I am getting ready to install Email Server III in my office. I would like to put it behind my firewall but I was wondering which ports I should forward to make this work I already am going to forward ports 25, 80, 110, 143. Is there anything I need to forward for ldap to work, or does skyrix work on any other ports I need to know about.
* Michael Garabedian (mikejr@emergyscorp.com) [020401 08:34]:
I already am going to forward ports 25, 80, 110, 143. Is there anything I need to forward for ldap to work, or does skyrix work on any other ports I need to know about.
LDAP definitely shouldn't be accessible outside of the firewall (or pop3 or imap unless it's done over ssl). -- -ckm
You should ONLY forward 443 (HTTPS) and 25 unless you plan to expose
yourself (or systems rather) the POP/IMAP access should all be done
internal, make the external user access with Webmail over SSL, or another
way is to SSH into the LAN and portforward thier local IMAP/POP ports to the
SuSE Server. You can do this with standard SSH on Unix or the New Putty
Windows Clients will work too. This last case is good for home users or
traveling folks. Another idea, option 3 is to only do SSH and use PINE or
MUTT to access the server, point is you should never do IMAP/POP access for
anything ouside the LAN.
Oh, LDAP will portforward too, do not expose that either.
Regards,
Jon
----- Original Message -----
From: "Michael Garabedian"
I am getting ready to install Email Server III in my office.
I would like to put it behind my firewall but I was wondering which ports I should forward to make this work
I already am going to forward ports 25, 80, 110, 143. Is there anything I need to forward for ldap to work, or does skyrix work on any other ports I need to know about.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
Why you do not like SSL? It provides a similar level of encryption and it is supported by most current email clients. - Alexey.
You should ONLY forward 443 (HTTPS) and 25 unless you plan to expose yourself (or systems rather) the POP/IMAP access should all be done internal, make the external user access with Webmail over SSL, or another way is to SSH into the LAN and portforward thier local IMAP/POP ports to the SuSE Server. You can do this with standard SSH on Unix or the New Putty Windows Clients will work too. This last case is good for home users or traveling folks. Another idea, option 3 is to only do SSH and use PINE or MUTT to access the server, point is you should never do IMAP/POP access for anything ouside the LAN.
Oh, LDAP will portforward too, do not expose that either.
Regards,
Jon
-- { http://trelony.cjb.net/ } Alexey N. Solofnenko { http://www.inventigo.com/ } Inventigo LLC Pleasant Hill, CA (GMT-8 usually)
* Alexey Solofnenko (alexeys@inventigo.com) [020401 15:41]:
Why you do not like SSL? It provides a similar level of encryption and it is supported by most current email clients.
It's not about encryption, it's about restricting access to the ports. pop and imap daemons have pretty poor security histories. -- -ckm
If only IMAPS and POP3S ports are exposed, then the situation will be equal to SSH (but much simpler for users). Do you belive that Cyrus has more buffer overruns than SSH? - Alexey.
It's not about encryption, it's about restricting access to the ports. pop and imap daemons have pretty poor security histories.
--
-ckm
-- { http://trelony.cjb.net/ } Alexey N. Solofnenko { http://www.inventigo.com/ } Inventigo LLC Pleasant Hill, CA (GMT-8 usually)
* Alexey Solofnenko (alexeys@inventigo.com) [020401 15:57]:
If only IMAPS and POP3S ports are exposed, then the situation will be equal to SSH (but much simpler for users).
ssh with passwds, maybe.
Do you belive that Cyrus has more buffer overruns than SSH?
I don't know, but I wouldn't allow ssh access from anywhere either. -- -ckm
participants (4)
-
Alexey Solofnenko
-
Christopher Mahmood
-
Jon
-
Michael Garabedian