administrator permissions mail server

Hi everyone,

I am sorry if this is not the exact forum to post this question but seemed the most relevant.
I am working in a network with 40/50 PC's managed by 3 people with administrator passwords.
The OS used is GNU/Linux.
There is also a webmail service provided by the same server, which is also maintained
by the same people.
My question is the following:
Since the administrator has of course access to all user files, does this mean that
one with administrator privileges can read everybody's emails?

Cheers,
step0ut

More than likely they can read other people's email if they
wish, it depends on what you mean by administrator password.

Is this root?

Stephen Hauskins
Divisional Liaison
Academic Computing Group
Division of Physical and Biological Sciences

We can't solve problems by using the same kind of thinking we used
when we created them.   Albert Einstein


On Tue, 6 Feb 2007, Step0ut wrote:

Step0ut wrote:

Yes it does. Since the mail is stored in whatever way (/var/spool/mail,
maildir, SQl etc.) The root user can read these files and thus read the
mail of all the users.

Depends on if administrator privledges means root or not, in suse
openexchange for instance they implemented admin interfaces for user/group
admin without the ability to read mail. root of course can do whatever he
or she wants.

On Tue, 6 Feb 2007, Step0ut wrote:

On Tuesday 06 February 2007 04:51, Step0ut wrote: Short answer is yes. You may want to research SELinux, but be advised that you
would have to go beyond protecting files/directories. You probably have to
deal with lots of scope for network sniffers, etc., as well.

Protecting an internal network against it's own administrators is going to be
extremely difficult. Even if you build some sort of uber-bastion host that
checks everything on other servers, client machines, etc., at the end of the
day you have to trust at least one admin.

It *might* be possible to at least set up an audit system that's likely to
catch bad actors. But I wouldn't bet on it, unless your budget allows for
defense mechanisms commonly found in financial institutions, highly secure
military systems, etc.

As always, it comes down to the value of what you're trying to protect, the
likely threats, and the cost tradeoffs.

--
Greg Metcalfe

Hi.

On Tue, 6 Feb 2007, Step0ut wrote:
> I am sorry if this is not the exact forum to post this question but
> seemed the most relevant. I am working in a network with 40/50 PC's
> managed by 3 people with administrator passwords. The OS used is
> GNU/Linux. There is also a webmail service provided by the same
> server, which is also maintained by the same people. My question is
> the following: Since the administrator has of course access to all
> user files, does this mean that one with administrator privileges
> can read everybody's emails?

Yes.

If you are concerned about administrators of the mail server use
encryption: <http://gnupg.org/>

Note that if they are also administrators of your local computer, they
can as well steal your key and install a keylogger to get all your
gnupg passwords.

--
Regards,
ASK

Hi,

Yes, It's you so.
You should make account every administrator.
That's why you can get system logs per account.

Regards,

Hiroaki Kondo
Security Consultant in Japan.

Depends on the setup.  Most email servers store everything in plain text.  In the case of the linux machine it really depends on the file permissions, and what you mean by 'administrator passwords'.  If there are 3 people using the root account, then yes they can all read it.  Best guess tho, if they're administrating the mail server, error on the side of them having the ability to read anything on it.

-Rick

On Tue, Feb 06, 2007 at 04:51:14AM -0800, Step0ut wrote:

If you're worried about this, you need to look into end-to-end
encryption. S/MIME can be implemented fairly easily (or OpenPGP if you
have the patience to exchange keys with the people you want to talk
to).

If you don't know what either of the above are, you'll either (1) fail
to implement it correctly and your admins will still be able to read
your mail, or you'll (2) clue your admins into the fact that you don't
trust them because you'll have to hire a consultant who'll end up
having to talk to your admins anyway.

Even if you totally trust your admins, you should be aware that email
is inherently insecure. You shouldn't be sending sensitive information
over email... period. Send an email saying "I have sensitive
information for you" at most. Then give access to that information in
some other manner.

Peace,
CMP

On 2/6/07, Step0ut <step0ut@...> wrote:
--
Cristóbal M. Palmer
UNC-CH SILS Student -- ils.unc.edu/~cmpalmer
TriLUG Vice Chair
"There are many roads to enlightenment, and thus many roads back to
the One True Debian" --crimsun