Andrew Sackville-West wrote: > > 1. use my smoothwall box as is, portforward IMAP to my server and run > with it. potential problems are that my LAN, behind smoothwall, is > pretty loosey goosey and I run a pretty good risk of being > compromised. especially because i"m running a not-up-to-date sid > server (driver issues during install, I could downgrade to testing > now and solve that problem.) This is what I do at the moment. I am running Courier-IMAP on an Etch box that I update regularly. My firewall router (not a Debian box, unfortunately, as that got killed when the PSU blew up) forwards the appropriate port to the server. An alternative would be to use ssh forwarding, which is really easy and cross-platform (SSH into your network and then redirect traffic from a local port on the remote client to anywhere on the network). I do this for my web-server that I don't want exposed to the Net. The only downside is that I get an SSL warning about the hostname not matching the one on the certificate (have to click OK every time I connect - small price to pay). Much easier than setting up a VPN. The DMZ setup is good, but as you said, it requires more work and an extra box. Hope this helps, -- George Borisov DXSolutions Ltd
Attachment:
signature.asc
Description: OpenPGP digital signature