11 messages in net.sourceforge.lists.courier-imapRe: [Courier-imap] Courier Imap Proxy...| From | Sent On | Attachments |
|---|---|---|
| Richard Scobie | Sep 27, 2005 3:08 pm | |
| Eduardo Kienetz | Sep 27, 2005 3:23 pm | |
| Jay Lee | Sep 27, 2005 3:23 pm | |
| Sam Varshavchik | Sep 27, 2005 3:33 pm | |
| Richard Scobie | Sep 27, 2005 4:04 pm | |
| Richard Scobie | Sep 27, 2005 4:27 pm | |
| vgri...@hotmail.com | Sep 27, 2005 4:36 pm | |
| Richard Scobie | Sep 27, 2005 5:07 pm | |
| Richard Scobie | Sep 28, 2005 4:25 pm | |
| Sam Varshavchik | Sep 28, 2005 5:19 pm | |
| Richard Scobie | Sep 28, 2005 5:45 pm |
| Subject: | Re: [Courier-imap] Courier Imap Proxy setup | |
|---|---|---|
| From: | vgri...@hotmail.com (vgri...@hotmail.com) | |
| Date: | Sep 27, 2005 4:36:21 pm | |
| List: | net.sourceforge.lists.courier-imap | |
Jay Lee wrote:
I'm not sure why you need a proxy on this. The proxy is meant for large installations in order to load balance users across multiple servers while keeping the appearance of a single host server. Open port 993 directly to the server and you should be good to go. Security-wise it's pretty much the same to. Adding the proxy is going to add a layer of complexity bound to add up to headaches in the future.
If I port forward and the machine is compromised, my company email and the internal network are gone.
By proxying, I have at least slowed this process down and I already have the DMZ machine forwarding SMTP and running a webmail frontend.
Richard
this doesn't make sense to me - if you just port forward port 993 (imaps) to inside server (with something like, what's it called - netcat?) - how would compromising DMZ machine lead to exposed internal network? End-point still need to negotiate SSL. You can't just sniff traffic - it's encrypted. Intruder will have to do full "man-in-the-middle" bit, complete with SSL intercepting. Just to sniff passwords. And isn't that much easier to do if SSL-capable IMAP server already installed in DMZ server?
- vadim