RainLoop configuration should be focused on secure domain rules, strong admin access controls, and stable IMAP/SMTP transport settings.
Important locations:
data/_data_/_default_/configs/application.ini- admin panel domain definitions
Example baseline values:
[security]
allow_admin_panel = Off
csrf_protection = On
[ssl]
verify_certificate = On
¶ Domain and auth policy
- Define explicit allowed mail domains.
- Use TLS-only IMAP (
993) and SMTP submission (587).
- Disable legacy/unsafe auth methods.
- Restrict or disable direct admin panel internet exposure.
- Protect admin interface behind VPN or SSO reverse proxy.
- Keep PHP runtime updated and hardened.
- Monitor failed logins and unusual access patterns.
¶ Backup and recovery
Back up:
- RainLoop configuration and domain definitions
- persistent app state/data directories
Recovery test:
- Restore configuration.
- Reconnect one mailbox domain.
- Validate login and send mail.
- TLS certificate validation active.
- Login/auth failures monitored.
- Configuration backup tested.
- Upgrade rollback documented.
Feel free to contact us. Find all contact information on our contact page.