Re: Marginally on-topic -- Secure remote email access

Thu, 16 Sep 1999 08:24:32 -0700 

Chris Knox enscribed thusly:
> My company is scattered across North and South America, Europe, Asia, 
> Australia and the Pacific Rim.   We currently use Notes for internal 
> email but the size of the data transfers while databases synch up has 
> caused some very expensive phone calls.  We're getting a lot of pressure
> to open up POP3 and let users connect accross the Internet.  It give me
> heartburn to think of all those passwords being shuttled around in the 
> clear from random ISPs in Sao Paulo, Moscow, London and who knows where
> else.  To make matters worse the users who travel the most are executives
> and sales types who are -uhm- technologically -uhm- challenged.  I.e.
> they are doing well if they can set their clock radio.

        Use ssl encrypted pop3 or imap access.

        M$ Exchange supports it as a server and OutLook, Netscape, and
Internet Explorer all support it on the client side.

        If you are on Unix for the server, you can pick up sslproxy,
swrapper, edssl, or stunnel (check out http://www.openssl.org for more
info) for a wrapper you can park in front of your pop3 or imap server.
I use sslproxy in execed from inetd in front of my unencrypted servers.

        On the Unix client side, I did the ssl patches for fetchmail
which are available from the North American Cryptographic Archives
<http://www.cryptography.org>.  They're in the SSL directory once you've
gotten access to the archive.

        I open up ports 993 and 995 for imaps and pop-3s and then block the
unencrypted ports entirely at my firewall.  I've got Windows clients working
with Unix servers and fetchmail-ssl on Unix works just great against the
Windows based pop-3s and imaps servers.  They actually interoperate without
massive hearburn!

> Ideas or pointers to a more appropriate forum?

> -- 
> Chris Knox                                               [EMAIL PROTECTED]
> Hypercom, Inc.                                               (602) 504-5888
> Unix Systems Support                              Speaking only for myself.

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to