Default settings you might want to check

So as not to derail a previous thread.

ProFTPd. Allow over write


This could be a useful topic (maybe some cleaning of unnecessary posts).

I got on my fresh install list:
Of course this is not what you must do perse, but the title say β€˜you might want to check’.

  1. Timezones
  • Webmin β†’ Hardware β†’ System time β†’ Change timezone
  • Webmin β†’ Tools β†’ PHP Configuration β†’ Manage β†’ Other Settings β†’ PHP Timezone
  1. Apache
  • Webmin β†’ Servers β†’ Apache webserver β†’ Global configuration β†’ Configure Apache Modules
    – http2 enabled
    – expires enabled
    – mpm_event instead of mpm_prefork
  1. Change default ports
  • Webmin β†’ Webmin β†’ Webmin Configuration / Usermin Configuration β†’ Ports and Addresses
  • Webmin β†’ Servers β†’ SSH Server β†’ Edit Config Files
  • Webmin β†’ Servers β†’ ProFTPD Server β†’ Edit Config Files
  • Of course remove the old ones and add the new ones to the FirewallD.
1 Like

I’ve made these changes to /etc/postfix/

#   check_policy_service unix:private/policyd-spf

It seems that order may be important. The permit _sasl_authenticated happens and is logged. A valid client would thus not be affected. Logs show a lot of dropped connections once the auth fails. My fail2ban jail now seems to be a lot less croweded.

I played with rejecting for failed SPF. This was a bad idea. I have accounts that forward mail and these all started to fail. I suppose if you know in advance all possible forwards you could whitelist them but that’s not possible in my case.

I still show connection attempts to SSH but my fail2ban jail is empty.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.