From owner-freebsd-security@FreeBSD.ORG Sat Feb 24 18:29:04 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 86B3416A400 for ; Sat, 24 Feb 2007 18:29:04 +0000 (UTC) (envelope-from bob@dexis.net) Received: from mail.dexis.net (eni-209-101-30-22.dexis.net [209.101.30.22]) by mx1.freebsd.org (Postfix) with ESMTP id 5F98613C441 for ; Sat, 24 Feb 2007 18:29:04 +0000 (UTC) (envelope-from bob@dexis.net) Received: from [209.101.30.68] (bobvaio.dexis.net [209.101.30.68]) by mail.dexis.net (8.11.6/DEC.011201.11) with ESMTP id l1OHwBN15266; Sat, 24 Feb 2007 09:58:12 -0800 Message-ID: <45E07C95.8040606@dexis.net> Date: Sat, 24 Feb 2007 09:57:41 -0800 From: Bob Madore User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Derek Ragona References: <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com> <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com> <6.0.0.22.2.20070223125703.025529d8@mail.computinginnovations.com> In-Reply-To: <6.0.0.22.2.20070223125703.025529d8@mail.computinginnovations.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: David Schulz , freebsd-security@freebsd.org Subject: Re: Advice for Internet facing Mailserver X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bob@dexis.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 18:29:04 -0000 Another program to consider is DenyHosts http://denyhosts.sourceforge.net/ It works exceptionally well. Bob Derek Ragona wrote: > You might want to use /etc/hosts.allow to restrict some protocols > further. > > -Derek > > > At 10:17 AM 2/23/2007, David Schulz wrote: >> Hello and good day, >> >> i have setup a Server which is directly connected to the Internet, >> without NAT-Router or other Firewall Appliance. I am using FreeBSD >> 6.2. I have pf enabled to only allow traffic on specified Ports. I am >> using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There >> is only one /home/User, which authenticates via a Key with Pass- >> phrase to sshd. The Mail-users all authenticate to a mysql database. >> I know that i could make use of chroot or better jail to secure the >> machine from possible exploits in postfix & co, but i am not yet >> comfortable with jail. Other then keeping my Ports (and system) up to >> date, can you give me some tips on how to secure my Box a little bit? >> >> Thanks a lot, >> David >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >