Hi list, I need some advice. My work situation has changed such that I now have to get out of my chair and climb out of my basement at frequent but irregular intervals. I live by email and need to connect to my email and possibly my desktop from multiple locations.
So, obviously, IMAP to the rescue and probably vnc as well, but one thing at a time. I've played around with dovecot for a bit and have an understanding of how it works and am ready to implement it. I specifically need advice on how to set up my server/firewall etc. here's my current setup: cable -> smoothwall box -> various machines including my debian sid desktop, debian sid/etchish file/mail server, wifey's winXP box, knoppmyth box, kids debian sid box. What I need: access to IMAP mailboxes from anywhere. I've already got dyndns setup and functioning properly, so that's easy... now Possible solutions: 1. use my smoothwall box as is, portforward IMAP to my server and run with it. potential problems are that my LAN, behind smoothwall, is pretty loosey goosey and I run a pretty good risk of being compromised. especially because i"m running a not-up-to-date sid server (driver issues during install, I could downgrade to testing now and solve that problem.) 2. use my smoothwall box as is, set up a DMZ and put another box online to be my IMAP server with a DMZ pinhole from the rest of my LAN to get mail while at home. Problem with this is I'd need another machine running, ugh, and I'm sqeamish about setting up a DMZ and then circumventing some of that security... 3. redo my smoothwall box into a debian machine as a firewall/router/dhcp server/etc and put IMAP on that box. I could lock down that box pretty well and get rid of all kinds of stuff that I wouldn't need (like SSH as I'd never be sitting at that box and need to SSH to another, for example, though I'd still need sshd to get into the thing on occaision.) 4. other solutions like running those services that I want externally accessible in a chroot on one of these machines. maybe other kinds of weirdness, I don't know. My questions are: what do you all think of the above solutions? which would you recommend? What are some other solutions I'm missing? What's a good reference work for figuring this out? My concerns are security for our quaint little home network without giving up its easy ad-hoc nature. thanks A
signature.asc
Description: Digital signature
