Hi, On Fri, Sep 13, 2013 at 10:18 PM, Eric Shubert <[email protected]> wrote:
> What would be the purpose of allowing the postmaster to read/delete > people's emails? > Sometiems one needs to login to user's account and verify some config settings from webmail, for example. Easiest way to debug if an account is working, is to sent a user a msg, login to webmail and check if it is there. Or to send a msg from the webmail after a complaint "I cannot login to webmail" or "My account is not working" etc. > The QMT administrator can of course grep through emails and look at them > with "less" or whatever tools are available there. I would like to see an > option where even this would not be possible. I'm not in favor of using the > mbox format though (in case someone's wondering). As root can access the emails anyway, I do not see why postmaster couldn't login to user's account with a master password -- It's the same kind of situation as that root can access users homedirs and use sudo to login with user's account if needed to test something? I understand your concern for privacy. My view is is that sysadmins are not that different from medical doctors: the customers/patients trust you with their private and sensitive affairs, and it is your responsibility to keep the information only to yourself. Best, Peter
