3 Mar
2010
3 Mar
'10
12:53 a.m.
I have a half a dozen users who want to use IMAP to read e-mail off of the local
server. I'm reluctant to expose the mail server to the net for obvious reasons
and I'm looking for a proxy I can use to improve security just a little bit.
All I need is SSL for the input to the proxy. It would be nice if I could use
one password for the proxy and another password for the user's account. It would
also be nice if I could use SSL between the proxy and the IMAP server.
It looks like perdition can fill some of my needs but I just wanted a
confirmation make sure my reading skills were up to snuff
SSL_mode looks like it contains everything a need for inbound and outbound SSL
outgoing_server lets me specify the target server if I don't have a database of
users. I assume this means that the user password coming in is the same used by
the IMAP server itself.
that looks like it should cover what I need if I'm interpreting things correctly.
--- eric
3 Mar
3 Mar
1:17 a.m.
On Tue, Mar 02, 2010 at 07:53:55PM -0500, Eric S. Johansson wrote:
I have a half a dozen users who want to use IMAP to
read e-mail off of
the local server. I'm reluctant to expose the mail server to the net for
obvious reasons and I'm looking for a proxy I can use to improve security
just a little bit.
All I need is SSL for the input to the proxy. It would be nice if I could
use one password for the proxy and another password for the user's
account. It would also be nice if I could use SSL between the proxy and
the IMAP server.
It looks like perdition can fill some of my needs but I just wanted a
confirmation make sure my reading skills were up to snuff
SSL_mode looks like it contains everything a need for inbound and
outbound SSL
outgoing_server lets me specify the target server if I don't have a
database of users. I assume this means that the user password coming in
is the same used by the IMAP server itself.
that looks like it should cover what I need if I'm interpreting things
correctly.
Hi Eric,
perdition has all of the features that you mention, except
being able to use a different password on the proxy and the real-server.
This feature would be possible to add if you really need it. You
are correct in assuming that as thing stands perdition just passes
the password read from the end-user on to the real-server.
1:24 a.m.
Main thing is you can advertise a single point for checking email
and abstract everything behind that. If you decided to switch to a
different mail backend you just change where the proxy points
them no need to communicate with users about changing their
mail server blah blah blah.
Your case sounds pretty simple.
We redirect our incoming IMAP to the SSL port on the backend.
So inbound IMAP (143) + TLS -> backend (993) SSL.
Actually we run all of POP, POPS, IMAP, IMAPS.
We use a separate config file for the daemon that
runs on each port so we can turn on debug & verbose
modes JUST for 1 of the 4 ports if we need to debug.
I don't know what you mean to say about the passwords.
Ordinarily speaking Perdition is an application proxy. It acts
as the traffic cop directing your session and doesn't itself
do authentication I think. Been a while since I configured it
our Perdition "just works" for many years now.
It's pretty lightweight and could run in a VM for
just a handful of users like your case.
Eric S. Johansson wrote:
I have a half a dozen users who want to use IMAP to
read e-mail off of the local
server. I'm reluctant to expose the mail server to the net for obvious reasons
and I'm looking for a proxy I can use to improve security just a little bit.
All I need is SSL for the input to the proxy. It would be nice if I could use
one password for the proxy and another password for the user's account. It would
also be nice if I could use SSL between the proxy and the IMAP server.
It looks like perdition can fill some of my needs but I just wanted a
confirmation make sure my reading skills were up to snuff
SSL_mode looks like it contains everything a need for inbound and outbound SSL
outgoing_server lets me specify the target server if I don't have a database of
users. I assume this means that the user password coming in is the same used by
the IMAP server itself.
that looks like it should cover what I need if I'm interpreting things correctly.
--- eric
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
4:26 p.m.
Main thing is you can advertise a single point for
checking email
and abstract everything behind that. If you decided to switch to a
different mail backend you just change where the proxy points
them no need to communicate with users about changing their
mail server blah blah blah.
Your case sounds pretty simple.
We redirect our incoming IMAP to the SSL port on the backend.
So inbound IMAP (143) + TLS -> backend (993) SSL.
Actually we run all of POP, POPS, IMAP, IMAPS.
We use a separate config file for the daemon that
runs on each port so we can turn on debug & verbose
modes JUST for 1 of the 4 ports if we need to debug.
I don't know what you mean to say about the passwords.
Ordinarily speaking Perdition is an application proxy. It acts
as the traffic cop directing your session and doesn't itself
do authentication I think. Been a while since I configured it
our Perdition "just works" for many years now.
It's pretty lightweight and could run in a VM for
just a handful of users like your case.
[stuff deleted]
Very lightweight! We have 4 *virtual* perdition systems in DNS round-robin
servicing thousands of users.
We were running perdition on dedicated hardware for over 7 years; last
year we went virtual. Still runs slick.
--
scott hollatz net shollatz(a)d.UMn.eDu
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
--
"Asn aD ta zlAp em uT zt33rg"
5179
days inactive
5179
days old
3 comments
4 participants
participants (4)
-
Eric S. Johansson -
scott hollatz -
Simon Horman -
Vincent Fox