Apache and Postfix security
Victory!!!!!!!!!
Today I put online my lab's new web/email server running Woody to replace the
previous run running RH 9.
I still have a few questions though.
To start here is what I have running: apache, apache-ssl, mysql, sshd, inetd,
ntpd, postfix, shorewall.
>From the net I only allow in ports 22, 25, 80, and 443.
I have hosts.deny as:
ALL: ALL
and hosts.allow as:
sshd: ALL
imapd: LOCAL
I copied the configurations for apache and postfix from the previous machine
and
have setup shorewall with some pretty restrictive rules. However, my concern
is that I may not have the most secure setup for apache and postfix. Just 5
minutes after I went online with the new server I was hit by someone trying to
use us as an open relay. The log files show that the connections were
utlimately rejected, but I want to make sure that I am not doing something
dumb.
Can anyone provide any pointers or good reading on proper security?
-Roberto
___________________________________________________
Yahoo! Messenger - Nueva versión GRATIS
Super Webcam, voz, caritas animadas, y más...
http://messenger.yahoo.es
Reply to: