Am 16.12.2018 um 22:32 schrieb Benny Pedersen via dovecot:
Alexander Dalloz skrev den 2018-12-16 21:30:
Am 16.12.2018 um 19:41 schrieb Tim Dickson:
permissions should be 644 or 444 owned by root.
The key file should even only be readable by root and not the world.
0400 would be a good choice.
all ssl pem files must only be readeble from root, nothing else, so
permisson 0400 is very god safety, dovecot read pem files before drop
priviledges so that why it need to be so
The certificate is served anyhow to clients connecting, so that file
does not have to be specificly secured. Just take care it cannot be
written by non root.
Alexander
