Hi, I am sorry if it was discussed before but I post this question because I found no answer in the DOCS, FAQ, and mailing list archive. I run a freeBSD system where security is highest priority. Normal users reach the machine only through SSLProxy channels for WWW and POP access. The users access the Internet using their various ISPs where they have dynamic IP numbers. They are authenticated by their individual SSL certificates. The requirement would be to allow the users to send mail to anywhere and to receive mail from anywhere while atill preventing the machine to became an open relay. My idea is the following. I'd set up two copies of qmail, one for incoming, another for outgoing mail. The two copies of qmail would of course live in entirely different directories. The first qmail copy would receive mails from anywhere on port 25 but deliver nowhere but to the localhost. Users download their mail using POP through an SSLProxy channel. (Normal unencrypted POP port is disabled by tcp wrapper for anyone except localhost.) The second qmail copy would work on another port different from 25 say 26. It would deliver mails to anywhere and also receive mails from anywhere BUT receive only through an SSLProxy channel. (Normal unencrypted port 26 would be disabled by tcp wrapper for anyone except localhost.) Do you think this plan is working and if yes how should I setup qmail for this? Or is there a better solution to my problem? Thanks in advance, Ge'za I. Ma'rk http://www.phy.bme.hu/mg/index.html [EMAIL PROTECTED]
