Mike Loiterman said: > I just wrapped my pop connections in an ssl tunnel and I'm wondering if > I need or if I can do the same to my squirrel mail connections. Aside > from SquirrelMail, I do not use IMAP. I have those ports (143) closed > on my firewall. My web server and my IMAP server are on the same > machine and according to the FAQ: > > "If your mail server is the same as your web server, there is no need > for the encrypted communication. It's useless. Just toss it out the > window, if you can." > > I don't understand what this means. Isn't the password used to access > SquirrelMail sent in cleartext? Why wouldn't I use the ssl tunnel to > protect the password?
"Tunnel" implies that you are creating a secure channel over an insecure medium. I don't think that applies in a single-host scenario. Or, allow me to pose it back to you as a question: What, exactly, do you hope to gain by using SSL? "[P]rotect the password" from what or whom? Isn't the password going to enter and exit the tunnel in cleartext? How does this reduce the number of points of attack? > Also -- I tried enabling SMTP Authentication but that didn't work > either. SMTP-Auth is a technique for allowing authorized /users/ to send mail via a particular mail server from arbitrary hosts. Most other relay abuse prevention techniques are /host/ oriented. This also clearly doesn't apply in this case, since you can simply restrict relaying to local users. How were thinking about configuring SMTP-Auth? For SM the "right way" would be to only allow your webserver to send mail. This strikes me as a perverse use of SMTP-Auth. > I have a feeling that these issues are tied together and they stem from > the fact that all these services are on the same machine?? In a way I suppose they are. You are trying to use multi-host, multi-user security techniques to secure a single-host, single-user (the webserver "user") scenario. -Peter ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
