Description:
dovecot-imapd and dovecot-pop3d are an open source IMAP and POP3 server for Linux
based systems.
Rationale:
Unless POP3 and/or IMAP servers are to be provided by this system, it is
recommended that the package be removed to reduce the potential attack surface.
Audit:
Run the following command to verify dovecot-imapd and dovecot-pop3d are not
installed:
# dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n'
dovecot-imapd dovecot-pop3d
dovecot-imapd unknown ok not-installed not-installed
dovecot-pop3d unknown ok not-installed not-installed
Additional Information:
Several IMAP/POP3 servers exist and can use other service names. courier-imap and
cyrus-imap are example services that provide a mail server. These and other services
should also be audited.
Profile Applicability: Level 1 - Server Level 1 - Workstation
Description: dovecot-imapd and dovecot-pop3d are an open source IMAP and POP3 server for Linux based systems.
Rationale: Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended that the package be removed to reduce the potential attack surface.
Audit: Run the following command to verify dovecot-imapd and dovecot-pop3d are not installed:
Additional Information: Several IMAP/POP3 servers exist and can use other service names. courier-imap and cyrus-imap are example services that provide a mail server. These and other services should also be audited.