From owner-freebsd-security@FreeBSD.ORG Sat Feb 24 09:05:08 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF82716A401 for ; Sat, 24 Feb 2007 09:05:08 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (dsl081-227-250.chi1.dsl.speakeasy.net [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 4D1C313C48E for ; Sat, 24 Feb 2007 09:05:06 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.13.8/8.12.11) with ESMTP id l1NIvlPe065189; Fri, 23 Feb 2007 12:57:48 -0600 (CST) Message-Id: <6.0.0.22.2.20070223125703.025529d8@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 23 Feb 2007 12:57:38 -0600 To: David Schulz , freebsd-security@freebsd.org From: Derek Ragona In-Reply-To: <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.c om> References: <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com> <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com> Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Advice for Internet facing Mailserver X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 09:05:09 -0000 You might want to use /etc/hosts.allow to restrict some protocols further. -Derek At 10:17 AM 2/23/2007, David Schulz wrote: >Hello and good day, > >i have setup a Server which is directly connected to the Internet, >without NAT-Router or other Firewall Appliance. I am using FreeBSD >6.2. I have pf enabled to only allow traffic on specified Ports. I am >using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There >is only one /home/User, which authenticates via a Key with Pass- phrase to >sshd. The Mail-users all authenticate to a mysql database. >I know that i could make use of chroot or better jail to secure the >machine from possible exploits in postfix & co, but i am not yet >comfortable with jail. Other then keeping my Ports (and system) up to >date, can you give me some tips on how to secure my Box a little bit? > >Thanks a lot, >David >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.