[KLUG Members] webmail, firewall

John Pesce members@kalamazoolinux.org
Wed, 13 Mar 2002 09:30:47 -0500 (EST)

Previous message: [KLUG Members] cd burning setup
Next message: [KLUG Members] webmail, firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,


I have a private lan behind a firewall. I have a sendmail server sitting
outside. I run NIS on my private server. I have ssh on all the machines
and the perimeter firewall around them all blocks everything except ssh to
the SMTP and inner firewall, and of course SMTP to the sendmail server.

There are other subnets inside the perimeter firewall and my firewall/SMTP
server that I don't trust nor control.

I don't allow logins the SMTP server and I have an IMAP server on my
private server.

1) Should I be worried about users checking thier mail using IMAP, arn't
the passwords sent in the clear? I can't tell if they keep separate
passwords for thier email and network accounts.


Also, higher ups don't like to sshing through the firewall and then to the
server before logging into the IMAP to check thier mail while traveling.
They would like webmail.

2) What is a good way to deal with this? put a www and webmail app on the
SMTP machine? Can I put a 128SSL certificate on the webmail site and feel
safe? Would the password be encrypted all the way?

Thanks

Previous message: [KLUG Members] cd burning setup
Next message: [KLUG Members] webmail, firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]