Last edited:
Hi All,
So basically a couple of weeks ago I decided to try setting up mailplus server. It was more tecnical than I was expecting, and to be honest some of it was a bit over my head, but it all seemed good. Since then I've been a bit concerned about the security implications of having a mailserver running on the same box that I keep all my personal data on. Then yesterday I noticed lots of events of failed connections to the mailserver and to the nas, so I deceided to secure things up.
I've stopped the mailserver and closed the related ports in my router.
I've disabled all reverse proxy rules that I don't/shouldn't use ie. nas.mydomain.com and instead i'll just stick to something like Tailscale if I need to remotely access the nas.
also, I decided to turn on synology's internal firewall...
So, I'm inexperienced with firewalls and things aren't going well so far...
I've made sure I haven't locked myself out at the top of the rule list.
I've ended the rule list with a deny all rule.
But, when it comes to rules for all the services running in docker I'm having no luck...
For example, Bitwarden. I host this in a docker container and share this with family members in this country and one other. The url for accessing the server is something like http://bitwarden.mydomain.com and goes through nginx reverse proxy. So I started by creating a rule to allow access to nginx. Then I tried creating a firewall rule for bitwardens port and allowed access from the 2 countries but no joy. I then tried the same port but from my laptops IP but still no joy. For some reason though Plex seemed to work. It was really sluggish when I created a rule from the two necassary countries, but things improved when I added another rule allowing access from my subnet.
Could someone tell me where I'm going wrong please?
Any advice on securely running a mailserver would be appreciated too. I'm guessing that running it on a seperate machine would be better, or is it best to forget it?
Also, this has made me think that I need to setup a good backup solution. other than having a second, off site nas, is it possible to automatically backup to a remote (family members) pc?
Thanks for any help and advice.
So basically a couple of weeks ago I decided to try setting up mailplus server. It was more tecnical than I was expecting, and to be honest some of it was a bit over my head, but it all seemed good. Since then I've been a bit concerned about the security implications of having a mailserver running on the same box that I keep all my personal data on. Then yesterday I noticed lots of events of failed connections to the mailserver and to the nas, so I deceided to secure things up.
I've stopped the mailserver and closed the related ports in my router.
I've disabled all reverse proxy rules that I don't/shouldn't use ie. nas.mydomain.com and instead i'll just stick to something like Tailscale if I need to remotely access the nas.
also, I decided to turn on synology's internal firewall...
So, I'm inexperienced with firewalls and things aren't going well so far...
I've made sure I haven't locked myself out at the top of the rule list.
I've ended the rule list with a deny all rule.
But, when it comes to rules for all the services running in docker I'm having no luck...
For example, Bitwarden. I host this in a docker container and share this with family members in this country and one other. The url for accessing the server is something like http://bitwarden.mydomain.com and goes through nginx reverse proxy. So I started by creating a rule to allow access to nginx. Then I tried creating a firewall rule for bitwardens port and allowed access from the 2 countries but no joy. I then tried the same port but from my laptops IP but still no joy. For some reason though Plex seemed to work. It was really sluggish when I created a rule from the two necassary countries, but things improved when I added another rule allowing access from my subnet.
Could someone tell me where I'm going wrong please?
Any advice on securely running a mailserver would be appreciated too. I'm guessing that running it on a seperate machine would be better, or is it best to forget it?
Also, this has made me think that I need to setup a good backup solution. other than having a second, off site nas, is it possible to automatically backup to a remote (family members) pc?
Thanks for any help and advice.