That look interesting. Do you provide a hosting plan Andre?
regards
on 2019/11/26 14:31, André Rodier wrote:
Hello, Bill.
I had the same concern a few years ago.
I have been self-hosting for more than a decade, and more recently, I
built this:
https://github.com/progmaticltd/homebox
This is oriented towards security and privacy, and include defence
mechanisms against remote and physical intrusion.
- All daemons are protected by AppArmor.
- The main drive is fully encrypted using LUKS, unlock with a Yubikey
locally or remotely using SSH.
- Implementation of latest standards, like DNSSEC, SSHFP, MTA-STS,
etc...
- Encrypted remote or local backups with borg, with jabber alerts.
- Everything coming from Debian repositories.
- Some bonus features, like Jabber, RoundCube, Zabbix, SOGo, gogs,
transmission, etc.
One feature you may find particularly useful, is a monthly report with
all the accesses, by country, ISP, hours:
https://homebox.readthedocs.io/en/dev/access-reports/
Real time alerts and/or blocking if you connect from a blacklisted IP
and various parameters.
Everything is tested using continuous integration with a Jenkins
server.
It is on Debian Stretch for now, but we will provide a buster version
next year.
I am currently working on a way to provide static IP address if you do
not have one...
Enjoy!
Kind regards,
André
On Tue, 2019-11-26 at 00:48 -0500, Bill Cole wrote:
On 25 Nov 2019, at 22:53, lists wrote:
> Security is privacy.
More precisely: Security includes privacy. Privacy is an essential
*PART
OF* security.
The remit requested by the OP is really too broad to answer on a
public
mailing list intended for discussion of a specific MTA (even though
Postfix would be a likely component...) because it could have very
different answers depending on the specific needs of a site and
issues
like scale, threat model, risk tolerances, and available resources.