email password in clear text

[ghislain]

of course the best is to use salted sha1 (md5 or sha1 without salt is vulnerable to rainbow table attacks). Postfix and courier seems to be able to handle this via the query in the DB you make in the cf.

Of course having the setup in flat file is a big win as when mysql dies the mails continues to work

i do not know how it can be handled, of course files means better reliability to problems in mysql but means harder work for the control panel (sync between the files and the db ).

you have:

1/ postfix
2/ courier
3/ spamassassin/amavis (?)
4/ others (?)

all those should be able to work together with one user base. With all the vulnerability that appears, having password hashed in mysql makes it less likely that a cross scripting issue somewhere can lead to the passwords disclosure.

Perhaps the authentification could be done with pam localuser using a separate shadow file (and not the system one via the file parameter) with the rest of the data like quotas or spam settings in the db. Another big win with pam is that it can be altered to use pam_ldap or other without needing to touch the mail daemon configuration themselves.

arg, it seems rather complicated to do it right

regards,
ghislain.