On Thu, 2009-03-26 at 16:59 -0700, Florin Andrei wrote: > I want to read my email on the iPhone. To do that, I have 2 options: > 1. VPN > 2. IMAP-over-SSL > > #1 is a bit convoluted, I already run a VPN server, with OpenVPN, but > the iPhone doesn't have an OpenVPN client. Running *two* VPN networks > seems excessive for a small personal server - not that the machine > cannot handle it, but it just feels too complicated for the task at hand. > > #2 would be easy to implement, just poke a hole in the firewall for the > imaps port. But then there's the issue of security, of course. > > I am running cyrus-imapd-2.3.7 on CentOS 5.x > > How comfortable y'all are with exposing Cyrus IMAPd's imaps port to the > big wild Internet? > Do you see the SELinux confinement as a must-have in this context, or > are you okay with running it without any such MAC protections? ---- I expect it to be safe because I too have opened IMAPS ports for the various clients that I have who want to use their iPhone's and Blackberry's, etc. That also means that I have had to implement SMTP auth so that they can send e-mail too. I have faith that these are daemons (cyrus and postfix) that can withstand attacks but every port you open is another attack vector on your system. Craig ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
