Hi Vilius, On Wed, 16 May 2007 23:19:06 +0300 UTC (5/16/2007, 3:19 PM -0500 UTC my time), Vilius Šumskas wrote:
V> You don't. You will authentificate to your real server. But as my V> router/imap server will be transparent you will never know this. V> For example on Linux it is done like this: V> iptables -A PREROUTING -d <myserveripfromvictimside> -i eth0 -p tcp -m tcp --dport 993 -j RETURN V> iptables -A PREROUTING -s ! <myserveripfromvictimside> -i eth0 -p tcp -m V> tcp --dport 993 -j DNAT --to-destination <myserveripfromvictimside>:993 Yes, this can easily be done using Netfilter. There are similar capabilities in Unix (FreeBSD) packet routing. However, it is hardly worth the effort :) Again this is a simple POP/IMAP server, not e-commerce. V> That's one of the ideas behind SSL/TLS. If SSL packet header is V> changed a long the way and doesn't represent certificate key on the remote V> server, client will inform you. You can see it at hotspots where mail traffic V> is usually sent through such servers. Of course... this is why, as I mentioned previously, that when using a self-signed cert for a company IMAP server, I issue those certs to the new users as part of their initial instructional package. They install it (most often in their Windows box), case closed :) -- Gary ________________________________________________________ Current beta is 3.99.06 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
