Re: Advice for Internet facing Mailserver

---

• From: Derek Ragona <derek@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 23 Feb 2007 12:57:38 -0600

---

You might want to use /etc/hosts.allow to restrict some protocols further.

-Derek


At 10:17 AM 2/23/2007, David Schulz wrote:

Hello and good day,

i have setup a Server which is directly connected to the Internet,
without NAT-Router or other Firewall Appliance. I am using FreeBSD
6.2. I have pf enabled to only allow traffic on specified Ports. I am
using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
is only one /home/User, which authenticates via a Key with Pass- phrase to sshd. The Mail-users all authenticate to a mysql database.
I know that i could make use of chroot or better jail to secure the
machine from possible exploits in postfix & co, but i am not yet
comfortable with jail. Other then keeping my Ports (and system) up to
date, can you give me some tips on how to secure my Box a little bit?

Thanks a lot,
David
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: Advice for Internet facing Mailserver
    • From: Bob Madore

• References:
  • Advice for Internet facing Mailserver
    • From: David Schulz

• Prev by Date: Advice for Internet facing Mailserver
• Next by Date: Re: Advice for Internet facing Mailserver
• Previous by thread: Advice for Internet facing Mailserver
• Next by thread: Re: Advice for Internet facing Mailserver
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: cleaning off unix/linux???? ... believed to be clean. ... MailScanner thanks transtec Computers for their support. ... (freebsd-questions) Re: radeon option agpmode 4 hangs system ... And with agp being replaced with PCI Express, this issue is unlikely to get resolved. ... MailScanner thanks transtec Computers for their support. ... (freebsd-questions) Re: SSH2 question? ... believed to be clean. ... MailScanner thanks transtec Computers for their support. ... MailScanner thanks transtec Computers for their support. ... (freebsd-questions) Re: Help! Mail to localhost not staying local ... >>believed to be clean. ... >>MailScanner thanks transtec Computers for their support. ... (freebsd-questions) Re: FreeBSD 6.2 Boot Issue ... > believed to be clean. ... > MailScanner thanks transtec Computers for their support. ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2007-02