Difference between revisions of "HowTos/ScalixSecurity"
(Initial setup) |
m (→Introduction) |
||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
| − | Securing your Scalix server is a way to provide your users with a stable platform that can be reached all the time. It prevents unauthorized access by people, trying to gain control over it or gather sensitive information stored on it. Last but not least it prohibits your machine to be used for other usages like scanning | + | Securing your Scalix server is a way to provide your users with a stable platform that can be reached all the time. It prevents unauthorized access by people, trying to gain control over it or gather sensitive information stored on it. Last but not least it prohibits your machine to be used for other usages like scanning/attacking other hosts and spamming through relaying. |
| − | |||
| − | + | This How-To describes how to secure Scalix based mail servers. If you see any gaps or have comments please take some time and add them to this document, it helps others to implement secure servers that behave well on the internet. | |
| − | ''Note: This is work in progress and incomplete. | + | |
| + | The systems used to test the solutions presented in this How-To were based on: | ||
| + | * CentOS 4.x | ||
| + | * RHEL 4 | ||
| + | * Fedora Core 4 | ||
| + | |||
| + | |||
| + | ''Note: This is work in progress and still incomplete. Add to this document as you like but try to reserve the layout.'' | ||
== Hardening services == | == Hardening services == | ||
Revision as of 14:02, 29 August 2006
Contents
Introduction
Securing your Scalix server is a way to provide your users with a stable platform that can be reached all the time. It prevents unauthorized access by people, trying to gain control over it or gather sensitive information stored on it. Last but not least it prohibits your machine to be used for other usages like scanning/attacking other hosts and spamming through relaying.
This How-To describes how to secure Scalix based mail servers. If you see any gaps or have comments please take some time and add them to this document, it helps others to implement secure servers that behave well on the internet.
The systems used to test the solutions presented in this How-To were based on:
- CentOS 4.x
- RHEL 4
- Fedora Core 4
Note: This is work in progress and still incomplete. Add to this document as you like but try to reserve the layout.
Hardening services
Change SMTP greeting
> is already a howto on it's own
Change POP greeting
Change IMAP greeting
Change Apache information
Running tomcat as non-root
> is already a howto on it's own
Usage of secure protocols
Force to use https
t.b.d.
Setting up stunnel
t.b.d.
Let SMTP quests autenticate themselves
t.b.d.
Set up a firewall
Available services
t.b.d.
Iptables firewall
t.b.d.
Hardening system
Set up SELinux in a controlled way
t.b.d.
