Securing LDAP By default, Carbonio CE’s LDAP passwords employ the SHA-512 method. Although there are no known flaws in this method, some institutions could need a more secure approach.
Since version 23.4.0, Carbonio CE supports the Argon2 algorithm for LDAP password storing.
Although Carbonio CE installations still use SHA-512 by default, it is feasible to enable the new method using a straightforward two-step process.
However, it is advised to create a dump of the LDAP database before beginning the operation, using the instructions and commands listed in Upgrade’s section Preliminary Tasks.
The initial part of the process is up to the administrator, who must run the script below as the zextras user in order to activate the new Argon2 algorithm.
Argon2 will be used by default for new passwords after the script has successfully run. All future LDAP passwords will be kept in Argon2 going forward. However, existing passwords will continue to utilise SHA-512.
The second step is, in fact, up to the users: Argon2 will only be used to store each user’s password once they update it.
Switch off Amavis Anti-Virus
When utilising an external anti-virus engine or analysing an MTA issue in a test environment, for example, an administrator may wish or need to stop Carbonio CE’s internal anti-virus engine, amavis.
In certain circumstances, the CLI’s command can be used to manually disable the status of Amavis.
The status of the variable and the service may both be checked at any time with