M. Fioretti wrote:
On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt (ra+centos@br-online.de) wrote:
- set up itables (what would the safest iptables script to do all and only the services listed above?
Depends on from where you want to connect to your imap server. From everywhere?
yes. More exactly, dovecot must serve both local webmail via squirrelmail and my (and other users) home boxes
If you only run sshd, imap, postfix and apache I don't really see a need for iptables. But you might want to restrict access to sshd to a few ip addresses if you can.
Unfortunately, this is not an option. Sorry I forgot to specify it in the initial message.
- what else?
Don't turn off SELinux.
Hmmm... I had also forgotten this side of the package. I will be running on a rented VPS, can SELinux be used in such contexts?
Also, frankly I am not up to date on this, but I do remember reading a lot of "Just turn off selinux, isn't worth it" and "selinux isn't mature/ documented enough yet" in relatively recent times, both on Fedora and Centos lists.
Is this still the case?
It was never the case ... SELinux has been turned on by default by Red Hat in RHEL4 and RHEL5.
People who say "turn it off" do so because the either don't understand what it does OR they don't know how to use it.
That said, you don't HAVE to use it. However, it is another layered security feature AND the largest enterprise linux outfit in the world thinks it is very important.