Date: Tue, 29 Oct 2013 08:54:04 +0100
From: Robert Schetterer <[email protected]>
To: [email protected]
Subject: Re: [Dovecot] Encryption solution for messages at rest
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
you shouldnt host mail/imap services on the same servers with massive
http hosting,
You shouldn't host anything else on a webserver FULLSTOP.
Webservers are best treated as "disposable" and should be heavily
sandboxed. Any resources they can use should be vetted and ideally set
as "read only"
Inbound external access should be firewalled down to the webserver ports
and OUTBOUND traffic should be firewalled too (If it has no business
initiating external connections then block all SYNs), in order to stop
it becoming a DDoS zombie.
It's foolish (at best) to have mail servers running on a webserver,
because if it's compromised it can immediately be used as a spam engine
without much further effort.
At least if it has to hand mail off to another mailserver you have a
chance to run outbound filtering on the emitted mail without worrying
about that being compromised too.
