Mailinglist Archive: opensuse-security (564 mails)
| < Previous | Next > |
Re: [suse-security] Getting mail via POP from DMZ server
- From: suse@xxxxxxxxx
- Date: Sat, 6 Jan 2001 16:54:23 +0100
- Message-id: <20010106165423.C12326@xxxxxxxxxxxxxxxx>
On 06:01-Jan:35, MaD dUCK wrote:
> also sprach suse@xxxxxxxxx (on Sat, 06 Jan 2001 04:30:06PM +0100):
> > Preparing a new DMZ server I wonder how Email from external, which arrives at the
> > DMZ server is to be treated most secure. Is there a secure possibility to
> > transfer the whole mail to my internal server (fetchmail?) where staff could get it by
> > POP or is POP from internal to DMZ secure enough? Clients run on WinNT.
>
> well, there's APOP, POP with SSL, and regular POP3 as well as IMAP.
> the last two transmit clear text passwords. the first two aren't free
> to implement as far as i know. i don't have experience with the first
> two, but what i do (linux clients) is to tunnel a POP3 channel via
> SSH2 port forwarding. if you find a way to forward something like port
> 11000 on the NT boxes to 110 of the mail server with SSH, then your
> problem would be solved. or you may want to consider VPN internally.
>
> martin
>
> [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net
> --
> qvid me anxivs svm?
thanks first.
actually my thoughts trouble more about having the Email of the company
lying "around" on the DMZ server. Wouldn't it be just better to get it away
into the internal net as soon as possible?
Secondly to get the Email by POP I have to have the user accounts on the
machine, including the pop password which is the default unix password on
that machine.
Being able to forward the received mail immediately to my internal server
in a secure way I could get rid of that possible problem. Users could then
get the mail from the internal server.
Of course I want to keep my receiving sendmail on the DMZ.
rainer
--
> also sprach suse@xxxxxxxxx (on Sat, 06 Jan 2001 04:30:06PM +0100):
> > Preparing a new DMZ server I wonder how Email from external, which arrives at the
> > DMZ server is to be treated most secure. Is there a secure possibility to
> > transfer the whole mail to my internal server (fetchmail?) where staff could get it by
> > POP or is POP from internal to DMZ secure enough? Clients run on WinNT.
>
> well, there's APOP, POP with SSL, and regular POP3 as well as IMAP.
> the last two transmit clear text passwords. the first two aren't free
> to implement as far as i know. i don't have experience with the first
> two, but what i do (linux clients) is to tunnel a POP3 channel via
> SSH2 port forwarding. if you find a way to forward something like port
> 11000 on the NT boxes to 110 of the mail server with SSH, then your
> problem would be solved. or you may want to consider VPN internally.
>
> martin
>
> [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net
> --
> qvid me anxivs svm?
thanks first.
actually my thoughts trouble more about having the Email of the company
lying "around" on the DMZ server. Wouldn't it be just better to get it away
into the internal net as soon as possible?
Secondly to get the Email by POP I have to have the user accounts on the
machine, including the pop password which is the default unix password on
that machine.
Being able to forward the received mail immediately to my internal server
in a secure way I could get rid of that possible problem. Users could then
get the mail from the internal server.
Of course I want to keep my receiving sendmail on the DMZ.
rainer
--
| < Previous | Next > |