2.2.11 Ensure IMAP and POP3 server is not enabled (Scored)

Level 1 - Server
Level 1 - Workstation 

dovecot is an open source IMAP and POP3 server for Linux based systems.

Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the service be deleted to reduce the potential attack surface.

Run the following commands to verify dovecot is not enabled:

# systemctl is-enabled dovecot
disabled 

Verify result is not “enabled”.

Run the following command to disable dovecot:

# systemctl disable dovecot

Several IMAP/POP3 servers exist and can use other service names. exim and cyrus-imap are example services that provide an HTTP server. These and other services should also be audited.

  • ubuntu1604/2/2/11.txt
  • Last modified: 2017/05/02 11:46
  • by Piotr Kłoczewski