|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: adding fetchmail to the mix?
From: Wietse Venema (wietse
porcupine.org)
Date: Fri Oct 14 2005 - 08:54:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert Felber:
> On Fri, Oct 14, 2005 at 08:32:33AM -0500, S. Highlander wrote:
> > good afternoon all,
> >
> > question: i am wondering if my mail system would be a little more secure if
> > instead of forwarding mail from my gateway machine to my internal mail
> > server, i used a program like fetchmail on the internal mail server to pick
> > up mail from the gateway machine.
> >
> > i have an email gateway, named dmz, and an intranet mail server, named
> > internal, set up as described below. i set up both servers using
> > instructions from the following document:
> > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall .
>
> Why should a cleartext protocol (POP) be more secure than the option of
> forwarding mail from the gateway to internal vial SMTP TLS/SSL? Unless there
> are POP TLS/SSL implementations.
The difference is between pulling mail from inside (fetchmail), or
pushing mail from outside (smtp). Pulling is safer because one does
not have to allow inbound connections.
Until the ATRN support is completed (a design exists) or some other
delivery method is added, Postfix will support push mode delivery
only.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]