From owner-freebsd-questions Mon Oct 8 12:47:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from academy.kearneys.ca (academy.pims.sfu.ca [142.58.49.77]) by hub.freebsd.org (Postfix) with ESMTP id C275337B406 for ; Mon, 8 Oct 2001 12:47:28 -0700 (PDT) Received: (from brent@localhost) by academy.kearneys.ca (8.11.3/8.11.3) id f98Jljg08182; Mon, 8 Oct 2001 12:47:45 -0700 (PDT) (envelope-from brent) Date: Mon, 8 Oct 2001 12:47:45 -0700 From: Brent Kearney To: FreeBSD Questions Cc: BSD Freak Subject: Re: Authenticated MAIL for roaming users Message-ID: <20011008124744.A7653@kearneys.ca> References: <01100807342903.07185@prime.vsservices.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01100807342903.07185@prime.vsservices.com>; from gclarkii@vsservices.com on Mon, Oct 08, 2001 at 07:34:29AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Oct 08, 2001 at 07:34:29AM -0500, GB Clark II wrote: > On Sunday 07 October 2001 18:12, BSD Freak wrote: > > > > I have romaing users, that dial up to a varity of ISPs and I have the > > problem of having to change their outgoing mail setting depending on > > where they are going to be. > > I've got a perl script that parses my popusers.log file, pulls out the last > IP addresses for the users, creates a text file and adds these to the access > db for sendmail. The only changes to a stock system are make pop syslog to a Then, however, you have to open pop up to the world. While better than opening SMTP to the world, it isn't very desirable. I would like to use IPSec + the built in IPSec cababilities of Win2k to create secure access to the mail server for roaming users. Getting Win2k connected over IPSec from a static IP was no problem (I used a howto from DaemonNews, I think), but is there a way to do this with roaming users whos IPs change as the wind blows? I assume that there is; I haven't spent much time looking into it, yet. What I'm really not sure about though, is how, if possible, to restrict access to network services to only VPN-authenticated clients. I use ipfw to block connections from networks external to our own. I would like the roaming laptop users to be able to connect over IPSec from anywhere, and have access to IMAP & SMTP, etc. I know that this is an issue that others are dealing with too. Does anyone know of any reference material on how to go about this? Thanks, Brent -- https://kearneys.ca/contacts?user=brent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message