[KLUG Members] webmail, firewall
Adam Williams
members@kalamazoolinux.org
Wed, 13 Mar 2002 09:51:20 -0500 (EST)
>I have a private lan behind a firewall. I have a sendmail server sitting
>outside. I run NIS on my private server. I have ssh on all the machines
>and the perimeter firewall around them all blocks everything except ssh to
>the SMTP and inner firewall, and of course SMTP to the sendmail server.
>There are other subnets inside the perimeter firewall and my firewall/SMTP
>server that I don't trust nor control.
>I don't allow logins the SMTP server and I have an IMAP server on my
>private server.
>1) Should I be worried about users checking thier mail using IMAP, arn't
>the passwords sent in the clear?
Yes, they are sent in the clear. The current batch of IMAP servers (both
uw and cyrus) support SSL.
>I can't tell if they keep separate
>passwords for thier email and network accounts.
>Also, higher ups don't like to sshing through the firewall and then to the
>server before logging into the IMAP to check thier mail while traveling.
Weenies! :)
>They would like webmail.
IMP (http://www.horde.org)
>2) What is a good way to deal with this?
Drop SSH as a remote access tool, setup a VPN server. Then they can be
"on the network" from remote. All internal services are magically (albiet
slowly) available thanks to proxy-arp
>put a www and webmail app on the
>SMTP machine? Can I put a 128SSL certificate on the webmail site and feel
>safe?
You could, that would be satisfactory.
>Would the password be encrypted all the way?
Yess if the session in encrypted via SSL.