Quote:
|
Originally Posted by graffiti Can I make my Zimbra-MTA more secure by disallowing AnonymousBind? Some Netfilter/iptables rules will help but I love to disallow AnonymousBind by default. As far as I know, the only thing I must do is to reconfigure Postfx, set binddn and bindpassword in /opt/zimbra/conf/*ldap*, rite? |
In zimbra-mta package, postfix can see only public mail routing data - who is in a distribution list, what an alias points to, where does the mailbox live. Do you think even this data must require a bind? If so, go for it - you have to change ldap-*.cf; more importantly you have to modify slapd.conf to make sure that if you don't bind, you don't see anything.
Out of the box, slapd.conf should restrict what you can see without binding. If you see more than you like let us know - it's either a bug or we overlooked something.