From owner-freebsd-security@FreeBSD.ORG  Fri Feb 23 16:17:14 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 82A3A16A402
	for <freebsd-security@freebsd.org>;
	Fri, 23 Feb 2007 16:17:14 +0000 (UTC)
	(envelope-from mailinglists@tca-cable-connector.com)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])
	by mx1.freebsd.org (Postfix) with ESMTP id D540713C49D
	for <freebsd-security@freebsd.org>;
	Fri, 23 Feb 2007 16:17:13 +0000 (UTC)
	(envelope-from mailinglists@tca-cable-connector.com)
Received: from [218.16.58.208] (helo=munin.tcaportal.com)
	by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis),
	id 0MKwpI-1HKd6a3h6D-00031Q; Fri, 23 Feb 2007 17:17:10 +0100
Received: from [10.0.1.102] (unknown [219.132.233.72])
	by munin.tcaportal.com (Postfix) with ESMTP id 67DD7A6C62
	for <freebsd-security@freebsd.org>;
	Sat, 24 Feb 2007 00:14:55 +0800 (HKT)
Mime-Version: 1.0 (Apple Message framework v752.3)
References: <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com>
Content-Transfer-Encoding: 7bit
From: David Schulz <mailinglists@tca-cable-connector.com>
Date: Sat, 24 Feb 2007 00:17:00 +0800
To: freebsd-security@freebsd.org
X-Mailer: Apple Mail (2.752.3)
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	login:1405312fe15d228f5bad0d2fcbb6dc17
X-Provags-ID2: V01U2FsdGVkX19WZ32FjRfdMxbJthYsombp/hGMnERT0N/FAASZ1EEs1mqaUnn8GzkbdSjIViOlYPPbEjWtORtIcgfL1D3ivi3qOKqdnt4fur+6ftjU4k9frQ==
Subject: Advice for Internet facing Mailserver
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2007 16:17:14 -0000

Hello and good day,

i have setup a Server which is directly connected to the Internet,  
without NAT-Router or other Firewall Appliance. I am using FreeBSD  
6.2. I have pf enabled to only allow traffic on specified Ports. I am  
using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There  
is only one /home/User, which authenticates via a Key with Pass- 
phrase to sshd. The Mail-users all authenticate to a mysql database.   
I know that i could make use of chroot or better jail to secure the  
machine from possible exploits in postfix & co, but i am not yet  
comfortable with jail. Other then keeping my Ports (and system) up to  
date, can you give me some tips on how to secure my Box a little bit?

Thanks a lot,
David