On Tue, 2004-02-17 at 11:12, elemint@hotpop.com wrote: > I want to install a Linux email gateway in front of our Lotus Notes > email server. > > While most of the users are internal some of them are external and use > pop to download email and SMTP to send email from home using the Lotus > Notes server as the SMTP server. > > If the email gateway is placed in front of Lotus Notes server to send > and recieve email via pop would there be any foreseeable problems? > Basically they connect to the email gateway there password is checked > and if good then they can download email via pop or send email via > smtp. --- if the 'email gateway' as you describe it were in front of the Lotus Notes server, they wouldn't reach the Lotus Notes server to get pop mail unless you forwarded - in which case, it wouldn't have an impact. --- > > This email gateway is going to be for smtp messages sent to our domain > and we want to use it for users checking via pop and sending messages > via smtp. > > Can a Linux email gateway be prompted to only allow through email once > they have authenticated via pop or to prompt for a username and password > and it could use the same username and password they are using for pop. --- I would suppose that this email gateway can be configured to do most anything that you want it to do - provided that you either write the code or adopt other peoples code. POP before SMTP is the phrase that I think of when reading your questions and that is somewhat out of vogue as a method of securing email - it's not very effective. In fact, I have stopped allowing remote users access to pop3/imap/ altogether and simply provide web mail access for them. This allows me to enforce SSL connections for remote users. Yes, you can generate certificates and require pop3s and imaps connections from remote hosts but the thought of having to support that for remote users is just too chilling. I guess the point is that I no longer look at these things in isolation...pop3/imap/telnet/etc. but rather look at the overall system and have come to the conclusion that everything except that which is essential is dropped by the firewall (instead of rejecting), and only port 22, 25, 80 & 443 are typically allowed in, pings are dropped too. Everyone gets a /bin/false shell unless they need some other access, but as a measure to make sure that I don't slip up, no plain text logins occur through insecure (i.e. the internet) channels. Craig