Topic: Security hotfix: Protect config files which contains passwords

Hi, all.

iRedMail didn't set strict file permission on config files, even they contain username/passwords. Here's a quick fix (just some commands with chown/chmod/chgrp):
http://www.iredmail.org/wiki/index.php? … gure.Files

if you found that we missed some other files, please do contact us.


Thanks very much to rizkiwicaksono for his contribution.

P.S. This has been merged into iRedMail -trunk edition.


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Stable release is out.