Ensure that dovecot ssl parameters are secured

2015-03-24 09:28:53 +00:00 · 2015-03-24 09:28:53 +00:00 · fcd0f0ca90
parent 66be886954
commit fcd0f0ca90
1 changed files with 6 additions and 0 deletions
--- a/src/freedombone
+++ b/src/freedombone
@ -5383,10 +5383,16 @@ function configure_imap {
  chown root:dovecot /etc/ssl/private/dovecot.*

  sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
  sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
  sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
  sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf
  sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|#ssl_protocols =.*|ssl_protocols = !SSLv2|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|ssl_protocols =.*|ssl_protocols = !SSLv2|g' /etc/dovecot/conf.d/10-ssl.conf
  echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf

  sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf