• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Firewall configuration

B

baravalle

Guest
Hi,
can anyone suggest a safe firewall configuration using the plesk interface?

At the present time I have:
-disabled the FTP server
-allowed Mail password service, Mysql service and Postgres service only from 127.0.0.1
-Blocked Tomcat, Samba, Plesk VPN, Ping

I'm not sure about the DNS server. I suppose it should be enabled for the local host only?

What about the SMTP server? Looks like if I block it the mail doesn't arrive. What I want is to forbid other users from using my SMTP server.

Any suggestions?

Thanks in advance,
Andres
 
What about the SMTP server? Looks like if I block it the mail doesn't arrive.
Click to expand...
Of course you won't get any incoming emails if you block the SMTP port 25.

There is no 'easy' answer to prevent 'others' (meaning spammers?) from making use of your mail server and from other attacks. However, the following couple of suggestions will greatly help in most cases: (this is not a complete list, just a beginning)

1. Atomic Secured Linux (ASL) Kernel (www.atomicrocketturtle.com/subscribe)
(fee based, includes mod_security)

2. mod_security (www.atomicrocketturtle.com or gotroot.com)
(free)

3. Bind/DNS configuration to serve only the local hosted domains, no forwarding or recursion.

4. RKHunter and CHKRootkit packages - cronjob them to update, run, email you the results

5. OS dependent - go through and make sure all other distro installed services which are not critical (needed) to proper operation are also disabled or removed.

6. Make sure there are no exploitable script packages (such as some phpBB versions) or formmail scripts on any of the hosted domains.

7. Things to do which may not be very effective (noexec /tmp, prevent things like wget usage), but may help prevent inexperienced script kiddies from having an easy time of it.

8. Make sure your Plesk server is set for SMTP Auth only, no POP lock

many many hundreds of other things...
 
Originally posted by jamesyeeoc
Of course you won't get any incoming emails if you block the SMTP port 25.

There is no 'easy' answer to prevent 'others' (meaning spammers?) from making use of your mail server and from other attacks. However, the following couple of suggestions will greatly help in most cases: (this is not a complete list, just a beginning)

1. Atomic Secured Linux (ASL) Kernel (www.atomicrocketturtle.com/subscribe)
(fee based, includes mod_security)

2. mod_security (www.atomicrocketturtle.com or gotroot.com)
(free)
Click to expand...

mod_security already installed, but I don't like it too much. The name is a bit ambitious for what it does. I don't like the idea of using it for general protection against applications that might be installed in the server, or against poor coding.

that should be done at configuration level, for PHP (as I have just PHP-based domains in my server) and at coding level.


3. Bind/DNS configuration to serve only the local hosted domains, no forwarding or recursion.
Click to expand...

Trying to do that - I'll have to check if my configuration is working


4. RKHunter and CHKRootkit packages - cronjob them to update, run, email you the results
Click to expand...

Thanks, I'll have a look at those


5. OS dependent - go through and make sure all other distro installed services which are not critical (needed) to proper operation are also disabled or removed.
Click to expand...

Always a good point - but quite time intensive. Apparently I do not have any useless services running, but I had some not really usefull services installed but not running. Removed distcache, distcache-devel, tux, nscd, ntpd.


6. Make sure there are no exploitable script packages (such as some phpBB versions) or formmail scripts on any of the hosted domains.
Click to expand...

I'm quite sure that the horde running with PLESK is exploitable... but not sure of how to overcome the problem. The update script is broken in my server, because I have my custom PHP and MySQL, which make the script break. I'll try to update the packages one by one.


7. Things to do which may not be very effective (noexec /tmp, prevent things like wget usage), but may help prevent inexperienced script kiddies from having an easy time of it.
Click to expand...

can't do that at the moment - I do not have an indipendent /tmp partition. But I suppose a good point would be having a better partition layout.


8. Make sure your Plesk server is set for SMTP Auth only, no POP lock
Click to expand...

already done


many many hundreds of other things...
Click to expand...

thanks for your comments - always working on the many hundreds things. And trying to keep the server secure and up to date.

Andres
 
mod_security already installed, but I don't like it too much. The name is a bit ambitious for what it does. I don't like the idea of using it for general protection against applications that might be installed in the server, or against poor coding.

that should be done at configuration level, for PHP (as I have just PHP-based domains in my server) and at coding level.
Click to expand...
I agree with you about config and coding. If you have that much control over what the clients put onto the server, that's wonderful. Many or most admins may not have the time or expertise to constantly check what the clients may put on the server, so as a general stop-gap measure, things such as mod_security can be useful / helpful. [IMO] I know there are some who do not like mod_security, but I also know many servers which have greatly benefited from it. Every server and admin is different, no 'one size fits all'. Peace.
 
You must log in or register to reply here.

Similar threads

S
Resolved Problem receiving email after server restart
Replies
3
Views
633
smilan
S
CobraArbok
Question Gmail Error unsolicited emails. What value in TXT?
Replies
15
Views
534
CobraArbok
CobraArbok
carlsson
Issue Really strange problem – I can't use my SMTP server intermittently
Replies
2
Views
214
carlsson
carlsson
M
Issue Can't open Port 25. Please help
Replies
2
Views
328
mhogue
M
CobraArbok
Question Emails from bank not received
Replies
2
Views
955
CobraArbok
CobraArbok
Back
Top