Mail Client --> intermediate host --> stunnel (?) --> imaps server
Matt Morgan
minxmertzmomo at gmail.com
Tue Jul 5 20:30:49 UTC 2005
On 7/5/05, Sam Varshavchik <mrsam at courier-mta.com> wrote:
> Matt Morgan writes:
>
>
> > Am I right that stunnel won't work this way? If so, what do I really
> > want to be doing, in order to get this to work? Squid? Basically, we
> > just want a way to route the entire IMAPS connection through the
> > intermediary server on the DMZ.
>
> There are a couple of ways to do that. First of all, you should be able to
> mess around with iptables and get connections to the imaps port on your
> so-called "intermediary" server forwarded to your real server. I don't
> have the actual details there, you should be able to dig out the magic
> incantations out of iptables' documentation. In this case your IMAP server
> should have an SSL certificate whose CN matches the DNS name of your
> intermediary server, because the IMAP clients think that's who they are
> connecting to, so the CNs must match, even though the connections get kicked
> over. Also, you might lose some logging on the IMAP server, because it will
> not see the connecting client's IP address, it will see all connections as
> coming from the intermediary server.
>
> Another way to do this is to install an IMAP proxy on your intermediary
> server. It's going to accept imaps connections (and your SSL cert will be
> installed on the intermediary server itself), then turn around and forward
> those connections to your real IMAP server. There's very little benefit in
> encrypting the proxied connection of your LAN, so the forwarded connection
> can be non-encrypted.
Thanks! This sounds like the way we'd want to do it. Is IMAP proxying
something Courier can do, or is an IMAP proxy something different?
[snipped remainder]
More information about the fedora-list
mailing list