This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.
Differences between revisions 2 and 3
Revision 2 as of 2009-03-15 22:35:07
Size: 862
Editor: localhost
Comment: converted to 1.6 markup
Revision 3 as of 2010-02-11 06:41:13
Size: 860
Editor: fw28
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

Security tuning

Dovecot is pretty secure out-of-the box. It uses multiple processes and privilege separation to isolate different parts from each others in case a security hole is found from one part.

Some things you can do more:

  • Allocate each user their own UID and GID (see UserIds)

  • Use a separate dovecot-auth user for authentication process (see UserIds)

  • You can chroot authentication and mail processes (see Chrooting)

  • Compiling Dovecot with garbage collection (--with-gc configure option) fixes at least in theory any security holes caused by double free()s. However this hasn't been tested much and there may be problems.

  • There are some security related SSL settings (see SSL/DovecotConfiguration)

  • Set first/last_valid_uid/gid settings to contain only the range actually used by mail processes

None: SecurityTuning (last edited 2010-02-11 06:41:13 by fw28)