So as not to derail a previous thread.
ProFTPd. Allow over write
Others?
This could be a useful topic (maybe some cleaning of unnecessary posts).
I got on my fresh install list:
Of course this is not what you must do perse, but the title say βyou might want to checkβ.
- Timezones
- Webmin β Hardware β System time β Change timezone
- Webmin β Tools β PHP Configuration β Manage β Other Settings β PHP Timezone
- Apache
- Webmin β Servers β Apache webserver β Global configuration β Configure Apache Modules
β http2 enabled
β expires enabled
β mpm_event instead of mpm_prefork
- Change default ports
- Webmin β Webmin β Webmin Configuration / Usermin Configuration β Ports and Addresses
- Webmin β Servers β SSH Server β Edit Config Files
- Webmin β Servers β ProFTPD Server β Edit Config Files
- Of course remove the old ones and add the new ones to the FirewallD.
1 Like
Iβve made these changes to /etc/postfix/main.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
# check_policy_service unix:private/policyd-spf
It seems that order may be important. The permit _sasl_authenticated happens and is logged. A valid client would thus not be affected. Logs show a lot of dropped connections once the auth fails. My fail2ban jail now seems to be a lot less croweded.
I played with rejecting for failed SPF. This was a bad idea. I have accounts that forward mail and these all started to fail. I suppose if you know in advance all possible forwards you could whitelist them but thatβs not possible in my case.
I still show connection attempts to SSH but my fail2ban jail is empty.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.