HowTos/ScalixSecurity

Introduction

Securing your Scalix server is a way to provide your users with a stable platform that can be reached all the time. It prevents unauthorized access by people, trying to gain control over it or gather sensitive information stored on it. Last but not least it prohibits your machine to be used for other usages like scanning or attacking other hosts adn spamming through relaying.

This How-To describes how to secure a Scalix server. If you see any gaps or have comments please add them to this document.

The system used to test the solutions presented in this How-To was based on CentOS 4.3.

Note: This is work in progress and incomplete. Currently, for the first release of Scalix Wiki, it is an example of how things will look like here.

Hardening services

Change SMTP greeting

> is already a howto on it's own

Change POP greeting

Change IMAP greeting

Change Apache information

Running tomcat as non-root

> is already a howto on it's own

Usage of secure protocols

Force to use https

t.b.d.

Setting up stunnel

t.b.d.

Let SMTP quests autenticate themselves

t.b.d.

Set up a firewall

Available services

t.b.d.

Iptables firewall

t.b.d.

Hardening system

Set up SELinux in a controlled way

t.b.d.