Commit Graph

25 Commits

Author SHA1 Message Date
NewbieOrange 0ba841c7b6
fail2ban now supports ipv6 (#2015)
Since fail2ban 0.10.0, ipv6 support has been added. The current Ubuntu 18.04 repository has fail2ban 0.10.2, which does have ipv6 protection.
2021-08-22 14:13:58 -04:00
Joshua Tauberer d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Joshua Tauberer 10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers afc9f9686a
Publish MTA-STS policy for incoming mail (#1731)
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
Joshua Tauberer 23be1031b8 Remove security.md's information about port 25 which is out of date 2020-01-22 03:25:30 -05:00
E.M. Makat b86bf07d57 Fix spelling of 'guarantee' (#1703) 2020-01-22 02:58:40 -05:00
Joshua Tauberer f53b18ebb9 Upgrade TLS settings 2019-12-01 17:49:36 -05:00
Joshua Tauberer bc4bdca752 update reference to Ubuntu 14.04 to 18.04 in README.md and security.md and drop mentions of our custom packages that we no longer maintain 2018-10-03 13:00:15 -04:00
Joshua Tauberer e924459140 revert f25801e/#1233 - use Mozilla intermediate ciphers for IMAP/POP not modern ciphers
fixes #1300
2017-12-24 14:41:41 -05:00
Jan Schulz-Hofen 48e0f39179 Rename ownCloud to Nextcloud in safe places
e.g. code comments and user-facing prompts/outputs which can be safely changed without risking to break anything
2017-04-02 11:19:21 +02:00
Joshua Tauberer 81b5af6b64 document fail2ban filters in security.md 2016-08-08 07:55:46 -04:00
Joshua Tauberer 6b73bb5d80 outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4 2016-06-12 09:11:54 -04:00
Joshua Tauberer 3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
2016-06-12 09:11:50 -04:00
Joshua Tauberer 4b4f670adf s/SSL/TLS/ in user-visible text throughout the project 2016-01-04 18:43:16 -05:00
Joshua Tauberer 5b415c6895 tweak security.md for new alias permitted_senders controls 2015-08-17 08:18:32 -04:00
Joshua Tauberer d08a3095a9 tweak security.md 2015-07-09 13:30:25 -04:00
Joshua Tauberer 6441de63ba typo in security.md 2015-06-26 11:38:40 -04:00
Joshua Tauberer a2c50ae967 note the new SMTP mail from restriction in the changelog and security guide 2015-06-24 18:12:41 -04:00
Joshua Tauberer 9e0dcd8718 security.md: add a section on DNSSEC specifically 2015-06-15 10:24:16 -04:00
Joshua Tauberer e9e6d94e3b the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac 2015-06-06 12:38:19 +00:00
Sam 6499eba0cb Echange -> Exchange 2015-05-29 07:36:53 -07:00
Eric Mill 3f329bc1a8 fix typos 2015-05-29 01:38:42 -04:00
Joshua Tauberer 7158f9a8d9 security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers 2015-05-28 21:39:50 -04:00
Joshua Tauberer bb75bd7167 more security details 2015-05-28 21:39:50 -04:00
Joshua Tauberer 8ba5f2ffa7 add security.md and clean up README 2015-05-22 16:53:13 -04:00