Restrict access to a single client device
Adam Tauno Williams
awilliam at whitemice.org
Fri Feb 1 06:09:12 EST 2013
On Fri, 2013-02-01 at 14:31 +0530, Ram wrote:
> On 02/01/2013 01:20 AM, Dale J Chatham wrote:
> > You use SMTP authentication through postfix or sendmail. Google [ mail
> > authentication relay ] and you should find lots of howtos.
> > I'm setting it up to use a sasldb to authenticate external users in
> > order to keep them apart from UNIX users. Be very certain that you use
> > STARTTLS or some form of authentication for email. Also, if you're
> > allowing internet access to e-mail, you'll want to use imaps or https.
> The idea is that end users configure their email on Desktop, Laptop ,
> Phone , tablet, Ipad ... ( The list is getting longer every day )
Yes.
> So copies of the mail are floating everywhere.
> This raises a security concern
> I cant block access totally from outside.
> Employees should be allowed access from outside office , but only from
> the designated Laptop.
> One way would be to ask everyone to VPN to the office for mails , Is
> there anyway else.
This really sounds like a solution for PKI. Issue a certificate to the
device and demand that the device and the server *mutually* agree based
on that [currently the client device has to recognize the server's
certificate]. This means you (a) have to manage certificates and (b)
the client device / application has to be able to perform PKI. I
believe (b) is true in most cases.
I'm currently also trying to figure this out.
More information about the Info-cyrus
mailing list