Re: Advice for Internet facing Mailserver

---

• From: Bob Madore <bob@xxxxxxxxx>
• Date: Sat, 24 Feb 2007 09:57:41 -0800

---

Another program to consider is DenyHosts

http://denyhosts.sourceforge.net/

It works exceptionally well.

Bob



Derek Ragona wrote:

You might want to use /etc/hosts.allow to restrict some protocols further.

-Derek


At 10:17 AM 2/23/2007, David Schulz wrote:

Hello and good day,

i have setup a Server which is directly connected to the Internet,
without NAT-Router or other Firewall Appliance. I am using FreeBSD
6.2. I have pf enabled to only allow traffic on specified Ports. I am
using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
is only one /home/User, which authenticates via a Key with Pass- phrase to sshd. The Mail-users all authenticate to a mysql database.
I know that i could make use of chroot or better jail to secure the
machine from possible exploits in postfix & co, but i am not yet
comfortable with jail. Other then keeping my Ports (and system) up to
date, can you give me some tips on how to secure my Box a little bit?

Thanks a lot,
David
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• References:
  • Advice for Internet facing Mailserver
    • From: David Schulz
  • Re: Advice for Internet facing Mailserver
    • From: Derek Ragona

• Prev by Date: Re: Advice for Internet facing Mailserver
• Next by Date: Re: Secure shared web hosting using MAC Framework
• Previous by thread: Re: Advice for Internet facing Mailserver
• Next by thread: Re: Advice for Internet facing Mailserver
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Advice for Internet facing Mailserver ... I have pf enabled to only allow traffic on specified Ports. ... which authenticates via a Key with Pass- ... I know that i could make use of chroot or better jail to secure the ... (FreeBSD-Security) Advice for Internet facing Mailserver ... I have pf enabled to only allow traffic on specified Ports. ... which authenticates via a Key with Pass- phrase to sshd. ... I know that i could make use of chroot or better jail to secure the machine from possible exploits in postfix & co, but i am not yet comfortable with jail. ... (FreeBSD-Security) Re: Thousands of Illegal Alien Sexual Predators Target Children ... Because they might be in jail (though most ... It just makes society INFINITELY more secure, ... And let's not forget all the people sentenced to jails and prisons for ... Your suicide. ... (alt.true-crime) Re: Thousands of Illegal Alien Sexual Predators Target Children ... Because they might be in jail (though most ... It just makes society INFINITELY more secure, ... Your suicide. ... Ain't going to happen, Messalina. ... (alt.true-crime) Re: Storing username and password ... I would not recommend the aproach of saving the file in the application ... > authenticates to a windows domain server over a VPN. ... > What is the best and most secure way to store the username and password ... (microsoft.public.dotnet.languages.vb)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2007-02