On Tuesday 05 February 2008 17:20:18 Bill Campbell wrote:
On Tue, Feb 05, 2008, Anne Wilson wrote:
This (CentOS5.1) box is my new imap server. Using system-config-security-level I opened port 143 tcp, and mail is readable throughout the LAN. I want a Roaming account on my laptop so that I can read mail while away from home. I have set up the account in kmail, and I know that that part is correct, as it worked on my old, less-secured, imap server. However, I haven't been able so far to make a connection.
Do I need 143 udp open? What else must I do to allow me to connect over WAN?
You should have port 993 open which provides security via SSL. One can use TLS to initiate connections via port 143, but this may result in unencrypted logins which result in your username and password being sent in clear text across the Internet.
You will also have to make provisions to allow mail relaying from the roaming IP for the duration of the authenticated connection (assuming that your mail server is not an open relay which will get it black listed pretty quickly). There are various ways to handle this. We have used WHOSON for years which doesn't require any action on the part of the IMAP client. One can also use SMTP AUTH, POP/IMAP before SMTP, or other methods.
It would probably be easier to set up OpenVPN so you can tunnel from the remote systems into your private network, then connect via the private IP address for IMAP and SMTP sending. Once one has generated the proper keys for the OpenVPN connections, it is easy to make the connections (and easy to revoke them as well). There are OpenVPN clients for the Microsoft virus, Windows, OS X, and every version of Unix I've used.
It sounds very complex. I did try, a little while back, to set up OpenVPN, but couldn't understand the settings that I was asked to give. I read three or four how-tos, without feeling any wiser. I got as far as generating the keys, but the instructions seemed to stop there. Then I bought a book - only to find that it was out of date, and nothing was the same as it said :-( The software was two or three version later and quite different. If you know a good how-to for someone with no previous knowledge I'd be glad to hear of it.
Anne