root just not su to a user and access it 
from there.

But someone who have physical access to the server will be able to get 
access. Administrative routines need access too, for stuff like backup 
and restore.

So for c) I would limit what I can and then have audit routines to map 
usage.

-- 

//Morten Torstensen
//Email: morten at mortent.org
//IM: Cartoon at jabber.no morten.torstensen at gmail.com

And if it turns out that there is a God, I don't believe that he is evil.
The worst that can be said is that he's an underachiever.

> c) Security of Maildir means even root user should not be able to read
> any user's mail.
> 
> Most concerned part here is part c as we don't want any user to be
> able to read any other user's mail including root.
What is the point of having an administrator that you cannot trust?

How are you going to recover mails say in case a user leaves or is 
otherwise incapable of digging out the mails for the company?

Do you lock the Exchange administrator out of all users mail too?

On Sun, Mar 18, 2007 at 12:57:21PM +0530, ankush grover
wrote:
> c) Security of Maildir means even root user should not be able to read
> any user's mail.
I think the real answer here is "be more careful who has root access".



-- 
Matthew Miller           mattdm at mattdm.org         
<http://mattdm.org/>
Boston University Linux      ------>             
<http://linux.bu.edu/>

ankush grover wrote:
> Hi friends,
> 
> My company is currently using Exchange Servers for Mail Server
> solutions but now they want to move to Linux Servers due to heavy cost
> involved with the Exchange Users.We will be using the latest version
> of Centos.
> 
> So the kind of solution we are looking is below:
> 
> 
> a) Postfix or Sendmail as MTA.
> b) Dovecot or Cyrus Imap with Quota as Pop & Imap server.
> c) Security of Maildir means even root user should not be able to read
> any user's mail.
How could you back it up?
> d) Global Address Book on Ldap or any other.
> e) Using samba/ldap for client authentication.
You can authenticate against AD.

In principal you could use standard LDAP tools to extract the info and 
insert it into openldap, but I don't know about passwords, and probably 
you will want to keep AD anyway.
> 
> Most concerned part here is part c as we don't want any user to be
> able to read any other user's mail including root.
Root must be able to "become" the imap server, otherwise you
couldn't
start it. Being able to do that, even if root couldn't read it directly, 
it would be possible by "su cyrus"

Is this less secure than Windows? Give me the right to boot a CD of my 
choice and five minutes and we'll see.




-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list