1

Topic: iRedMail built in back door?

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 14.04 Server
- Related log if you're reporting an issue:
====

This may be a silly question, but how can I be sure that when I install iRedMail it does not provide trojan or back door access to my server?  I might ask the same question about any application I install on my server, but the potential seems higher here since we are talking about an email server, and motivation for such a thing could be a factor.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail built in back door?

*) First of all, iRedMail doesn't have back door at all.
*) iRedMail is open source project, you can audit its source code if you want. Source code is hosted on BitBucket:
https://bitbucket.org/zhb/iredmail/commits

3 (edited by genzyme 2014-05-23 22:37:28)

Re: iRedMail built in back door?

Zhang,
Thank you for your assurance there is no back door.  However, given your expertise, I was hoping you might provide suggestion on how to detect or protect against potential back door.  I do not have the know how to review the source code, and I think few people who would consider using and are using iRedMail do.  If you were in the same position as me/us, the potential user, what would you do, both prior to installing, and after installing the application.
Sincerely,
Dan Genzyme

4

Re: iRedMail built in back door?

genzyme wrote:

I was hoping you might provide suggestion on how to detect or protect against potential back door.

No idea yet, sorry. I think you'd better hire a security expert to audit your server for you.

5

Re: iRedMail built in back door?

genzyme wrote:

Zhang,
Thank you for your assurance there is no back door.  However, given your expertise, I was hoping you might provide suggestion on how to detect or protect against potential back door.  I do not have the know how to review the source code, and I think few people who would consider using and are using iRedMail do.  If you were in the same position as me/us, the potential user, what would you do, both prior to installing, and after installing the application.
Sincerely,
Dan Genzyme


Hi,

Install Rkhunter and clamAV and use regular server scans. You could use CSF that will enable audit service and creat chksums for all files and track modifications in key files.

So the key will be watching server files/ firewall.

You would find more help in security forums as this topic would apply to many services and standard postfix.

Most of issue will come from open ports services like web. So lock down apache install and jail correctly php stack, you can add mod_security with tight rules there too as a first defensive layer against potential hacks, jailing would extend it from spreading and firewall lock down will help too. Audit using CSF or such will warn on any abnormal activity.

M B

6 (edited by annonman 2014-05-31 02:34:27)

Re: iRedMail built in back door?

@genzyme

In addition to the above advice:

I would do this first:

-Consider security manuals that have been written for your specific OS.  Experts (NSA and other geeks) have written detailed analysis for your OS to close security loopholes.

This is for Ubuntu 12.04, but may apply to your OS as well.
https://benchmarks.cisecurity.org/downl … nux.ubuntu

CIS also offers MySQL and Apache benchmark recommendations.

-Consider integrity checkers, like AIDE and Tripwire.  These take a good "snapshot" of your system and then, over time, allow you to compare files to see if they have changed.  (not sure if they are available for your OS...)

-Snort is a very good IDS (Intrusion Detection System) that will allow you to , well, detect intrusions.

-Increase the encryption suites for your services to disallow weak ciphers.  You can do this for Postfix, Dovecot and Apache.  (But make sure your user's clients will support them.)

https://duckduckgo.com/?q=cipher+suites … cot+Apache