RE: [Exim] Feature Request - security

Top Page
Delete this message
Reply to this message
Author: Karl Schmidt
Date:  
To: 'Yann Golanski'
CC: exim-users
Subject: RE: [Exim] Feature Request - security
See [KPS] below ....

On Wed, May 16, 2001 at 08:33:13AM -0500, Karl Schmidt quothed:
> It seems to me that you could set up a relay that is initiated by the
> private side using ssh - you could have better security and a more

reliable
> system. As I imagine it - the private side would open a ssh session that

the
> DMZ side would use to relay mail. This connection would be required to

close
> and open on a regular basis.


Why not use SSL and ETRN? It seems to me that this would work pretty
much in tehsame way as you describe. Of course, you could install IPSec
on your gateway and make it use that to encrypt all connections to
the external mail server.

[KPS] I have looked at that - It is a step in the right direction having the
connection initiated on the private network end. Fetchmail is supposed to
support ssh also (for some reason I haven't gotten ssh to work with
fetchmail yet). I may use ETRN. I think ETRN is really aimed at
intermittently connected servers. I've not seen anything that suggests it
would support a continuous connection.

IPSec or a port forwarding scheme could work, but it seems this should be
part of Exim to me. Even if this only works between Exim MTAs it would be a
great feature. Securely in tying the public and private mail servers
together is a common problem.

It just seems a pity to defeat the beauty of the way Exim works - no
batching. To have a ssh connection open all the time so when the mail,
comes it moves at once.

Karl Schmidt (ks150)     EMail Karl@???
Transtronics, Inc.       WEB http://xtronics.com
3209 West 9th Street     Ph(785) 841-3089
Lawrence, KS 66049       FAX(785) 841-0434