• 0 Posts
  • 9 Comments
Joined 1 year ago
cake
Cake day: October 17th, 2023

help-circle
  • This is why ISPs typically block port 25. Also, I love containers as much as the next guy but for the reasons mentioned I reduce complexity in all areas of critical systems were it doesn’t belong such as a email server.

    You are not the first to do this with docker hosted email servers and you won’t be the last. The Internet is full of people talking about this exact issue.



  • I’ll leave with this. ANY service exposed publicly or not should not have vulnerabilities. If there is any hint that your NAS webserver has vulnerabilities, it shouldn’t even be used internally. So to me, it does not matter. I don’t expose my NAS webserver because I have no reason to increase my attack surface that wide.

    But I’m comfortable exposing any of my internal services as needed because I’ve personally checked the source code for vulnerabilities, and have proper checks in place on top of regular security updates. I understand why others wouldn’t think the same way, as this takes a high level of confidence in your ability to assess the security posture of your systems and network. I’ve had penetration tests in my network, conduct them myself for business.


  • Meh, been doing it for 5 years now with minimal issues. Had one issue come up where my domain was flagged as malicious, but was solved in a few days and some emails to security vendors.

    I think it’s important that those who can, and are educated enough to keep it running properly do host their own. Hosting your own email should be encouraged if capable because it helps reduce the monopoly, and keep a little bit of power for those who want to retain email privacy.




  • People talk up Pterodactyl like it’s difficult to install, but if you follow the documentation it’s fine if you’ve had any experience with installing Linux programs beyond running a script. You can also find scripts on github that make it a one stop shot or one liner install like most are used to. I have an AMP license, and kind of regret it to be honest. I thought a paid solution may be better, but I was wrong. The UI and navigation in AMP is among the worst software front end navigation I’ve ever seen.



  • Brother, there is no difference. I think you are confused. They can “understand your traffic and do something about it” it’s unencrypted, and you agree to a fairly strict terms of service that allows them to basically do whatever they like. Maybe you should read the agreement, and if you’re using the tunnels, maybe turn them off until you understand your security posture and exposure of your network