From owner-freebsd-security@FreeBSD.ORG Sun Feb 25 11:35:42 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8540C16A403 for ; Sun, 25 Feb 2007 11:35:42 +0000 (UTC) (envelope-from jberg@jberg.pp.se) Received: from mail.uni-q.se (socket.uni-q.se [193.108.196.77]) by mx1.freebsd.org (Postfix) with ESMTP id 4318113C4AA for ; Sun, 25 Feb 2007 11:35:41 +0000 (UTC) (envelope-from jberg@jberg.pp.se) Received: from break.uni-q.se ([193.108.196.49]:58621 helo=webmail.uni-q.se) by mail.uni-q.se with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.63 #1) id 1HLHKi-0007Nt-Pj; Sun, 25 Feb 2007 12:14:28 +0100 Received: from 213.66.132.131 (SquirrelMail authenticated user m00036) by webmail.uni-q.se with HTTP; Sun, 25 Feb 2007 12:14:24 +0100 (CET) Message-ID: <1336.213.66.132.131.1172402064.squirrel@webmail.uni-q.se> In-Reply-To: <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com> References: <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com> <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com> Date: Sun, 25 Feb 2007 12:14:24 +0100 (CET) From: "Johan Berg" To: "David Schulz" User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Authenticated-As: X-Scan-Signature: 7cead026102690c34d275c9e5d8cd66b Cc: freebsd-security@freebsd.org Subject: Re: Advice for Internet facing Mailserver X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2007 11:35:42 -0000 The FreeBSD Handbook also have some good tips: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html Regards, -- Johan Berg On Fri, February 23, 2007 17:17, David Schulz wrote: > Hello and good day, > > i have setup a Server which is directly connected to the Internet, > without NAT-Router or other Firewall Appliance. I am using FreeBSD > 6.2. I have pf enabled to only allow traffic on specified Ports. I am > using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There > is only one /home/User, which authenticates via a Key with Pass- > phrase to sshd. The Mail-users all authenticate to a mysql database. > I know that i could make use of chroot or better jail to secure the > machine from possible exploits in postfix & co, but i am not yet > comfortable with jail. Other then keeping my Ports (and system) up to > date, can you give me some tips on how to secure my Box a little bit? > > Thanks a lot, > David > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -- Johan Berg