SOGo provides webmail and groupware on top of IMAP/SMTP infrastructure. Secure SOGo together with the underlying mail stack and authentication directory.
¶ 1) Secure authentication and directory integration
- Harden LDAP/AD bind credentials and restrict bind account scope.
- Enforce TLS for directory and mail backend connections.
- Restrict admin and domain-management features to trusted operators.
- Review login policy and lockout behavior.
¶ 2) Protect web and protocol exposure
- Serve SOGo only via HTTPS with modern TLS.
- Restrict EAS/CalDAV/CardDAV exposure to required clients.
- Keep SQL backend and memcache/internal services private.
- Add rate limits and fail2ban rules for auth endpoints.
¶ 3) Mail stack and data protection
- Ensure upstream IMAP/SMTP services are not open relay.
- Encrypt backups containing mail metadata and address books.
- Apply SOGo and mail stack security updates promptly.
- Monitor auth and protocol logs for abuse attempts.
- SOGo documentation and support: https://sogo.nu/support.html
- SOGo source repository: https://github.com/Alinto/sogo
Any questions?
Feel free to contact us. Find all contact information on our contact page.