Apache and Postfix security

To: debian-user <debian-user@lists.debian.org>
Subject: Apache and Postfix security
From: Roberto Sanchez <rcsanchez97@yahoo.es>
Date: Tue, 26 Aug 2003 20:08:41 +0200 (CEST)
Message-id: <[🔎] 20030826180841.95201.qmail@web41811.mail.yahoo.com>

Victory!!!!!!!!!

Today I put online my lab's new web/email server running Woody to replace the
previous run running RH 9.

I still have a few questions though.

To start here is what I have running: apache, apache-ssl, mysql, sshd, inetd,
ntpd, postfix, shorewall.

>From the net I only allow in ports 22, 25, 80, and 443.

I have hosts.deny as:
ALL: ALL

and hosts.allow as:
sshd: ALL
imapd: LOCAL

I copied the configurations for apache and postfix from the previous machine
and
have setup shorewall with some pretty restrictive rules.  However, my concern
is that I may not have the most secure setup for apache and postfix.  Just 5
minutes after I went online with the new server I was hit by someone trying to
use us as an open relay.  The log files show that the connections were
utlimately rejected, but I want to make sure that I am not doing something
dumb.

Can anyone provide any pointers or good reading on proper security?

-Roberto

___________________________________________________
Yahoo! Messenger - Nueva versión GRATIS
Super Webcam, voz, caritas animadas, y más...
http://messenger.yahoo.es

Reply to:

Prev by Date: Re: Tool for sending Windows popup messages?
Next by Date: Re: kernel 2.6 how-to
Previous by thread: w reports diffrent number of users than displayed
Next by thread: netenv configuration
Index(es):
- Date
- Thread