Advice for Internet facing Mailserver

Derek Ragona derek at computinginnovations.com
Sat Feb 24 09:05:09 UTC 2007


You might want to use /etc/hosts.allow to restrict some protocols further.

         -Derek


At 10:17 AM 2/23/2007, David Schulz wrote:
>Hello and good day,
>
>i have setup a Server which is directly connected to the Internet,
>without NAT-Router or other Firewall Appliance. I am using FreeBSD
>6.2. I have pf enabled to only allow traffic on specified Ports. I am
>using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
>is only one /home/User, which authenticates via a Key with Pass- phrase to 
>sshd. The Mail-users all authenticate to a mysql database.
>I know that i could make use of chroot or better jail to secure the
>machine from possible exploits in postfix & co, but i am not yet
>comfortable with jail. Other then keeping my Ports (and system) up to
>date, can you give me some tips on how to secure my Box a little bit?
>
>Thanks a lot,
>David
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the freebsd-security mailing list