LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-25-2006, 05:29 AM   #1
hank43
Member
 
Registered: Nov 2003
Distribution: centos 4.4
Posts: 94

Rep: Reputation: 15
Question secure postfix installation


besides file permissions, not running it as root, chrooting it, and not having an open relay, what do i need to do to have a secure postfix server?

There are many guides on the internet on how to install postfix+..., but i am not sure if they are done with security in mind. any pointers to a good guide? i am running centos 4.4.
 
Old 12-27-2006, 02:06 AM   #2
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
You could improve the security in a number of ways including disabling the VRFY function and using TLS transport encryption between the server and client machines.

postconf -e disable_vrfy_command=yes

This disables VRFY so that malicious users cannot determine valid users on your host with the VRFY command.

If your interested in reducing spam messages as well, lookup the anvil daemon that comes with postfix 2.1 and above. You may also want to use a realtime blacklist as well such as xbl-sbl.spamhaus.org.
 
Old 12-27-2006, 07:06 PM   #3
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
This article from security focus should give you a better insight.

http://www.securityfocus.com/infocus/1593
 
Old 12-29-2006, 09:51 AM   #4
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
Just remember to always encrypt any connection that sends a users login credentials. Make sure you use TLS/SSL for all of your email connections. If you provide a webmail interface for your users, remember to only allow webmail access over a secure HTTPS connection.

I'm assuming you're going to use SMTP authentication to prevent your server from becoming an open relay. While that is effective, all a spammer has to do is gain access to a valid user's credentials and then they will have relay access from your server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure storage of passwords for Postfix and Courier IMAP wbuik Linux - Security 2 10-02-2006 11:29 AM
postFix sending mail secure and always external onesandtwos Linux - Software 6 12-15-2005 01:39 PM
postfix + mysql + pop3(secure something) and imap. (Serius Problems:/ ) Esid *BSD 0 07-25-2004 03:32 PM
how can I make postfix more secure? ziggie216 Linux - Software 1 12-05-2003 12:10 AM
Help setting up postfix secure authentication jglazner Linux - Software 0 11-21-2003 03:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration