Joe wrote: > George Borisov wrote: >> Andrew Sackville-West wrote: >>> 1. use my smoothwall box as is, portforward IMAP to my server and run >>> with it. potential problems are that my LAN, behind smoothwall, is >>> pretty loosey goosey and I run a pretty good risk of being >>> compromised. especially because i"m running a not-up-to-date sid >>> server (driver issues during install, I could downgrade to testing >>> now and solve that problem.) >> >> This is what I do at the moment. I am running Courier-IMAP on an >> Etch box that I update regularly. My firewall router (not a >> Debian box, unfortunately, as that got killed when the PSU blew >> up) forwards the appropriate port to the server. >> >> An alternative would be to use ssh forwarding, which is really >> easy and cross-platform (SSH into your network and then redirect >> traffic from a local port on the remote client to anywhere on the >> network). I do this for my web-server that I don't want exposed >> to the Net. The only downside is that I get an SSL warning about >> the hostname not matching the one on the certificate (have to >> click OK every time I connect - small price to pay). Much easier >> than setting up a VPN. >> >> The DMZ setup is good, but as you said, it requires more work and >> an extra box. >> >> > > I'd go along with that. I run sshd on a non-standard port, to > avoid the automated attacks, and forward IMAP to the remote > machine. Since it's normally a Windows one, I have puTTY and > my encrypted private key on a USB drive, and configure Outlook > or Outlook Express to talk to my IMAP server as necessary, > deleting the account afterwards. Not 100% safe, but what is? > If you also carry pscp, that comes with puTTY, you have an scp > route into your network for fairly safe file transfer. > > It depends how sophisticated you want to be: you can also > forget IMAP, and use mutt over ssh, or even cat and the > sendmail command if you ssh to the machine hosting the mail. > That really won't leave much of a footprint on the remote > machine, and keylogging won't be much use without a copy of > the encrypted private key.
I like that and it is very simple. :) -adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
