Configure OpenSMTPd under OpenBSD with MySQL / SSL / Postfixadmin / Amavis / Clamav / SpamAssassin / Packet Filter / DKIM / DMARC 1st August 2018

As you can see, this article is really big, it took me a lot of time to write it, and I tried to be very precise, especially with detailed schemas. The goal of this article is to explain how to make the most complete SMTP server configuration with OpenSMTPd : OpenSMTPd with MySQL and SSL […]

Setup OpenBSD 6.3 with Full Disk Encryption 19th September 2017

This article has been updated for the OpenBSD 6.3 release. Here is a quick way to setup (in 7 steps) OpenBSD 6.3 with the encryption of the filesystem.

Secure your SSH server with blacklistd and PacketFilter under FreeBSD 8th September 2017

Many of us know and use Fail2ban, a very powerfull log parser able to block everything you want if you create the good rules for your services. But, when it comes to just secure our SSHd, it can be a little… overkill ! So, a daemon named blacklistd(8) showed up few months ago on the […]

Quick and secure Samba setup under FreeBSD 16th August 2017

Many of us may not be Windows enthusiasts but sometimes it may be worthwhile to benefit from a file sharing service allowing Windows clients to connect. You’ll tell me : « To share your files you can use SSHFS, FTP, etc…» Short answer : And it’s true ! But when it comes to watch movies […]

Build a fake SSH server under OpenBSD with PacketFilter and sshesame 3rd August 2017

Introduction : If you host a public server with a SSH daemon, you should be familiar with bruteforce attacks… $ cat /var/log/authlog Aug 3 12:00:47 blog sshd[25418]: Failed password for root from port 35320 ssh2 Aug 3 12:00:51 blog sshd[25418]: error: maximum authentication attempts exceeded for root from port 35320 ssh2 [preauth] Aug […]

OpenSMTPD and Dovecot under OpenBSD with MySQL support and SPAMD 13th July 2017

This article is the continuation of my previous tutorial OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot. We’ll use the same configuration and add some features so we can : Use our domains, aliases, virtual users with a MySQL database (MariaDB under OpenBSD). Deploy SPAMD with OpenSMTPD for a strong antispam solution. Jump in!

OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot 13th July 2017

This article is the translation of my previous paper in French. During the 2013 AsiaBSDCon, the team of OpenBSD presented its mail solution named OpenSMTPD. Developped by the OpenBSD team, we find the so much appreciated philosophy of its developpers : security, simplicity / clarity and advanced features. Security : The daemon runs unprivileged and […]

OpenBSD’s httpd(8) server with PHP/MYSQL/SSL and PacketFilter firewalling 28th June 2017

Since the version 5.7, OpenBSD integrates its own http server named httpd(8). We’ll see how to deploy / configure / secure it.

Avoid OS detection on OpenBSD 26th June 2017

You know what we say about OpenBSD : Free, Functional, and… Secure. Hosting a public server can lead to many different attacks. Mostly random attacks, but you may be targeted by a “real attacker” who, at first, will gather informations such as the kind of operating system you are running. Actually, finding what system runs […]

OpenBSD : httpd(8) and authentication with htpasswd 11th October 2016

httpd(8) server of OpenBSD allows you to secure your virtualhosts/directories with a login/password based on the famous Apache htpasswd. Here is how you can set it up :