Apr\u00e8s installation d’un serveur de mail pour remplacer Google Apps sur mon domaine perso, j’ai trouv\u00e9 que Roundcube \u00e9tait le seul webmail qui me plaisait \u00e0 peu pr\u00e8s.<\/p>\n
Quelques tips et tricks sur la s\u00e9curisation de Apache \/ PHP et Roundcube, pas sur les serveurs Postfix \/ Dovecot, qui je l’esp\u00e8re, viendront ici alimenter le blog avec du fail2ban …<\/p>\n
<VirtualHost *:443>\n ServerAdmin postmaster@beufa.net\n ServerName x.beufa.net\n DocumentRoot \/var\/www\/x\n SSLEngine on\n SSLCipherSuite ALL:!ADH:RC4+SHA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL\n SSLProtocol all -SSLv2\n SSLStrictSNIVHostCheck on\n SSLOptions StrictRequire\n SSLCertificateFile cert.pem\n SSLCertificateKeyFile cert.pem\n #GnuTLSEnable on \n #GnuTLSPriorities SECURE:!ANON-DH:!MD5\n #GnuTLSCertificateFile cert.pem\n #GnuTLSKeyFile cert.pem\n #GnuTLSCertificateChainFile cert.pem\n #GnuTLSCACertificatePath \/\n\n <Directory \/var\/www\/roundcube>\n Options FollowSymLinks MultiViews\n AllowOverride All\n Order allow,deny\n allow from all\n <\/Directory>\n\n <Directory \/var\/www\/roundcube\/config>\n Options -FollowSymLinks\n AllowOverride None\n <\/Directory>\n\n <Directory \/var\/www\/roundcube\/temp>\n Options -FollowSymLinks\n AllowOverride None\n <\/Directory>\n\n <Directory \/var\/www\/roundcube\/logs>\n Options -FollowSymLinks\n AllowOverride None\n Order allow,deny\n Deny from all\n <\/Directory>\n\n <Directory \/var\/www\/roundcube\/plugins\/enigma\/home>\n Options -FollowSymLinks\n AllowOverride None\n Order allow,deny\n Deny from all\n <\/Directory>\n\n # Possible values include: debug, info, notice, warn, error, crit,\n # alert, emerg.\n LogLevel warn\n\n ErrorLog ${APACHE_LOG_DIR}\/05.x.beufa.net_error.log\n CustomLog ${APACHE_LOG_DIR}\/05.x.beufa.net_access.log combined\n\n<\/VirtualHost><\/pre>\n; Decides whether PHP may expose the fact that it is installed on the server\n; (e.g. by adding its signature to the Web server header). It is no security\n; threat in any way, but it makes it possible to determine whether you use PHP\n; on your server or not.\n; http:\/\/php.net\/expose-php\nexpose_php = Off\n; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename\n; Example for Roundcube : X-PHP-Originating-Script: 33:main.inc in each mail sent \nmail.add_x_header = Off<\/pre>\n
; The path to a log file that will log all mail() calls. Log entries include\n; the full path of the script, line number, To address and headers.\n;mail.log = \/var\/log\/mail.apache-php.log<\/pre>\nBient\u00f4t d’autres tips sur le couple Postfix \/ Dovecot \/ Roundcube !<\/p>","protected":false},"excerpt":{"rendered":"
Apr\u00e8s installation d’un serveur de mail pour remplacer Google Apps sur mon domaine perso, j’ai trouv\u00e9 que Roundcube \u00e9tait le seul webmail qui me plaisait…<\/p>\n