This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.
Differences between revisions 1 and 2
Revision 1 as of 2007-03-19 15:31:30
Size: 862
Editor: TimoSirainen
Comment:
Revision 2 as of 2009-03-15 22:35:07
Size: 862
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 * You can chroot authentication and mail processes (see ["Chrooting"])  * You can chroot authentication and mail processes (see [[Chrooting]])
Line 11: Line 11:
 * There are some security related SSL settings (see ["SSL/DovecotConfiguration"])  * There are some security related SSL settings (see [[SSL/DovecotConfiguration]])

Security tuning

Dovecot is pretty secure out-of-the box. It uses multiple processes and privilege separation to isolate different parts from each others in case a security hole is found from one part.

Some things you can do more:

  • Allocate each user their own UID and GID (see UserIds)

  • Use a separate dovecot-auth user for authentication process (see UserIds)

  • You can chroot authentication and mail processes (see Chrooting)

  • Compiling Dovecot with garbage collection (--with-gc configure option) fixes at least in theory any security holes caused by double free()s. However this hasn't been tested much and there may be problems.

  • There are some security related SSL settings (see SSL/DovecotConfiguration)

  • Set first/last_valid_uid/gid settings to contain only the range actually used by mail processes

None: SecurityTuning (last edited 2010-02-11 06:41:13 by fw28)