Hello, this question is about hardening email services from brute force attacks.
I'm thinking of deploying a split tunnel WireGuard VPN to access SMTP submission and IMAP services. The SMTP relay service on port 25 would still be on the outside of the VPN tunnel. I'll be using the same WireGuard setup for SSH, so the overhead of adding SMTP and IMAP protocols is negligible. By the way, I'm not running large scale public email services, so VPN key management with a large user base is not going to be an issue. The two main advantages that I can see are: 1. Reduces brute force attacks and avoids spamming email logs. 2. Provides additional layer of security on top of TLS. The disadvantage is the overhead of double encryption, one at the VPN layers and another at the TLS layer. However with modern hardware this should be usable. Can anyone foresee any other disadvantages or issues? And if yes, can you please elaborate of them? ChatGPT thinks it is a sensible approach, but I wanted to check before I start deploying it. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
