Re: firewalling, imap, DMZ's etc.

To: debian-user@lists.debian.org
Subject: Re: firewalling, imap, DMZ's etc.
From: Adam D <emlists@gmail.com>
Date: Wed, 18 Oct 2006 11:51:01 -0700
Message-id: <[🔎] 45367795.7090308@gmail.com>
Reply-to: emlists@gmail.com
In-reply-to: <[🔎] eh4vjm$h8u$1$8300dec7@news.demon.co.uk>
References: <[🔎] 20061017221746.GE5226@localhost.localdomain> <[🔎] 4535EA72.5070206@dxsolutions.co.uk> <[🔎] eh4vjm$h8u$1$8300dec7@news.demon.co.uk>

Joe wrote:
> George Borisov wrote:
>> Andrew Sackville-West wrote:
>>> 1. use my smoothwall box as is, portforward IMAP to my server and run
>>>    with it. potential problems are that my LAN, behind smoothwall, is
>>>    pretty loosey goosey and I run a pretty good risk of being
>>>    compromised. especially because i"m running a not-up-to-date sid
>>>    server (driver issues during install, I could downgrade to testing
>>>    now and solve that problem.)
>>
>> This is what I do at the moment. I am running Courier-IMAP on an
>> Etch box that I update regularly. My firewall router (not a
>> Debian box, unfortunately, as that got killed when the PSU blew
>> up) forwards the appropriate port to the server.
>>
>> An alternative would be to use ssh forwarding, which is really
>> easy and cross-platform (SSH into your network and then redirect
>> traffic from a local port on the remote client to anywhere on the
>> network). I do this for my web-server that I don't want exposed
>> to the Net. The only downside is that I get an SSL warning about
>> the hostname not matching the one on the certificate (have to
>> click OK every time I connect - small price to pay). Much easier
>> than setting up a VPN.
>>
>> The DMZ setup is good, but as you said, it requires more work and
>> an extra box.
>>
>>
> 
> I'd go along with that. I run sshd on a non-standard port, to
> avoid the automated attacks, and forward IMAP to the remote
> machine. Since it's normally a Windows one, I have puTTY and
> my encrypted private key on a USB drive, and configure Outlook
> or Outlook Express to talk to my IMAP server as necessary,
> deleting the account afterwards. Not 100% safe, but what is?
> If you also carry pscp, that comes with puTTY, you have an scp
> route into your network for fairly safe file transfer.
> 
> It depends how sophisticated you want to be: you can also
> forget IMAP, and use mutt over ssh, or even cat and the
> sendmail command if you ssh to the machine hosting the mail.
> That really won't leave much of a footprint on the remote
> machine, and keylogging won't be much use without a copy of
> the encrypted private key.

I like that and it is very simple. :)

-adam

Reply to:

References:
- firewalling, imap, DMZ's etc.
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: firewalling, imap, DMZ's etc.
  - From: George Borisov <george@dxsolutions.co.uk>
- Re: firewalling, imap, DMZ's etc.
  - From: Joe <joe@jretrading.com>

Prev by Date: Re: how to install ali web cam .
Next by Date: Re: Keyboard Shortcuts in Gnome
Previous by thread: Re: firewalling, imap, DMZ's etc.
Next by thread: Starting iptables
Index(es):
- Date
- Thread