Re: SSL SMTP Relay in DMZ

To: debian-user@lists.debian.org
Subject: Re: SSL SMTP Relay in DMZ
From: Adam Aube <aaube01@baker.edu>
Date: Mon, 9 Feb 2004 20:32:48 -0500
Message-id: <[🔎] 200402092032.48429.aaube01@baker.edu>
In-reply-to: <[🔎] A5AFB6C8-59A9-11D8-B8AE-000393934006@npc-usa.com>
References: <[🔎] A5AFB6C8-59A9-11D8-B8AE-000393934006@npc-usa.com>

On Saturday 07 February 2004 03:10 pm, Curtis Vaughan wrote:
> I would like to set up a mail server in a DMZ that would accept mail
> only from those clients who have authenticated using SSL.

Do you mean authenticate using username/password over SSL, or authenticate 
using an SSL certificate?

If the former, setup SMTP AUTH to handle the authentication, and if your 
MTA supports TLS, use that to wrap the authentication in SSL. If not, use 
Stunnel.

If the latter, have the MTA only listen on localhost. Setup Stunnel to 
only accept certain certificates, then forward those connection over 
localhost to the listening MTA.

> Given that they have successfully passed that criteria, then this DMZ
> mail server would pass the mail off to an internal mail server for
> further delivery.

Most MTAs support forwarding all mail to another server - just set this up 
for your MTA of choice.

Adam

Reply to:

References:
- SSL SMTP Relay in DMZ
  - From: Curtis Vaughan <curtis@npc-usa.com>

Prev by Date: Re: exiscan-acl and clamav configuration question
Next by Date: Getting Net SNMPD to work for Cricket?
Previous by thread: SSL SMTP Relay in DMZ
Next by thread: i would like to read some root files on a distant debian host
Index(es):
- Date
- Thread