• 6 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 19th, 2023

help-circle




















  • A VPN is easy to setup (and I have it setup by the way), but no VPN is even easier. SSH by itself is sufficiently secure if you keep it up to date with a sane configuration. Bots poking at my ssh port is not something that bother me at all, and not part of any attack vector I want to be secure against.

    Out of all the services I expose to the clear web, SSH is probably the one I trust the most.



  • I get what you say, and you’re definitely not wrong to do it. But as I see it, you only saved ~80Kib of ingress and a few lines of logs in the end. From my monitoring I get ~5000 failed auth per day, which account for less than 1Mbps average bandwidth for the day.

    It’s not like it’s consuming my 1Gbps bandwidth or threatening me as I enforce ssh key login. I like to keep things simple, and ssh on port 22 over internet makes it easy to access my boxes from anywhere.


  • z3bra@lemmy.sdf.orgtoSelfhosted@lemmy.worldMy first E-Mail server
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Congratulations! A mail server is quite demanding in terms of initial setup, but it’s also very rewarding !

    Here are a few pointers I can give you:

    • Using a good domain is important, some provider block entire TLDs for cheap domains (eg. .tk or .pw). I learnt it the hard way…
    • Set your MX records to A records, not CNAME
    • Ensure your PTR records match your A records for the mail server
    • Learn about SPF and DKIM
    • Set them up, and verify with mxtoolbox
    • Use the ip4:<ipv4> and/or ip6:<ipv6> selectors for SPF
    • Setup a spamfilter (I like spamassassin)
    • Leave it all running for a few weeks/months
    • Publish a DMARC policy on your DNS, and verify with mxtoolbox

    This should limit a lot your likeliness to end up in spam folders (which is usually the hardest part about running your mail server)