HEX
Server: Apache
System: Linux dinesh8149 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: usesambura1 (1212012)
PHP: 7.0.33
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /usr/share/doc/dovecot/wiki/
Upload Files
File: //usr/share/doc/dovecot/wiki/SecurityTuning.txt
Security tuning
===============

Dovecot is pretty secure out-of-the box. It uses multiple processes and
privilege separation to isolate different parts from each others in case a
security hole is found from one part.

Some things you can do more:

 * Allocate each user their own UID and GID (see <UserIds.txt>)
 * Use a separate /dovecot-auth/ user for authentication process (see
   <UserIds.txt>)
 * You can chroot authentication and mail processes (see <Chrooting.txt>)
 * Compiling Dovecot with garbage collection ('--with-gc' configure option)
   fixes at least in theory any security holes caused by double free()s.
   However this hasn't been tested much and there may be problems.
 * There are some security related SSL settings (see
   <SSL.DovecotConfiguration.txt>)
 * Set 'first/last_valid_uid/gid' settings to contain only the range actually
   used by mail processes

(This file was created from the wiki on 2019-06-19 12:42)
@ Telegram