Success
After waiting for DNS propagation, I am now running one test domain,
with 3 email accounts live on Centos7 Qmail-toaster standard install.
I setup Outlook client,. using IMAP, port 993 , SSL, SMTP port 587, SSL
So far no errors at all.
Oh yes, firewall is now secured,
Thanks
Dave M
thanks all,
as I hadn't completed the install at that point, I also hadnt copied
in my special firewall rules : )
Thanks for the reminders.
My centos7 install will be live with one test domain tomorrow
Cheers
Dave M
On Apr 3, 2015 4:53 PM, "DNK" <d.k.emailli...@gmail.com
<mailto:d.k.emailli...@gmail.com>> wrote:
I have a mgmt machine to connect to all my servers. Then I access
that mgmt machine VIA SSH W/ Keys and a passphrase. 2 factor
authentication is going to be layered on as well.
--
DNK
On April 3, 2015 at 3:08:50 PM, Cecil Yother, Jr. (c...@yother.com
<mailto:c...@yother.com>) wrote:
yet another tip.
Isolate your ip in iptables like so
-A INPUT -p tcp -m tcp -s 192.168.0.1 --dport 5150 -j ACCEPT
using non-standard port replacing the private ip with your public
IP address.
The only problem with this approach is accessing it from the road
where your IP is changing.
On 04/03/2015 11:41 AM, Hasan Akgöz wrote:
second tip ;
It does this by using simple Access List Rules which are
included in the two files /etc/hosts.allow and /etc/hosts.deny
. Firstly allow access by placing the following inside
/etc/hosts.allow:
/etc/hosts.allow
sshd: 1.2.3.0/255.255.255.0 <http://1.2.3.0/255.255.255.0> (
1.2.3.0 secure network )
Then disallow all further access by placing this in /etc/hosts.deny:
/etc/hosts.deny
sshd: ALL
third tip :
Change the absolute ssh port. For example 2122 .
2015-04-03 17:01 GMT+03:00 Dan McAllister <q...@it4soho.com
<mailto:q...@it4soho.com>>:
On 4/2/2015 5:20 PM, Dave M wrote:
This should make you smile
I have just this minute finished an install of Centos7 to
prepare for the qmail-toaster install.
After the first update , and reboot, I logged in via ssh
Up pops the security message:
*There were 249 failed login attempts since the last
successful login.*
Thankfully the default firewall took care of them
Just be careful doing installs with live external IP, and
disabling the firewall until you are done
Made me laugh : )
Just a tip --
Instead of leaving your SSH port open, put a connection
limit on it:
The following entries are from an iptables config file:
-A INPUT -p tcp --dport 22 -m limit --limit 2/minute -j
ACCEPT
-A INPUT -p tcp --dport 22 -j DROP
You can fail your login attempt twice per minute, then
you're dropped for the remainder of the minute.
In most cases, they fail the login twice in like a 10-second
period, fail a few more times (with unsuccessful connections
this time) and finally quit -- blissfully unaware that they
could try 2 more times in 60 seconds.
The point is, if you're just fat-fingering your SSH
password, no worries - wait 60 seconds....
But if you're trying a brute-force attack, good luck --
instead of hundreds of tries per minute, you now get just 2...
Needless to say, you can adjust to your own recipe...
Dan McAllister
IT4SOHO
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
--