Advice for Internet facing Mailserver
Duane Whitty
duane at dwlabs.ca
Mon Feb 26 03:57:30 UTC 2007
On Sat, Feb 24, 2007 at 12:17:00AM +0800, David Schulz wrote:
> Hello and good day,
>
> i have setup a Server which is directly connected to the Internet,
> without NAT-Router or other Firewall Appliance. I am using FreeBSD
> 6.2. I have pf enabled to only allow traffic on specified Ports. I am
> using Apache-13 + Postfix + Dovecot & mysql for my Mail-system. There
> is only one /home/User, which authenticates via a Key with Pass-
> phrase to sshd. The Mail-users all authenticate to a mysql database.
> I know that i could make use of chroot or better jail to secure the
> machine from possible exploits in postfix & co, but i am not yet
> comfortable with jail. Other then keeping my Ports (and system) up to
> date, can you give me some tips on how to secure my Box a little bit?
>
> Thanks a lot,
> David
Hi David,
Perhaps the following URI would be of interest:
http://www.modsecurity.org/
I've been considering this tool myslef. I am not using it as of yet.
Best Regards,
Duane
More information about the freebsd-security
mailing list