From owner-freebsd-questions  Tue Nov 10 22:56:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA10018
          for freebsd-questions-outgoing; Tue, 10 Nov 1998 22:56:51 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA09979
          for <questions@freebsd.org>; Tue, 10 Nov 1998 22:56:43 -0800 (PST)
          (envelope-from mike@sentex.net)
Received: from ospf-wat.sentex.net (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id BAA28621; Wed, 11 Nov 1998 01:34:49 -0500 (EST)
From: mike@sentex.net (Mike Tancsa)
To: bmcgroarty@high-voltage.com ("brianmcg")
Cc: questions@FreeBSD.ORG
Subject: Re: FreeBSD 2.2.7-RELEASE - validating security
Date: Wed, 11 Nov 1998 06:40:00 GMT
Message-ID: <36493038.824493348@mail.sentex.net>
References: <19981110055405612-47f124e@high-voltage.com>
In-Reply-To: <19981110055405612-47f124e@high-voltage.com>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>Before I do this, I'd like to know if there are any known security issues with
>the Walnut Creek distribution of 2.2.7-RELEASE or the included ports of qpopper
>and innd. Any pointers would be -very- much appreciated. And if NewToy survives
>the test with all its little secrets intact, I'll gladly make that $100 a
>contribution to the FreeBSD efforts instead. ;)

Some free advices...
You seem to be running the latest version of popper which is
important.... As for INND, the one in the ports should be fine.
Install things like tcp-wrappers and also ipfw.  Deny all access by
default, and then grant if possible access to specific hosts only for
incoming connections.  If you are going to administer your box
remotely, use ssh to talk to the machine.  There is pretty decent
documentation about ipfw on the www.freebsd.org documenation pages.
If you get stuck are unclear, post more questions to the list.

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message