On Thu, 2003-02-27 at 11:20, Clifton Royston wrote: > On Thu, Feb 27, 2003 at 09:08:48AM -0700, scott wrote: > ... > > > I think you need an actual proxy server for what you want to do, and > > > presumably one which does a lot of data checking against buffer > > > overflows, etc. if you want it to protect the security of the Exchange > > > server. > > > -- Clifton > > > > Well, OK, so I need an "actual proxy server". Pardon my OT request > > here, but (before I head off into the sunset with my little dilemma...) > > I don't know of any such beast. Can anyone name some POP/IMAP proxy > > servers? > > IMAP, yes - Perdition seems to be pretty well respected. > > POP, not offhand. Sorry. > > You can readily use software that is not so much a proxy server as a > generic tunnel server, like Peter da Silva's plugdaemon, for instance. > That would just plug in and "plumb" a POP tunnel from the DMZ machine > through to your internal machine. However, this would not seem to me > to add any security; it will happily pass through buffer overflow > exploits and whatever is coming in on the input stream. > > <http://www.taronga.com/plugdaemon/> > > If you can't find something that actually understands the POP > protocol and does bounds-checking on commands and parameters you > probably haven't added any security over just punching a hole. Though > you might add a little flexibility in terms of being able to move > around your internal network later without affecting what's visible. I THINK Perdition just pipes you through to your destination mail server, though. Perhaps kind of like what you describe with plugdaemon. No true proxying. But I want my clients to pick up their mail from the proxy, and be UNABLE to directly attach to the true backend mail server.
Thanks very much, Scott P.S. Doesn't the Specialist's hat bite? :)
