chibenwa commented on a change in pull request #835:
URL: https://github.com/apache/james-project/pull/835#discussion_r782255340
##########
File path:
server/apps/distributed-app/docs/modules/ROOT/pages/operate/security.adoc
##########
@@ -0,0 +1,178 @@
+= Security checklist
+:navtitle: Security checklist
+
+This document aims as summarizing threats, security best practices as well as
recommendations.
+
+== Threats
+
+Operating an email server exposes you to the following threats:
+
+ - Spammers might attempt to use your servers to send their spam messages on
their behalf. We speak of
+*open relay*. In addition to the resources consumed being an open relay will
affect the trust other mail
+installations have in you, and thus will cause legitimate traffic to be
rejected.
+ - Emails mostly consist of private data, which shall only be accessed by
their legitimate user. Failure
+to do so might result in *information disclosure*.
+ - *Email forgery*. An attacker might craft an email on the behalf of
legitimate users.
+ - Email protocols allow user to authenticate and thus can be used as
*oracles* to guess user passwords.
+ - *Spam*. Non legitimate traffic can be a real bourbon to your users.
Review comment:
```suggestion
- *Spam*. Non legitimate traffic can be a real burden to your users.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
