David Touzeau put forth on 10/23/2010 3:20 PM: > Yes i heard about VPN but in some cases in a big environnement you > cannot play with networks and firewalls as you like. > And there is a lot of remote sites to discuss, create VPN trought all > theses remote sites is to complicated to maintain. > > yes i need to find a plugin like djigzo but djigzo is too heavy product > (postgrey, web server... ) that requires too much components to > implement
You want a solution to your technical requirement. Many have been recommended that will meet your goals. However, you find them all too difficult or complex or painful to implement for reasons x,y,z. You're going to have to pick one, and none of them are going to be particularly "easy" or pain free to implement, not if you're talking about dozens or hundreds of remote sites. Did you think this encryption project would be easy? Just change one setting in main.cf on each server and be done? Heheh. Reality checks suck. I'm really curious about something. Your superiors are fearful of wiretapping/eavesdropping of your SMTP session packets as they flow across a public network, the internet. By the same token, aren't they worried about all other manner of documents being transmitted to remote offices via SMB/CIFS, FTP, HTTP? Or is your company one of those that sends _everything_ as email attachments, sorta like most Lotus Notes shops? ;) And, lastly, how is your environment this "big", as you say, in 2010, with so many remote sites, and you've never implemented a VPN? And if SMTP encryption is so important to your superiors, how do you not have "buy in" from the networking group? In fact, if this encryption is so crucial to management, why didn't they simply go to the networking group and tell them to build a VPN? We can't properly help you if we don't have the full story, or, at least, a significant portion of it. A tyrannical government isn't the reason for wanting this encryption is it? -- Stan > Le samedi 23 octobre 2010 à 11:00 -0500, Stan Hoeppner a écrit : > >> David Touzeau put forth on 10/23/2010 7:30 AM: >>> Yes it for a company between remote sites trough internet that need to >>> be sure that documents cannot be opened. >>> i know pgp but there no informations how we can hook postfix or there is >>> not such filter that should perform this operation. >> >> Why don't you simply setup a VPN tunnel between the sites? This is >> exactly the scenario for which VPN technology was created: >> >> http://en.wikipedia.org/wiki/Virtual_private_network >> >> The two routers currently in place may already have VPN capability that >> you can simply configure in a few minutes. If not, setup a couple of >> Linux VPN gateways, one at each site. After that, simply create a host >> file entry on each SMTP server with the FQDN of the other and its >> RFC1918 address, so each sends SMTP to the other over the encrypted VPN >> tunnel. >> >> VPN is not new--been around for 10 years or so, and they are _widely_ >> used. Have you never heard of a VPN? >> > > >
