On Thu, Nov 10, 2005 at 01:20:29PM +0800, [EMAIL PROTECTED] wrote: > Hi > I have a request to externally access mail from my server. > Either I will allow openvpn access, with local pop or imap or > I'll open a pop or imap hole in the firewall. > > Openvpn is much more secure, but opinions on taking the easy way and allowing > pop/imap in.
VPNs would be no more secure than pop/imap over SSL. The biggest difference might be the trustworthiness of the code, vpn vs imap/pop server. i.e. probability of their being a vulnerability. And in fact might be less secure, as VPNs allow access to more than a single service, whereas VPNs allow access to the whole soft chewy centre of your network. (Not necessarily of course, but ...) So depends on how much you trust the people accessing your services. I'd go for just the imap/pop over SSL. Probably simpler/ easier to administer too. Is the external user accessing only from a particular place? If so I'd firewall access to only the known remote addresses. This would raise security a lot for a small admin investment. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
