diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
commit | f7548d6d28c313cf80e6f3ef89aed16a19815df1 (patch) | |
tree | a3f6f2a3f247293bee59ecd28e8cd8ceb6ca064a /doc/wiki/SecurityTuning.txt | |
parent | Initial commit. (diff) | |
download | dovecot-upstream.tar.xz dovecot-upstream.zip |
Adding upstream version 1:2.3.19.1+dfsg1.upstream/1%2.3.19.1+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/wiki/SecurityTuning.txt')
-rw-r--r-- | doc/wiki/SecurityTuning.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/wiki/SecurityTuning.txt b/doc/wiki/SecurityTuning.txt new file mode 100644 index 0000000..90a2dfa --- /dev/null +++ b/doc/wiki/SecurityTuning.txt @@ -0,0 +1,22 @@ +Security tuning +=============== + +Dovecot is pretty secure out-of-the box. It uses multiple processes and +privilege separation to isolate different parts from each others in case a +security hole is found from one part. + +Some things you can do more: + + * Allocate each user their own UID and GID (see <UserIds.txt>) + * Use a separate /dovecot-auth/ user for authentication process (see + <UserIds.txt>) + * You can chroot authentication and mail processes (see <Chrooting.txt>) + * Compiling Dovecot with garbage collection ('--with-gc' configure option) + fixes at least in theory any security holes caused by double free()s. + However this hasn't been tested much and there may be problems. + * There are some security related SSL settings (see + <SSL.DovecotConfiguration.txt>) + * Set 'first/last_valid_uid/gid' settings to contain only the range actually + used by mail processes + +(This file was created from the wiki on 2019-06-19 12:42) |