On 05/31/2016 08:53 PM, Lew Wolfgang wrote:
But the included profiles for dovecot didn't work. I was pressed for time so I quickly hacked two of the profiles to get the server working. I'm sure I didn't do it right, and may have messed up the security posture, but at least the mail is flowing!
When I was first faced with this I used a utility that scanned the logs and built a proposed settings file based on the global violation errors. It worked great, and was easy to add destination restrictions. That being said, I'm now using Christian's package, more because it represents the "openSuse" norm than anything else. Its quite ineligible and easy to understand and modify/customise. Christian points out the areas for this and what might be done in the inline comments. Kudos to Christian for good work here. -- "To ask the right question is already half the solution of a problem". -- Carl Jung. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org