Advice for Internet facing Mailserver
David Schulz
mailinglists at tca-cable-connector.com
Fri Feb 23 16:17:14 UTC 2007
Hello and good day,
i have setup a Server which is directly connected to the Internet,
without NAT-Router or other Firewall Appliance. I am using FreeBSD
6.2. I have pf enabled to only allow traffic on specified Ports. I am
using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
is only one /home/User, which authenticates via a Key with Pass-
phrase to sshd. The Mail-users all authenticate to a mysql database.
I know that i could make use of chroot or better jail to secure the
machine from possible exploits in postfix & co, but i am not yet
comfortable with jail. Other then keeping my Ports (and system) up to
date, can you give me some tips on how to secure my Box a little bit?
Thanks a lot,
David
More information about the freebsd-security
mailing list