Re: [courier-users] Re: caching in courier-imap

Mon, 25 Nov 2002 06:06:46 -0800 

On Mon, 2002-11-25 at 13:48, Sam Varshavchik wrote:
> Klavs Klavsen writes:
> 
> >> No it's not.  That's what firewalls are for.  Firewall blocks all traffic to 
> >> the web server, except port 80.  Problem solved.
> >> 
> > 
> > exscuse me? so you're saying that if they can only access the webserver
> > (ie. port 80) no one could ever hack the box? if f.ex. one were to use a
> > package like IMP (and the 10 other projects that go along with it) -
> > there's a big chance that there's a security issue with one of them,
> 
> So, you don't use IMAP.  That's what I've been saying all along.

If I use IMAP for my mail clients, and just want to add webmail service
to it (from the internet too), I don't want to have the webmail service
running anywhere but DMZ, and If I f.ex. use exchange for my mail
clients internally, I would usually have that (and it's mail) stored on
an internal server, with only f.ex. postfix in  my dmz to receive and
forward email.

That's a normal setup, that takes security into mind. For this purpose I
can not see any good way of avoiding webmail->Imap - without decreasing
security - by removing one layer between the services I offer and my
internal servers.

> 
> > courier-imap service. So If I were a security minded Admin, I would
> > prefer to allow access to users Email via Imap - as it has the best
> > security record of the options available.
> 
> You're just fooling for yourself if you think that adding this extra step 
> magically solves all your security problems.
> 
If you see my example above, I believe it is clear that it greatly
increases the security with an IMAP server in between, by adding an
extra layer of security.

-- 
Regards,
Klavs Klavsen

--------------| This mail has been sent to you by: |------------
              Klavs Klavsen - Open Source Consultant 
            [EMAIL PROTECTED] - http://www.EnableIT.dk

    Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA 
Fingerprint = 2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62
----------------------------------------------------------------
Open Source Software - Sometimes you get more than you paid for.
                                                 -- unknown



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to