On Fri, 2013-02-01 at 14:31 +0530, Ram wrote: > On 02/01/2013 01:20 AM, Dale J Chatham wrote: > > You use SMTP authentication through postfix or sendmail. Google [ mail > > authentication relay ] and you should find lots of howtos. > > I'm setting it up to use a sasldb to authenticate external users in > > order to keep them apart from UNIX users. Be very certain that you use > > STARTTLS or some form of authentication for email. Also, if you're > > allowing internet access to e-mail, you'll want to use imaps or https. > The idea is that end users configure their email on Desktop, Laptop , > Phone , tablet, Ipad ... ( The list is getting longer every day ) Yes. > So copies of the mail are floating everywhere. > This raises a security concern > I cant block access totally from outside. > Employees should be allowed access from outside office , but only from > the designated Laptop. > One way would be to ask everyone to VPN to the office for mails , Is > there anyway else. This really sounds like a solution for PKI. Issue a certificate to the device and demand that the device and the server *mutually* agree based on that [currently the client device has to recognize the server's certificate]. This means you (a) have to manage certificates and (b) the client device / application has to be able to perform PKI. I believe (b) is true in most cases. I'm currently also trying to figure this out. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
