By way of update, it now appears that my iOS WireGuard client is
connecting successfully, so I have re-enabled the firewall rule on the
host that permits ports 587 and 993 to be reached only over the
WireGuard interface. I plan to continue testing the reliability of the
connection.
As an aside, I have found the kernel-based Linux WireGuard
implementation to be highly reliable.
On 4/7/23 17:58, Jason White via luv-main wrote:
Dear Linux users,
I run a small server that provides e-mail, among other services. For
this purpse, it runs Postfix and Dovecot - there's nothing surprising
about it.
Are there any additional measures that I should take these days to
secure it, especially against authentication-related attacks?
I believe the passwords are reasonably strong and unique (i.e., they
aren't used for any other services). Also, fail2ban is running, and
blocking hosts that fail to authenticate too often. Of course, only
TLS connections are permitted, except on port 25. That is, StartTLS is
mandatory.
I tried making ports 587 and 993 available only via a WireGuard
connection. This worked well, except for an Apple iOS client that,
unfortunately, lost Internet access entirely whenever I attempted to
enable the WireGuard configuration. This configuration had previously
worked, so a regression was introduced at some point, and others have
apparently run into similar issues with iOS 16. Also, I've left
certain other services, including ssh, available only via the
WireGuard connection, despite having opened 587 and 993 for now.
For more general mail security, I have configured SPF, DKIM, DMARC and
DANE. I'm using Rspamd for spam filtering, and I subscribed to the
Spamhaus Data Query Service, which reduces incoming spam considerably.
(I'm below the threshold at which they charge for the service.)
Is there anything else that I should be doing on the security front?
_______________________________________________
luv-main mailing list -- luv-main@luv.asn.au
To unsubscribe send an email to luv-main-le...@luv.asn.au
_______________________________________________
luv-main mailing list -- luv-main@luv.asn.au
To unsubscribe send an email to luv-main-le...@luv.asn.au
