[svlug] Re: [lsec] Secure POP3 installation (fwd)

[Alvin Oga]

> 
> hi ya eric
> 
> to get secure pop3 email...you only need a secure pop3
> server ...
> 	many different ways to do it... some works..
> 	ohters wont... problem is complicated with changing
> 	MS clients that might decide to automatically update itself
> 	that breaks its secure pop3 clients ( SSL-enabled )
> 
> the insecure part is "passwd" needed to read emails..
> 
> you need to be able to trust traffic on your network for
> http, smtp, ftp, etc..etc.. so you dont need to worry about smtp traffic
> 
> - get rid of MS clients and that simplifies your secure pop3 problem
> 
> http://www.Linux-Sec.net/Mail/secure_pop3.txt
> 	- look at ssl, stunnel, etc
> 
> - if security is an issue...
> 	- put insecure stuff on one box... ( pop3, imap, ftp, telnet, ppp)
> 	( leave that box alone in its own lan...
> 
> how secure you want stuff would depend on what would happen if your local
> script kiddie erased all your data....what would the consequences be...
> 
> c ya
> alvin
> 
> 
> On Wed, 8 Aug 2001, Eric Pretorious wrote:
> 
> > I've just completed installing a web-based mail application only to discover 
> > that it requires access to a POP3 server to retrieve incoming mail from a 
> > "catchall" account on my SMTP server.
> > 
> > Are there any "safe/secure" POP3 servers currently available or should I 
> > migrate my SMTP service to a completely separate box and update the MX 
> > record in my DNS zone. i.e., create a dedicated SMTP/POP host. The only 
> > catch to establishing a dedicated SMTP/POP server would be my Mailman 
> > installation: Mailman requires an NFS connection between physically separate 
> > WWW and SMTP servers. (Currently, all my services are housed on the same 
> > box.) I suppose that I could just set-up an additional apache server 
> > (mailman.mydomain.com) to handle the HTML archives for Mailman, but that 
> > just seems way too redundant...
> >