[NTLUG:Discuss] secure pop/imap/smtp access

[MadHat]

On Sun, 2003-03-30 at 21:02, Jay Urish wrote:
>   Hey Gang,
> I have just encountered a problem that I need some direction with.
> 
> I give some people access to my box to host their domains. Up until a few 
> days ago everyone had a static ip address so I could protect my daemons 
> with iptables. Now all of a sudden everybody has gone dynamic.
> 
> I have done some preliminary research and I have some ideas BUT I am 
> looking for some real world experiences.
> 
> Here are some of the things I saw:
> 1. Maybe wrap pop3 with stunnel
> 2. vpn to the box?
> 
> 
> I guess my questions are:
> 1. What is the easiest solution?
> 
> At this moment I am thinking that I should implement a VPN firewall 
> appliance and go though that to a second ethernet card. It would definately 
> be the easiest solution.
> 

Easiest is an SSH tunnel, even if they are running windows, but harder
for some windows users to understand how to set it up.

I do all my POP over SSL only, no, non SSL connections allowed.  It was
pretty easy to setup, but remember not all clients support it and some
try, but barf regularly.  I use evolution and have no problems.  My
girfriend uses Eudora and has no issues.  I have one 'friend' that use
OutLook and it works fine.  I have had trouble setting up Mozilla nd
Netscape, where they just won't except the ssl Cert, not sure why.  And
of course any mailer on a *nix box can also use stunnel as a client
locally and use any mailer checking mail locally.

-- 
MadHat at Unspecific.com
`But I don't want to go among mad people,' Alice remarked.
`Oh, you can't help that,' said the Cat: `we're all mad here...'
   -- Lewis Carroll - _Alice's_Adventures_in_Wonderland_