Hi to all. I would like to implement a secure Mail server. This is an internal mail server and belongs to the network behind the external firewall. I also would like to have a system which permits external users to connect to the internal mail server in order to fetch their internal mail or to send their mail througth this server (POP with SSL and SMTP). The only way i see to have external connection is to add a rule to my firewall teling it to redirect all POP and SMTP traffic to this internal server. Is there a more secure way to do this? Is it secure to implement this scheme? I think this way my internal mail is exposed to the world, but i don't see other solution to do what i pretend.... Any suggestion ? Thanks in advance, P.S : sorry about my english João Reis ==========================================================
Heya, On Tue, 30 Sep 2003, João Reis wrote: [...]
The only way i see to have external connection is to add a rule to my firewall teling it to redirect all POP and SMTP traffic to this internal server.
Is there a more secure way to do this? Is it secure to implement this scheme?
Yes, there is. Use an additional proxy for this. Have a look to the "rinetd" package. [...] Best regards, Thomas -- -o) visit me at /\\ www.schweigisito.de _\_v
On Tue, 30 Sep 2003, Thomas Schweiger wrote:
Heya,
On Tue, 30 Sep 2003, João Reis wrote:
[...]
The only way i see to have external connection is to add a rule to my firewall teling it to redirect all POP and SMTP traffic to this internal server.
Is there a more secure way to do this? Is it secure to implement this scheme?
Yes, there is. Use an additional proxy for this. Have a look to the "rinetd" package.
and have a look at the Allow Deny options of rinetd, use if possible. -- BINGO: Very funny, Scotty. Now beam down my clothes. --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+
* engelbert.gruber@ssg.co.at wrote on Wed, Oct 01, 2003 at 08:57 +0200:
On Tue, 30 Sep 2003, Thomas Schweiger wrote:
On Tue, 30 Sep 2003, João Reis wrote: [...]
The only way i see to have external connection is to add a rule to my firewall teling it to redirect all POP and SMTP traffic to this internal server.
Is there a more secure way to do this? Is it secure to implement this scheme?
Yes, there is. Use an additional proxy for this. Have a look to the "rinetd" package.
and have a look at the Allow Deny options of rinetd, use if possible.
Why is this more secure than a packet-level port forwarder? I could imagine to use IPSec VPN; the clients could link into the internal LAN securely and work as if there were local. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (4)
-
engelbert.gruber@ssg.co.at -
João Reis -
Steffen Dettmer -
Thomas Schweiger