On Fri, 15 Oct 2021, p...@mostlybsd.com wrote:
Authentication? The local network only includes servers in the same data
center. Presumably, the local network cannot be accessed from outside the
network controlled by the ISP. I'm already trusting the ISP with the servers
- is it still a bad idea to run an open relay on a private network, even if I
configure pf to only accept connections from the approved private network
servers?
In a similar situation, I run Cjdns on all the servers, and authorize
the specific IPs. Cjdns is an IPv6 mesh VPN where the packets are
authenticated (IP is hash of pubkey and all sessions are TLS under the
covers) and end to end encrypted.
Pros: dirt simple. Doesn't depend on private network, works with
"outside the box" connectivity, e.g. I have servers connected via
BATMAN-adv mesh, config doesn't change when servers are moved around
to different providers/locations. Doesn't require learning how to
configure conventional TLS certs in your MTA.
Cons: lists of authorized IPs are manually maintained. In theory,
this could be automated (refresh list periodically from an authorized
server).
My brother goes the full cert authority route. A trusted CA flags
local MTA certs that are allowed to send mail.
Pros: no lists of IPs to maintain. Doesn't depend on provate network,
Config doesn't change when servers are moved around. Works with
"outside the box" connectivity.
Cons: Certificate infrastructure is complex and difficult for beginners
to grasp and complex to configure.
Encryption? What is the case for encrypting data traversing the private
network? I don't find good answers on this, even in general networking type
considerations.
Both Cjdns and traditional TLS are e2e encrypted.
P.S. I also use Cjdns with opensmtpd for fully decentralized email:
https://fedoramagazine.org/decentralize-common-fedora-apps-cjdns/
