Re: Mail Client --> intermediate host --> stunnel (?) --> imaps server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/5/05, Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:
> Matt Morgan writes:
> 
> 
> > Am I right that stunnel won't work this way? If so, what do I really
> > want to be doing, in order to get this to work? Squid? Basically, we
> > just want a way to route the entire IMAPS connection through the
> > intermediary server on the DMZ.
> 
> There are a couple of ways to do that.  First of all, you should be able to
> mess around with iptables and get connections to the imaps port on your
> so-called "intermediary" server forwarded to your real server.  I don't
> have the actual details there, you should be able to dig out the magic
> incantations out of iptables' documentation.  In this case your IMAP server
> should have an SSL certificate whose CN matches the DNS name of your
> intermediary server, because the IMAP clients think that's who they are
> connecting to, so the CNs must match, even though the connections get kicked
> over.  Also, you might lose some logging on the IMAP server, because it will
> not see the connecting client's IP address, it will see all connections as
> coming from the intermediary server.
> 
> Another way to do this is to install an IMAP proxy on your intermediary
> server.  It's going to accept imaps connections (and your SSL cert will be
> installed on the intermediary server itself), then turn around and forward
> those connections to your real IMAP server.  There's very little benefit in
> encrypting the proxied connection of your LAN, so the forwarded connection
> can be non-encrypted.

Thanks! This sounds like the way we'd want to do it. Is IMAP proxying
something Courier can do, or is an IMAP proxy something different?

[snipped remainder]


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux