Secure external IMAPS access via DMZ

From Scalix Wiki
Jump to: navigation, search

NOTE: This is currently a WIP. Please leave any corrections until I'm done.

The purpose of this article is to detail the steps taken to ensure secure communication between the end-user and the Scalix mail server, whilst hiding the "identity" of the Scalix server, via a DMZ host.

This particular implementation uses Perdition, an IMAP/POP3 proxy. This was chosen over SSLTunnel & up-imapproxy for the following reasons:

  • SSLTunnel requires direct access to the Scalix server
  • up-imapproxy only supports encryption between up-imapproxy and the IMAP server, it does not support encryption between the client and up-imapproxy.

the vanessa_socket src file may fail to build on x86_64 platforms.

Modify the SPEC file (/usr/src/redhat/SPEC/vannessa_socket.spec) to contain the following line.