IMAP virtual server config question

J

jrm73

Hello,

We are in the process of locking down IMAP. Yesterday we tried to
restrict access to our IMAP4 virtual server by IP address. Did this
from properties of the IMAP4 virtual server | Access TAB | Connection
| Only list below. Added a bunch of internal and external IP's and
all of the sudden the server flipped out. It started failing back and
forth continually between the 2 nodes continuously. Only after
removing IP's and setting back to "All except the list below" did it
settle down. First off - any idea why this would've happened? Could
it be because we set internal and external IP's on the same virtual
server?
I just read it's best to create different virtual servers for
different types of authentication. Because we don't need to require
SSL/TLS encryption internally should I just create 1 virtual server
for internal, set "only the list below" and add IP's with no required
encryption? Then config a separate IMAP4 virtual server for external
the same way but set "Requires TLS/SSL encryption?

Thanks for any input!
 
L

Lanwench [MVP - Exchange]

jrm73 <jayrmontana@yahoo.com> wrote:
> Hello,
>
> We are in the process of locking down IMAP. Yesterday we tried to
> restrict access to our IMAP4 virtual server by IP address. Did this
> from properties of the IMAP4 virtual server | Access TAB | Connection
>> Only list below. Added a bunch of internal and external IP's and

> all of the sudden the server flipped out. It started failing back and
> forth continually between the 2 nodes continuously. Only after
> removing IP's and setting back to "All except the list below" did it
> settle down. First off - any idea why this would've happened? Could
> it be because we set internal and external IP's on the same virtual
> server?


I don't know - I wouldn't do it that way. I wouldn't allow any internal IPs
to access it (but then, I myself never need that). I'd restrict the external
access in my perimeter firewall.

> I just read it's best to create different virtual servers for
> different types of authentication. Because we don't need to require
> SSL/TLS encryption internally should I just create 1 virtual server
> for internal, set "only the list below" and add IP's with no required
> encryption? Then config a separate IMAP4 virtual server for external
> the same way but set "Requires TLS/SSL encryption?
>
> Thanks for any input!


Yes. But again, what's the need for IMAP internally? I rarely use IMAP at
all ...only for a few select users at a few select clients. You don't need
it for general purposes.

 

Similar threads

Top