On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt
(ra+centos@xxxxxxxxxxxx) wrote:
> > - set up itables (what would the safest iptables script to do all and
> > only the services listed above?
>
> Depends on from where you want to connect to your imap server. From
> everywhere?
yes. More exactly, dovecot must serve both local webmail via
squirrelmail and my (and other users) home boxes
> If you only run sshd, imap, postfix and apache I don't really see a
> need for iptables. But you might want to restrict access to sshd to
> a few ip addresses if you can.
Unfortunately, this is not an option. Sorry I forgot to specify it in
the initial message.
> > - what else?
>
> Don't turn off SELinux.
Hmmm... I had also forgotten this side of the package. I will be
running on a rented VPS, can SELinux be used in such contexts?
Also, frankly I am not up to date on this, but I do remember reading a
lot of "Just turn off selinux, isn't worth it" and "selinux isn't
mature/ documented enough yet" in relatively recent times, both on
Fedora and Centos lists.
Is this still the case?
Thanks!
Marco
--
The Family Guide to Digital Freedom http://digifreedom.net
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
