|
Server : LiteSpeed System : Linux srv104790275 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64 User : dewac4139 ( 1077) PHP Version : 8.0.30 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, Directory : /usr/share/doc/dovecot-core/wiki/ |
Upload File : |
Security tuning
===============
Dovecot is pretty secure out-of-the box. It uses multiple processes and
privilege separation to isolate different parts from each others in case a
security hole is found from one part.
Some things you can do more:
* Allocate each user their own UID and GID (see <UserIds.txt>)
* Use a separate /dovecot-auth/ user for authentication process (see
<UserIds.txt>)
* You can chroot authentication and mail processes (see <Chrooting.txt>)
* Compiling Dovecot with garbage collection ('--with-gc' configure option)
fixes at least in theory any security holes caused by double free()s.
However this hasn't been tested much and there may be problems.
* There are some security related SSL settings (see
<SSL.DovecotConfiguration.txt>)
* Set 'first/last_valid_uid/gid' settings to contain only the range actually
used by mail processes
(This file was created from the wiki on 2019-06-19 12:42)