Hello Sean,
its great you consider using SOGo! Iam not a developer but a User for
just 4 Months.
Security is also a great term in our company - since iam responsible for :)
Normally you shouldnt have any problems regarding security because SOGo
itself runs as an Application and is only connectable through well-known
protocols like http(s).
We here changed everything to only connect through HTTPS (with a
Wildcard-SSL Certificate) to SOGo - we´re using CardDAV/CalDAV as well
as the Web-Frontend.
Internally it connects to IMAP/SMTP and Sieve (if you want this) through
normal protocols. SSL is available for IMAP/SMTP too if iam not wrong
this moment. But Sieve (afaik) is only manageable unencrypted for now.
Passwords are stored plain or as an SHA Hash (its just a configuration
option)
So the only security problems you have is a secure Vhost Configuration
and privilege separation of your processes like with any other tool of
this kind.
I hope this answers your question - if not - just ask another one ;)
Martin
Am 5/29/12 4:04 AM, schrieb Sean Deschamps:
Hello everyone,
I like to manage categorized task lists with reminder alarms, start
dates, priority levels, etc. and use Mozilla Thunderbird's Lightning
extension for this.
I'd like to have web browser access and sync to smart phones and
laptops (including task alarms, etc.) for up to 10 users, and SOGo
seems like a great solution.
Unfortunately, I have only spent a total of 20 minutes on a Linux
system (Ubuntu, in the past) but aim to install Debian soon. I know I
will be able to accomplish a full setup with PostgreSQL, Apache,
WebDAV with LibreOffice, etc. all in a matter of time.
Before continuing to read documentation and wikis, I'd like to learn
what I am getting into in terms of security and maintenance in general.
My current computer is built into a rack-mountable chassis as it stays
with some music equipment. I'd love to build an actual server to join
my pile of gear but am wondering how safe it is.
Could anyone who has read my long intro inform me of any need to take
security measures? Or, are the servers and protocols used in this
setup intrinsically secure? I'd like to host public websites from the
same server and want to be 100% protected from potential intruders,
attacks, viruses, etc. (of course).
In addition, will I be able to use only stable releases of all
components and set-and-forget it all? I have heard that running
systems like these require daily maintenance but aren't nightly builds
optional for those aiming to help build the software and test new
functionality?
Thanks very much to anyone who's willing to help, and sorry to others
having to read my email, but I guess you won't get to this sentence!
Sean
--
users@sogo.nu
https://inverse.ca/sogo/lists
