Date: Sun, 25 Feb 2007 23:24:49 -0400 From: Duane Whitty <duane@dwlabs.ca> To: David Schulz <mailinglists@tca-cable-connector.com> Cc: freebsd-security@freebsd.org Subject: Re: Advice for Internet facing Mailserver Message-ID: <20070226032449.GA72966@dwpc.dwlabs.ca> In-Reply-To: <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com> References: <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com> <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 24, 2007 at 12:17:00AM +0800, David Schulz wrote: > Hello and good day, > > i have setup a Server which is directly connected to the Internet, > without NAT-Router or other Firewall Appliance. I am using FreeBSD > 6.2. I have pf enabled to only allow traffic on specified Ports. I am > using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There > is only one /home/User, which authenticates via a Key with Pass- > phrase to sshd. The Mail-users all authenticate to a mysql database. > I know that i could make use of chroot or better jail to secure the > machine from possible exploits in postfix & co, but i am not yet > comfortable with jail. Other then keeping my Ports (and system) up to > date, can you give me some tips on how to secure my Box a little bit? > > Thanks a lot, > David Hi David, Perhaps the following URI would be of interest: http://www.modsecurity.org/ I've been considering this tool myslef. I am not using it as of yet. Best Regards, Duane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070226032449.GA72966>