General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Security and set-and-forget


Chronological Thread 
  • From: Martin Seener < >
  • To:
  • Subject: Re: [SOGo] Security and set-and-forget
  • Date: Tue, 29 May 2012 09:48:03 +0200

Hello Sean,

its great you consider using SOGo! Iam not a developer but a User for just 4 Months.

Security is also a great term in our company - since iam responsible for :)
Normally you shouldnt have any problems regarding security because SOGo itself runs as an Application and is only connectable through well-known protocols like http(s).

We here changed everything to only connect through HTTPS (with a Wildcard-SSL Certificate) to SOGo - we´re using CardDAV/CalDAV as well as the Web-Frontend.

Internally it connects to IMAP/SMTP and Sieve (if you want this) through normal protocols. SSL is available for IMAP/SMTP too if iam not wrong this moment. But Sieve (afaik) is only manageable unencrypted for now.

Passwords are stored plain or as an SHA Hash (its just a configuration option)

So the only security problems you have is a secure Vhost Configuration and privilege separation of your processes like with any other tool of this kind.

I hope this answers your question - if not - just ask another one ;)

Martin

Am 5/29/12 4:04 AM, schrieb Sean Deschamps:
Hello everyone,

I like to manage categorized task lists with reminder alarms, start dates, priority levels, etc. and use Mozilla Thunderbird's Lightning extension for this.

I'd like to have web browser access and sync to smart phones and laptops (including task alarms, etc.) for up to 10 users, and SOGo seems like a great solution.

Unfortunately, I have only spent a total of 20 minutes on a Linux system (Ubuntu, in the past) but aim to install Debian soon. I know I will be able to accomplish a full setup with PostgreSQL, Apache, WebDAV with LibreOffice, etc. all in a matter of time.

Before continuing to read documentation and wikis, I'd like to learn what I am getting into in terms of security and maintenance in general.

My current computer is built into a rack-mountable chassis as it stays with some music equipment. I'd love to build an actual server to join my pile of gear but am wondering how safe it is.

Could anyone who has read my long intro inform me of any need to take security measures? Or, are the servers and protocols used in this setup intrinsically secure? I'd like to host public websites from the same server and want to be 100% protected from potential intruders, attacks, viruses, etc. (of course).

In addition, will I be able to use only stable releases of all components and set-and-forget it all? I have heard that running systems like these require daily maintenance but aren't nightly builds optional for those aiming to help build the software and test new functionality?

Thanks very much to anyone who's willing to help, and sorry to others having to read my email, but I guess you won't get to this sentence!

Sean



Archive powered by MHonArc 2.6.18.

Top of page