======== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Debian 9 & Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

After successfully installing my primary iRedMail MX on an Ubuntu Server 16.04, I tried to install iRedMail on a new server to get a backup MX.

I just need a backup MX which can :
- Perform Spam/Virus scan
- Perform a domain sorting (only allow mails for domains configured on my primary MX, reject others)
- Store and forward "clean" mails to primary MX  for all users of the domain (users sorting will be performed by primary MX)

So I installed my backup MX on a fresh Debian 9 server with the following options when running "iRedMail.sh" :
- Only install Nginx, iRedAdmin and Fail2Ban
- Choose MariaDB backend

After installation, in order to perform operations described in https://docs.iredmail.org/backupmx.html ,I tried to connect to the DB with the following command : "mysql -u root" and was not asked for the password. A "show databases" command shows the whole content of the DB.

Because I didn't get this issue when performing the full installation on my primary iRedMail (Ubuntu Server 16.04), I chose to install Ubuntu Server 18.04 on my Backup MX.

After re installing iRedMail with the same options (except I chose MySQL for backend) on the fresh Ubuntu 18.04 Server, the same issue appeared.

Is the command line to protect MySQL root access by password in a script I'm not executing in this install case ? Are there other such security leaks I should investigate for in this install case ?