There is only one way to read messages, and it consists of getting them
from the
server that stores them.
You may jump as high as you can, run fast around the place, but there's nothing
to do about it. Reasearch in the quantic area has not yet provided methods
of storing
the same message in many places at thesame time, in such a way that when
you read
the message, it is deleted from all the location...
There are two systems:
- have a single mail addressing scheme, and thus have one mail server
(you can have relays to route messages, filter content, secure the server ...
but that's another story) that is accessed both from the inside and from
the outside
- provide an internal and an external addressing schemes. This introduces
many problems,
since a user should use his external address to sendmail to an external
entity, and the iternal
one to send internal messages. but then what to do to send the same message
to an exeternal
and an internal user... I let imagine all the problems...
so let's assume you have a single mail server that is accessed both from
the inside and the outside
(as I said above, you may have relays, so it would appear that you have
many servers).
then you can let your users acess email from the outside using pop (In my
opinion, imap is not adequate in
this situation). The problem is that
- weak authentication is weak. so, if you have a strong authentication
mechanism, you're ok. otherwise,
pray.
- messages are transferred in the clear. This may be a problem for messages
containing proprietary informations.
You may be happy with this solution. After all, many people have mailboxes
on public mail servers.
but if you really don't feel it, you'll have to go for an encryption based
transfer, such as ssl/tls, ssh, ipsec,...
regards,
mouss
At 07:08 30/08/00 +1000, John G Taylor wrote:
> It was mentioned earlier that someone was contemplating using
>something like MIMESweeper in the DMZ. To me this is a great idea. Utilise
>the MIMESweeper to scann, reject etc e-mails in the DMZ. The routing table
>is to this server first so any would be intruder has another box to contend
>with plus if a dangerous e-mail is received it can be stopped at the
>MIMESweeper server. The FW rules only allow IP connections between the mail
>server and the MIMESweeper server via internal addressing. This doesn't
>handle the remote users issue but by setting up a RAS server (adding PPTP or
>other form of encrypted tunnel) an LMHOST file should let them access their
>mail.
>
> John Taylor
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
