Sad Clouds via Postfix-users <[email protected]> wrote on 2026-04-22 at 08:38:02:
> I'm thinking of deploying a split tunnel WireGuard VPN to access SMTP > submission and IMAP services. The SMTP relay service on port 25 would > still be on the outside of the VPN tunnel. I'll be using the same > WireGuard setup for SSH, so the overhead of adding SMTP and IMAP > protocols is negligible. > > By the way, I'm not running large scale public email services, so VPN > key management with a large user base is not going to be an issue. > > The two main advantages that I can see are: > 1. Reduces brute force attacks and avoids spamming email logs. > 2. Provides additional layer of security on top of TLS. > > The disadvantage is the overhead of double encryption, one at the VPN > layers and another at the TLS layer. However with modern hardware this > should be usable. I'd expect this to be usable, too. On one server, where I'm the only user, I access the SMTP submission port and the POP3 port over SSH and when the client is in an untrustworthy network I usually connect to the SSH port through Tor. When using Tor this adds noticeable delays but without Tor it usually doesn't, despite my hardware not being modern. For various reasons I don't use IMAP. Fabian _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
