Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Webmail access
  • From: Daniel Nilsson <dnilsson@xxxxxxxxxx>
  • Date: Sun, 16 Dec 2001 10:24:45 -0500
  • Message-id: <3C1CBCBD.8030804@xxxxxxxxxx>
All,

I have a question regarding running a webmail client. I'm asked
to make our users that have their mail on our internal IMAP
based e-mailserver (Cyrus running on Solaris 8) able to check
their mail through a secure webinterface from outside the
company. Obviously this is a security risk for us and I'd like
to get some input on what your experience is on this matter.

This is what our network currently looks like:

------------------ ------------
| Firewall/Gateway | | Mailserver |
ISP----| SuSE Linux 7.1 |--- Internal LAN---| |
| | (192.168.1.0/24) | Solaris 8 |
------------------ ------------

This is a pretty simple setup, we also have a couple of
external sites for which I run an IPSEC tunnel to using
the gateway. The gateway will also be responsible for
relaying SMTP mail from the outside to the mailserver
which is located on the Internal LAN. The machine running
the mailserver has quite a bit of sensitive information
stored in addition to the e-mail which is served over NFS.

What I was thinking about doing is this:

------------------- ------------
| Firewall/Gateway | | Mailserver |
ISP----| SuSE Linux 7.1 |--- Internal LAN---| |
\ |IP Masq for Int LAN| (192.168.1.0/24) | Solaris 8 |
\ ------------------- ------------
\ | /
SMTP/HTTP | ------- IMAP --------
\ | / SMTP
\ | /
----------------
| DMZ Webserver |
| SMTP gateway |
| SuSE Linux 7.3 |
----------------


So I would allow SMTP and HTTP traffic between external hosts
and the webserver on the DMZ network. IMAP traffic would
only be allowed between the mailserver and the DMZ webserver.
SMTP traffic to the mailserver would only be allowed from the
DMZ host, not directly from the Internet.
I can imagine cases where this would break, but an external
hacker would really have to mess up the DMZ webserver to
be able to attack the NFS exported storage on the mailserver.
Obviously the mail is not going to be better protected then
the users username/password pair.

I have entered HTTP in the pictures but in reality I would
use HTTPS for users entering the password for the mailserver.

The software on the mailserver would be apache with mod_ssl
and the webserver software would be squirrelmail which is
based on php scripts.

Regardning the SMTP software I was planning to use sendmail
though I hear a lot of people recommending postfix instead.
I'm not to concerned about sendmail configuration, I have
resonably succesful being able to have sendmail do what I
ask it to do. I also haven't heard about too many security
flaws in sendmail (recent versions) where an external
attacked could do harm (I would obviously not allow users
to login to the gateway or on the DMZ host). Is it really
worth learning a new SMTP MTA (postfix) for what it brings
that sendmail doesn't have ?

Any input appreciated !

Thanks
Daniel Nilsson



< Previous Next >
This Thread
Follow Ups