free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Ensure that dovecot ssl parameters are secured

Bob Mottram 10 years ago
parent
66be886954
commit
fcd0f0ca90
1 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 6
    0
      src/freedombone

+ 6
- 0
src/freedombone View File 

@@ -5383,10 +5383,16 @@ function configure_imap {
5383 5383 
   chown root:dovecot /etc/ssl/private/dovecot.*
5384 5384
5385 5385 
   sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
5386 
+  sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
5387 
+  sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
5388 
+  sed -i 's|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
5386 5389 
   sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
5390 
+  sed -i 's|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
5387 5391 
   sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
5388 5392 
   sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf
5389 5393 
   sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
5394 
+  sed -i 's|#ssl_protocols =.*|ssl_protocols = !SSLv2|g' /etc/dovecot/conf.d/10-ssl.conf
5395 
+  sed -i 's|ssl_protocols =.*|ssl_protocols = !SSLv2|g' /etc/dovecot/conf.d/10-ssl.conf
5390 5396 
   echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
5391 5397
5392 5398 
   sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf