Allen, We happen to use an actual appliance to do this (we use CISCO's SSL accellerator, which is actually Sonic WALL, but there are several other products on the market that do this too). If you anticipate adding SSL services to other applications within your organization, an appliance makes sense given the high-performance and simple management of the devices. Stunnel is a great alternative if you're looking on the inexpensive side or implementing just for one application. Linux SSL solution will likely give you better performance over Win32.
I'm certain you're aware of this, but I'll state it just to make sure: if running SSL, IMail cannot be the tunnel endpoint if you want a reverse proxy inbetween. I'd recommend Squid over Apache (easy to confgure, easy to load balance / failover using LVS or other linux balancing tools). In this case the proxy would sit between your SSL function (appliance, different box, or same box) and your IMail server, reducing some of the load on IMail by caching many of the pages and images. -ives ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 23, 2003 7:45 AM Subject: Re: [IMail Forum] Reverse proxy server recommendations > > >We are going deploy a IMAIL server using web mail (killer webmail) as it's > >primary interface. Since we plan on making all transaction secure using > >SSL a recommendation to us was to us a reverse proxy server to offload the > >SSL traffic. > > Before giving you a solution, I just want to point out that I haven't heard > of IMail users who found SSL to be a bottleneck on their server (even > though SSL is very CPU-intensive). Web messaging usually is the biggest > CPU hog. So if you haven't done so yet, you may want to make sure that web > messaging will be able to handle your load. > > >Questions: > > > >Have any of you used Microsoft's ISA server to do this? How well does it > >work? Encountered any problems? > > > >What about Linux alternatives? (Squid or Apache) > > Another option that might be worth considering would be to run an SSL > tunnel program ( such as http://www.stunnel.org , which runs on Windows and > is free). Most people that use it with IMail run it on the IMail server, > but it could be run on a separate server for offloading CPU time. > > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
