On 9/8/18 6:01 PM, Chris Bennett wrote:
[snip]

IMHO, I would skip using partially insecure OS's like Linux. These are
your kids!



Of course security at the OS level is important but also a lot of work must be done around in the infrastructure area too for security... running a good IDS for example: OpenBSD with Snort totally rocks in this area.... going through a web proxy... again OpenBSD with Squid and Clamd.


Additionally perhaps a VPN to whatever mail solution the OP chooses if 'in house' like OpenVPN running on an OBSD gateway for example then lock down the mail system to just have port 25 open inbound in PF maybe even with queueing enabled.


Encryption of the storage medium can also be suggested so wherever the maildir store is located the FS becomes encrypted as added layer of security.


There's a lot one can do even just by sticking to a few OpenBSD based boxes but it really is a matter of locking things down as opposed to doing something silly.... even OpenBSD will become insecure if port 22 (ssh) is opened up with root account available and password something easily guessed like 'root' or 'admin'.


It's not really a short topic that has one specific answer but I will state that OpenBSD for router/gateways and servers is an excellent solution as unlike other OS's is not resource intensive and overall pretty secure right out of the box.


--K


Reply via email to