Dear Linux users,
I run a small server that provides e-mail, among other services. For
this purpse, it runs Postfix and Dovecot - there's nothing surprising
about it.
Are there any additional measures that I should take these days to
secure it, especially against authentication-related attacks?
I believe the passwords are reasonably strong and unique (i.e., they
aren't used for any other services). Also, fail2ban is running, and
blocking hosts that fail to authenticate too often. Of course, only TLS
connections are permitted, except on port 25. That is, StartTLS is
mandatory.
I tried making ports 587 and 993 available only via a WireGuard
connection. This worked well, except for an Apple iOS client that,
unfortunately, lost Internet access entirely whenever I attempted to
enable the WireGuard configuration. This configuration had previously
worked, so a regression was introduced at some point, and others have
apparently run into similar issues with iOS 16. Also, I've left certain
other services, including ssh, available only via the WireGuard
connection, despite having opened 587 and 993 for now.
For more general mail security, I have configured SPF, DKIM, DMARC and
DANE. I'm using Rspamd for spam filtering, and I subscribed to the
Spamhaus Data Query Service, which reduces incoming spam considerably.
(I'm below the threshold at which they charge for the service.)
Is there anything else that I should be doing on the security front?
_______________________________________________
luv-main mailing list -- [email protected]
To unsubscribe send an email to [email protected]
