|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: adding fetchmail to the mix?
From: Robert Felber (r.felber
ek-muc.de)
Date: Fri Oct 14 2005 - 09:08:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Oct 14, 2005 at 09:54:38AM -0400, Wietse Venema wrote:
> > Why should a cleartext protocol (POP) be more secure than the option of
> > forwarding mail from the gateway to internal vial SMTP TLS/SSL? Unless there
> > are POP TLS/SSL implementations.
>
> The difference is between pulling mail from inside (fetchmail), or
> pushing mail from outside (smtp). Pulling is safer because one does
> not have to allow inbound connections.
>
> Until the ATRN support is completed (a design exists) or some other
> delivery method is added, Postfix will support push mode delivery
> only.
Hm, haven't seen this from that point. In that case one could write via sh
a hack^Wworkaround:
LAN SMTP: 1. all ports closed
2. open random port for gateway - make postfix instance listen to
that port
3. send ssl'ed a command to the gateway, announcing the port, too
Gateway: flush the queue
but I suppose, setting up an SSLed POP would be less work.
But then the pop daemon and client (2 more programs) must be secure in terms
of bufferoverflows, formatstring-bugs, etc pp.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]