Folks, What's the best way to secure an email server?
What I would like to do is ban the use of passwords altogether. I would like to exchange public keys for authentication.
Currently, I use IMAP with SSL to retreive email (this requires a password that I would like to get rid of).
For sending, I currently use SSH to forward a local port to port 25 on the mail server. The SSH client logs on using public keys. Then, I use TLS to communicate to the local port which is forwarded to the mail server port. This is too many steps, in my opinion.
The fact that the CEO will actually *do* all this because I told him to is a testament to his trust that I try not to have security get in the way (he actually uses Thunderbird, Firefox, and OpenOffice because I recommended that he do so).
Consequently, I would really like to be able to install one or two keys in Thunderbird and have everything "just work".
Any suggestions as to how I do this? -a -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
