Security

This section provides suggestions for enforcing security on a typical Carbonio CE installation.

Add a DKIM Record to the Carbonio CE Installation.

This section describes how to add a DKIM entry to the DNS for a domain controlled by a Carbonio CE installation.

Create a DKIM record.

To produce a fresh DKIM record, two steps are required. In this instance, we use example.com as the domain name, but you should change it with your actual domain name.

Test and verify.

There are numerous tests that may be performed to ensure that the DKIM has been appropriately added to the domain DNS and is functioning properly to sign outgoing e-mail.

Carbonio CE automatically secures LDAP credentials with the SHA-512 technique. While this algorithm is safe and has no known weaknesses, some institutions may need a more secure method.

Carbonio CE now supports the Argon2 technique for storing LDAP passwords as of version 23.4.0.

The default method for Carbonio CE installation is SHA-512, however the new algorithm may be enabled using a simple two-step approach.

However, before beginning the operation, it is recommended that you create an LDAP database dump using the instructions and tools provided in the Upgrade section Preliminary Tasks.

The initial part of the operation is up to the administrator and entails running the following script as the zextras user, which takes care of enabling the new Argon2 algorithm.

Once the script is finished, Argon2 will be used as the default for new passwords. From now on, all new LDAP account passwords will be saved using Argon2. Existing passwords, however, will continue to utilise SHA-512.

The second step is up to the users: each user’s password will be saved using Argon2 only when it is changed.