Firewall Wizards mailing list archives
Re: IMAP- how to protect a server?
From: jacob carlson <twitch () ifsec com>
Date: Thu, 3 Jun 1999 09:37:42 -0400
On Jun 01, Aaron D. Turner wrote:
Currently our company uses POP3 for email (yuck) with a box in the DMZ proxying traffic to the internal mailserver through a FW-1 box. Anyways, I'm trying to come up with the best way to deploy an IMAP/SSL server to replace POP3. The thing is that we consider are trying our best to secure the email from would-be unfriendlies, and I'd rather not have the mail folders sitting in the DMZ. And of course, I don't want to punch a hole through the firewall and put the IMAP server on the internal network. NFS between a IMAP server in the DMZ and the mail folder server in the Internal net isn't a good idea either. So what is the 'proper' way of doing this?
I am assuming that you have users that want to be able to get their mail from the Internet, right? If so then unfortunately the best(?) way to accomplish this ridiculousness with fw-1 is via either (a) SecuRemote (which has its own problems I do not want to even address here) or (b) putting the IMAP server in a secured DMZ and allowing IMAP traffic to pass only after authenticating to the firewall (using some non-trivial authentication mechanism, e.g. s/key, SecurID, /etc.). And yes, doing it over SSL is a Good Idea.
Also, can anyone recommend a powerful, secure, compliant IMAP server?
I cannot =). ->me
Current thread:
- IMAP- how to protect a server? Aaron D. Turner (Jun 02)
- Re: IMAP- how to protect a server? jacob carlson (Jun 03)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 03)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 03)
- Re: IMAP- how to protect a server? chuck (Jun 04)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 03)
- <Possible follow-ups>
- Re: IMAP- how to protect a server? Steven M. Bellovin (Jun 04)
- RE: IMAP- how to protect a server? sean . kelly (Jun 14)
- RE: IMAP- how to protect a server? Mayne, Peter (Jun 14)
- Re: IMAP- how to protect a server? Carric Dooley (Jun 14)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 14)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)