Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Feb 2007 12:57:38 -0600
From:      Derek Ragona <derek@computinginnovations.com>
To:        David Schulz <mailinglists@tca-cable-connector.com>, freebsd-security@freebsd.org
Subject:   Re: Advice for Internet facing Mailserver
Message-ID:  <6.0.0.22.2.20070223125703.025529d8@mail.computinginnovations.com>
In-Reply-To: <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.c om>
References:  <8F62D3F1-B5AF-442F-B492-67D28FDCE9F0@tca-cable-connector.com> <2FF03F09-23CA-44ED-87BA-673095FFE430@tca-cable-connector.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
You might want to use /etc/hosts.allow to restrict some protocols further.

         -Derek


At 10:17 AM 2/23/2007, David Schulz wrote:
>Hello and good day,
>
>i have setup a Server which is directly connected to the Internet,
>without NAT-Router or other Firewall Appliance. I am using FreeBSD
>6.2. I have pf enabled to only allow traffic on specified Ports. I am
>using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
>is only one /home/User, which authenticates via a Key with Pass- phrase to 
>sshd. The Mail-users all authenticate to a mysql database.
>I know that i could make use of chroot or better jail to secure the
>machine from possible exploits in postfix & co, but i am not yet
>comfortable with jail. Other then keeping my Ports (and system) up to
>date, can you give me some tips on how to secure my Box a little bit?
>
>Thanks a lot,
>David
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20070223125703.025529d8>