IMAP server. Note that this makes no sense if both are on the same machine.
See doc/authentication.txt for info.
+- config.php. Some options in conf.pl / config.php allow for passwords to
+ be set in that file, e.g. the addressbook/preferences DSN, and LDAP
+ addressbooks. When setting a sensitive password, check that config.php
+ is not readable for untrusted system users, and consider the possibility
+ of it being read by other users of the same webserver.
+
- Subscribe to the squirrelmail-announce mailinglist to be informed about new
releases which may fix security bugs. If you run SquirrelMail packaged by
your distribution, make sure to apply their security upgrades.
+- If you use SELinux, SquirrelMail will not work unless you create a policy
+ for it. In the SELinux Policy Editor, under HTTPD Service, enable
+ "allow HTTPD scripts and modules to connect to the network".
These are only some tips to get you started. A truly secure system needs
careful tweaking of all components, including PHP, Apache, mailserver,