On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt (ra+centos@br-online.de) wrote:
- set up itables (what would the safest iptables script to do all and only the services listed above?
Depends on from where you want to connect to your imap server. From everywhere?
yes. More exactly, dovecot must serve both local webmail via squirrelmail and my (and other users) home boxes
If you only run sshd, imap, postfix and apache I don't really see a need for iptables. But you might want to restrict access to sshd to a few ip addresses if you can.
Unfortunately, this is not an option. Sorry I forgot to specify it in the initial message.
- what else?
Don't turn off SELinux.
Hmmm... I had also forgotten this side of the package. I will be running on a rented VPS, can SELinux be used in such contexts?
Also, frankly I am not up to date on this, but I do remember reading a lot of "Just turn off selinux, isn't worth it" and "selinux isn't mature/ documented enough yet" in relatively recent times, both on Fedora and Centos lists.
Is this still the case?
Thanks! Marco