security

/etc/postfix/header_cleanup_outgoing

/^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2
/^\s*User-Agent/ IGNORE
/^\s*X-Enigmail/ IGNORE
/^\s*X-Mailer/ IGNORE
/^\s*X-Originating-IP/ IGNORE
/^\s*Mime-Version/ IGNORE

/etc/postfix/main.cf

smtp_header_checks = pcre:/etc/postfix/header_cleanup_outgoing

1. chmod 600 /etc/postfix/header_cleanup_outgoing

1. ai firehol-tools
2. ll -t /etc/firehol/ipsets
3. update-ipsets enable firehol_level1 firehol_level2 firehol_level3 firehol_level4 fullbogons spamhaus_drop sslbl blocklist_de greensnow ciarmy sslbl_aggressive 
4. update-ipsets
5. ipset -L -n
6. ipset -L firehol_level1
7. t /var/log/update-ipsets.log
8. update-ipsets --help
9. man ipset

/etc/cron.daily/update-ipsets

#!/bin/sh
update-ipsets -s > /var/log/update-ipsets.log 2>&1
 

1. ai mailutils
2. https://www.abuseipdb.com/ 
3. https://www.liveipmap.com/ 

/etc/cron.monthly/f2b-stat

#!/bin/sh

1. https://www.cyberciti.biz/faq/install-nmap-debian-ubuntu-server-desktop-system/

/etc/firehol/firehol.conf

# SYNPROXY
TRAP_PORTS="25 80"
SUSPECTS_TIMEOUT=3600
TRAP_TIMEOUT=86400
VALID_CONNECTION_COUNT=2
TRAP_ACTION="DROP"

ipv4 synproxy input inface "${wan}" dst "${PUBLIC_IPS}" dport "${TRAP_PORTS}" accept

https://robot.hetzner.com/server

https://docs.hetzner.com/robot/dedicated-server/firewall/