Joshua Tauberer
c67ff241c4
Updates to security.md
2021-10-23 08:57:05 -04:00
Joshua Tauberer
7b4cd443bf
How to report security issues
2021-10-22 18:49:16 -04:00
NewbieOrange
0ba841c7b6
fail2ban now supports ipv6 ( #2015 )
...
Since fail2ban 0.10.0, ipv6 support has been added. The current Ubuntu 18.04 repository has fail2ban 0.10.2, which does have ipv6 protection.
2021-08-22 14:13:58 -04:00
Joshua Tauberer
d510c8ae2a
Enable and recommend port 465 for mail submission instead of port 587 ( fixes #1849 )
...
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
10bedad3a3
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-29 15:36:52 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail ( #1731 )
...
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
Joshua Tauberer
23be1031b8
Remove security.md's information about port 25 which is out of date
2020-01-22 03:25:30 -05:00
E.M. Makat
b86bf07d57
Fix spelling of 'guarantee' ( #1703 )
2020-01-22 02:58:40 -05:00
Joshua Tauberer
f53b18ebb9
Upgrade TLS settings
2019-12-01 17:49:36 -05:00
Joshua Tauberer
bc4bdca752
update reference to Ubuntu 14.04 to 18.04 in README.md and security.md and drop mentions of our custom packages that we no longer maintain
2018-10-03 13:00:15 -04:00
Joshua Tauberer
e924459140
revert f25801e/#1233 - use Mozilla intermediate ciphers for IMAP/POP not modern ciphers
...
fixes #1300
2017-12-24 14:41:41 -05:00
Jan Schulz-Hofen
48e0f39179
Rename ownCloud to Nextcloud in safe places
...
e.g. code comments and user-facing prompts/outputs which can be safely changed without risking to break anything
2017-04-02 11:19:21 +02:00
Joshua Tauberer
81b5af6b64
document fail2ban filters in security.md
2016-08-08 07:55:46 -04:00
Joshua Tauberer
6b73bb5d80
outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4
2016-06-12 09:11:54 -04:00
Joshua Tauberer
3055f9a79c
drop SSLv3, RC4 ciphers from SMTP port 25
...
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html , Google is about to do the same.
fixes #611
2016-06-12 09:11:50 -04:00
Joshua Tauberer
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
Joshua Tauberer
5b415c6895
tweak security.md for new alias permitted_senders controls
2015-08-17 08:18:32 -04:00
Joshua Tauberer
d08a3095a9
tweak security.md
2015-07-09 13:30:25 -04:00
Joshua Tauberer
6441de63ba
typo in security.md
2015-06-26 11:38:40 -04:00
Joshua Tauberer
a2c50ae967
note the new SMTP mail from restriction in the changelog and security guide
2015-06-24 18:12:41 -04:00
Joshua Tauberer
9e0dcd8718
security.md: add a section on DNSSEC specifically
2015-06-15 10:24:16 -04:00
Joshua Tauberer
e9e6d94e3b
the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac
2015-06-06 12:38:19 +00:00
Sam
6499eba0cb
Echange -> Exchange
2015-05-29 07:36:53 -07:00
Eric Mill
3f329bc1a8
fix typos
2015-05-29 01:38:42 -04:00
Joshua Tauberer
7158f9a8d9
security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers
2015-05-28 21:39:50 -04:00
Joshua Tauberer
bb75bd7167
more security details
2015-05-28 21:39:50 -04:00
Joshua Tauberer
8ba5f2ffa7
add security.md and clean up README
2015-05-22 16:53:13 -04:00