On Tuesday 05 February 2008 17:20:18 Bill Campbell wrote: > On Tue, Feb 05, 2008, Anne Wilson wrote: > >This (CentOS5.1) box is my new imap server. Using > >system-config-security-level I opened port 143 tcp, and mail is readable > >throughout the LAN. I want a Roaming account on my laptop so that I can > > read mail while away from home. I have set up the account in kmail, and > > I know that that part is correct, as it worked on my old, less-secured, > > imap server. However, I haven't been able so far to make a connection. > > > >Do I need 143 udp open? What else must I do to allow me to connect over > > WAN? > > You should have port 993 open which provides security via SSL. > One can use TLS to initiate connections via port 143, but this > may result in unencrypted logins which result in your username > and password being sent in clear text across the Internet. > > You will also have to make provisions to allow mail relaying from > the roaming IP for the duration of the authenticated connection > (assuming that your mail server is not an open relay which will > get it black listed pretty quickly). There are various ways to > handle this. We have used WHOSON for years which doesn't require > any action on the part of the IMAP client. One can also use SMTP > AUTH, POP/IMAP before SMTP, or other methods. > > It would probably be easier to set up OpenVPN so you can tunnel > from the remote systems into your private network, then connect > via the private IP address for IMAP and SMTP sending. Once one > has generated the proper keys for the OpenVPN connections, it is > easy to make the connections (and easy to revoke them as well). > There are OpenVPN clients for the Microsoft virus, Windows, OS X, > and every version of Unix I've used. > It sounds very complex. I did try, a little while back, to set up OpenVPN, but couldn't understand the settings that I was asked to give. I read three or four how-tos, without feeling any wiser. I got as far as generating the keys, but the instructions seemed to stop there. Then I bought a book - only to find that it was out of date, and nothing was the same as it said :-( The software was two or three version later and quite different. If you know a good how-to for someone with no previous knowledge I'd be glad to hear of it. Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
