Security

This section covers security considerations for a typical Carbonio installation.

Insert a DKIM Record into the Carbonio Installation

This section describes how to add a DKIM record to the domain maintained by a Carbonio installation’s DNS.

Make a DKIM record.

Two steps are required to produce a fresh DKIM record. In this situation, we’re using example.com as the domain name, as is customary: replace it with the real domain name.

Validation and testing

There are numerous tests that may be performed to ensure that the DKIM has been appropriately added to the domain DNS and is working properly to sign outgoing e-mails.

Carbonio’s LDAP credentials are encrypted using the SHA-512 technique by default. While this algorithm is safe and has no known flaws, some institutions may require a more secure method.

Carbonio now supports LDAP password storing using the Argon2 algorithm as of version 23.4.0.

SHA-512 remains the default algorithm for Carbonio installations, however the new algorithm may be enabled via a two-step procedure.

However, before beginning the operation, it is recommended that an LDAP database dump be created using the instructions and commands described in Upgrade’s section Preliminary Tasks.

The initial part of the operation is up to the administrator, who must run the following script as the zextras user to activate the new Argon2 algorithm.

When the script is finished, Argon2 will be set as the default password for new passwords. Passwords for all new LDAP accounts will now be saved using Argon2. Existing passwords, on the other hand, will continue to utilise SHA-512.

The second stage is entirely up to the users: each user’s password will be saved in Argon2 only when they update it.