File: README-SECURITY

package info (click to toggle)
postfix-gld 1.7-8
  • links: PTS
  • area: main
  • in suites: buster, stretch
  • size: 480 kB
  • sloc: ansic: 1,447; sql: 169; sh: 112; makefile: 109
file content (30 lines) | stat: -rw-r--r-- 982 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Hello,

If you are reading this, this means that security is important for you
it's a good point, then please follow this simple rules to avoid future problems.


Rule #1: 
	Never run gld as root, run gld as a low privilege user, such nobody/nobody

Rule #2:
	If you have only one mail server, I advice you to run gld on it
	and to make sure that:
		- LOOPBACKONLY is set to 1
		- CLIENTS is set to 127.0.0.1/32
	This will only allow localhost to connect on gld which will listen only to localhost.
	This way, even if a buffer overflow,hack is found, no one would be able to exploit it remotly.

Rule #3: 
	If your gld server is not on your smtp server, please make sure that:
		- CLIENTS is set to your mail servers IPs only
	
	This way, only your mail servers will be allowed to connect on gld.
	This way, even if a buffer overflow,hack is found, no one would be able to exploit it remotly.


Rule #4:
	Make sure, you use the latest version and update on a regular basis.


Salim