On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt (ra+centos at br-online.de) wrote: > > - set up itables (what would the safest iptables script to do all and > > only the services listed above? > > Depends on from where you want to connect to your imap server. From > everywhere? yes. More exactly, dovecot must serve both local webmail via squirrelmail and my (and other users) home boxes > If you only run sshd, imap, postfix and apache I don't really see a > need for iptables. But you might want to restrict access to sshd to > a few ip addresses if you can. Unfortunately, this is not an option. Sorry I forgot to specify it in the initial message. > > - what else? > > Don't turn off SELinux. Hmmm... I had also forgotten this side of the package. I will be running on a rented VPS, can SELinux be used in such contexts? Also, frankly I am not up to date on this, but I do remember reading a lot of "Just turn off selinux, isn't worth it" and "selinux isn't mature/ documented enough yet" in relatively recent times, both on Fedora and Centos lists. Is this still the case? Thanks! Marco -- The Family Guide to Digital Freedom http://digifreedom.net