Recommended way to secure email server?

Andrew Lentvorski bsder at
Sun Jul 3 12:38:36 PDT 2005


What's the best way to secure an email server?

What I would like to do is ban the use of passwords altogether.  I would 
like to exchange public keys for authentication.

Currently, I use IMAP with SSL to retreive email (this requires a 
password that I would like to get rid of).

For sending, I currently use SSH to forward a local port to port 25 on 
the mail server.  The SSH client logs on using public keys.  Then, I use 
TLS to communicate to the local port which is forwarded to the mail 
server port.  This is too many steps, in my opinion.

The fact that the CEO will actually *do* all this because I told him to 
is a testament to his trust that I try not to have security get in the 
way (he actually uses Thunderbird, Firefox, and OpenOffice because I 
recommended that he do so).

Consequently, I would really like to be able to install one or two keys 
in Thunderbird and have everything "just work".

Any suggestions as to how I do this?


More information about the KPLUG-List mailing list