Defence

In a hostile world DBMail like every other app that faces the public internet needs to protect its borders. IMAP, POP, LMTP and Sieve need protection against unwanted cybersecurity threats.

Some services such as LMTP should not be public, they should be only available to the MTA delivering emails to DBMail.

Once configured IMAP POP and Sieve are automated, if there are multiple attempted logins it's a strong indicator of a threat.

Webmail services such as Squirrel mail or Roundcube require more thought.

As you're responsible for managing your users and defending against threats, it's important to remember you have more control and can enable/disable individual accounts. 0 disables an account and 1 activates it.

Currently only available for auth=sql

UPDATE dbmail_users set active = 0 where userid = 'userid';