postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Encrypt messages between 2 servers

Re: Encrypt messages between 2 servers

From: Stan Hoeppner <stan_at_nospam>
Date: Sun Oct 24 2010 - 02:58:18 GMT
To: postfix-users@postfix.org

David Touzeau put forth on 10/23/2010 3:20 PM:
> Yes i heard about VPN but in some cases in a big environnement you
> cannot play with networks and firewalls as you like.
> And there is a lot of remote sites to discuss, create VPN trought all
> theses remote sites is to complicated to maintain.
>
> yes i need to find a plugin like djigzo but djigzo is too heavy product
> (postgrey, web server... ) that requires too much components to
> implement

You want a solution to your technical requirement. Many have been
recommended that will meet your goals. However, you find them all too
difficult or complex or painful to implement for reasons x,y,z.

You're going to have to pick one, and none of them are going to be
particularly "easy" or pain free to implement, not if you're talking
about dozens or hundreds of remote sites. Did you think this encryption
project would be easy? Just change one setting in main.cf on each
server and be done? Heheh. Reality checks suck.

I'm really curious about something. Your superiors are fearful of
wiretapping/eavesdropping of your SMTP session packets as they flow
across a public network, the internet. By the same token, aren't they
worried about all other manner of documents being transmitted to remote
offices via SMB/CIFS, FTP, HTTP? Or is your company one of those that
sends _everything_ as email attachments, sorta like most Lotus Notes
shops? ;)

And, lastly, how is your environment this "big", as you say, in 2010,
with so many remote sites, and you've never implemented a VPN? And if
SMTP encryption is so important to your superiors, how do you not have
"buy in" from the networking group? In fact, if this encryption is so
crucial to management, why didn't they simply go to the networking group
and tell them to build a VPN?

We can't properly help you if we don't have the full story, or, at
least, a significant portion of it. A tyrannical government isn't the
reason for wanting this encryption is it?

-- Stan > Le samedi 23 octobre 2010 à 11:00 -0500, Stan Hoeppner a écrit : > >> David Touzeau put forth on 10/23/2010 7:30 AM: >>> Yes it for a company between remote sites trough internet that need to >>> be sure that documents cannot be opened. >>> i know pgp but there no informations how we can hook postfix or there is >>> not such filter that should perform this operation. >> >> Why don't you simply setup a VPN tunnel between the sites? This is >> exactly the scenario for which VPN technology was created: >> >> http://en.wikipedia.org/wiki/Virtual_private_network >> >> The two routers currently in place may already have VPN capability that >> you can simply configure in a few minutes. If not, setup a couple of >> Linux VPN gateways, one at each site. After that, simply create a host >> file entry on each SMTP server with the FQDN of the other and its >> RFC1918 address, so each sends SMTP to the other over the encrypted VPN >> tunnel. >> >> VPN is not new--been around for 10 years or so, and they are _widely_ >> used. Have you never heard of a VPN? >> > > >