On 06:01-Jan:35, MaD dUCK wrote:
also sprach suse@diplan.de (on Sat, 06 Jan 2001 04:30:06PM +0100):
Preparing a new DMZ server I wonder how Email from external, which arrives at the DMZ server is to be treated most secure. Is there a secure possibility to transfer the whole mail to my internal server (fetchmail?) where staff could get it by POP or is POP from internal to DMZ secure enough? Clients run on WinNT.
well, there's APOP, POP with SSL, and regular POP3 as well as IMAP. the last two transmit clear text passwords. the first two aren't free to implement as far as i know. i don't have experience with the first two, but what i do (linux clients) is to tunnel a POP3 channel via SSH2 port forwarding. if you find a way to forward something like port 11000 on the NT boxes to 110 of the mail server with SSH, then your problem would be solved. or you may want to consider VPN internally.
martin
[greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- qvid me anxivs svm?
thanks first. actually my thoughts trouble more about having the Email of the company lying "around" on the DMZ server. Wouldn't it be just better to get it away into the internal net as soon as possible? Secondly to get the Email by POP I have to have the user accounts on the machine, including the pop password which is the default unix password on that machine. Being able to forward the received mail immediately to my internal server in a secure way I could get rid of that possible problem. Users could then get the mail from the internal server. Of course I want to keep my receiving sendmail on the DMZ. rainer --