At 9:07 AM +0100 11/15/01, Markus Gaugusch wrote:
Ideally what I'd like to do is have an internal address (ie 10.10.1.2) for which all pop and imap requests would be forwarded via secure tunnel to the server.
What's the best way to do this? Tunnel via ssh (that's my first reaction). Stunnel? FreeSwan? stunnel is the easiest way. Just add an entry like pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110 to your inetd.conf and use the SSL feature for POP in outlook (Netscape unfortunately doesn't support SSL :( If you want to use a better mail program than from microsoft (any other) then it should work to connect with stunnel on your side to the stunnel on the other side, but I have never tried that.
Markus PS: if you use a self-signed certificate for stunnel (very likely) then point your browser to https://your.server.net:995/ and install the certificate, so outlook won't complain about it.
Maybe I wasn't being clear. I have a server at a colo. Mail for my domain is now arriving there. At home, I have a private net. I want pop requests from a client on 192.168.1.x to be forwarded via secure tunnel from my Nat host (Suse 7.2) to the colo machine (Suse 7.3). I'm no goot as ascii or I'd draw it. My wife has the good sense to use Macs, and while M$ makes a Mac outlook, she uses Mac OS X's built in mail client, which does not support ssl. I use Eudora on Mac OS X which supports apop but not ssl. I'm not interested in using some funky version of an encrypted protocol. Rather I've always been a big fan of having all traffic encrypted. Free Swan looks overly complex for our needs (now that I loook) so I think I'm looking for a way to tunnel all traffic between my NAT machine and colo machine via SSH, and for my NAT machine to forward pop / imap requests to the colo machine. I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url? Thanks- -mab
-- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--