[NTLUG:Discuss] secure pop/imap/smtp access

Jay Urish j at unixwolf.net
Mon Mar 31 10:22:35 CST 2003 

At 09:37 AM 3/31/2003 -0600, you wrote:
>On Sun, 30 Mar 2003 21:02:03 -0600, Jay Urish wrote:
>
> >   Hey Gang,
> > I have just encountered a problem that I need some direction with.
> >
> > I give some people access to my box to host their domains. Up until a few
> > days ago everyone had a static ip address so I could protect my daemons
> > with iptables. Now all of a sudden everybody has gone dynamic.
> >
> > I have done some preliminary research and I have some ideas BUT I am
> > looking for some real world experiences.
> >
> > Here are some of the things I saw:
> > 1. Maybe wrap pop3 with stunnel
> > 2. vpn to the box?
> >
> >
> > I guess my questions are:
> > 1. What is the easiest solution?
> >
> > At this moment I am thinking that I should implement a VPN firewall
> > appliance and go though that to a second ethernet card. It would 
> definately
> > be the easiest solution.
>
>What are you trying to do exactly?


I would like to have it so that smtp/pop3/imap could be exposed to the 
world without fear of exploits/hrmful use etc.


>Provid mail service only ( pop, imap, smtp, etc )
>or do you want 'your people' to have secure access to everything
>running on your box ( web, telnet, ssh, ftp, etc )
>... seems like a VPN to allow mail access is overkill.
>
>Also.. are you worried about passwords being sent in the clear
>and email being viewied in the clear, or are you just trying
>to limit who can access these services?

Both actually.



>You could use a web mail interface ( lime squirrelmail (sp?)) and
>use https to handle all of your passwords and encryption. Squirrelmail
>works fairly well.


I have that already but some of these folks want to use outlook <shudder> 
or whatever to get the mail.


>If need to limit who can send mail via your SMTP server and don't want
>to run an open gateway, you can set up SMTPAUTH and require a userid/
>password to send mail.
>
>Once you set up SMTPAuth, then your half way to setting up SSL wrappers
>for pop and imap.

Ok, this is what I want to do. Let me see if I can find some how-to's on my 
own.



>I've got SMTPATUH, SSL wrappers, etc all set up with Postfix (smtp )
>and Cyrus ( Imap and pop ) and squirrelmail and https set up on my
>testbox. It can be done... just takes a bit of work.
>
>The easist/quickest way to go is https and a web based mail interface.
>
>jack
>
>
>
>
>
>
>
>
>
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list