Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Mercury I security

Last post 01-11-2019, 20:49 by Sellerie. 6 replies.
Sort Posts: Previous Next
  •  12-14-2018, 16:38

    • Brian Fluet is not online. Last active: 06-26-2019, 2:22 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 25,225

    Mercury I security

    Hi All,

    I am very nervous about the continuous failed attempts at IMAP connection.  I assume they're dictionary attacks so am strengthening passwords but am wondering if there is anything else I can do.  Currently I have...

    • SSL/TLS support enabled
    • Plaintext logins disabled
    • Support for deprecated SSL is not enabled
    • Self-signed certificate is in place
    TIA!
  •  12-14-2018, 18:57

    • Sellerie is not online. Last active: 2019/06/25, 21:50 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,110

    Re: Mercury I security

    I think there is nothing more on your side. Are these connections from road warriors? If so, perhaps you can go via vpn?
  •  12-17-2018, 15:07

    • Joerg is not online. Last active: 06-26-2019, 2:25 Joerg
    • Top 25 Contributor
    • Joined on 03-25-2008
    • German Baltic Sea Coast
    • Contributor
    • Points 7,310

    AW: Re: Mercury I security

    Our Mercury is accessable from local LAN only. Home workers are able to connect to Company LAN via VPN and Roundcube Webmail server. Roundcube is running on a Linux machine and is connecting to Mercury via IMAP.

    Streetworkers have additional mail accounts. Their office accounts read e.g. name@company.com and are accessable by Pmail while their additional mobile accounts read name.mobile@company.com. The mobile accounts will not be polled and retrieved by Mercury. Such users could adjust the forwarding of their office e-mails to their "mobile" account by themselves by editing the FORWARD file. So, all mobile devices are never connected to Mercury directly but dealing with mails via ISP mail accounts directly. Maybe a little bit complicated, but this keeps the Mercury interfaces free of unauthorized login attemps from the internet.

  •  12-17-2018, 19:20

    • Brian Fluet is not online. Last active: 06-26-2019, 2:22 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 25,225

    Re: AW: Re: Mercury I security

    Joerg,

    Is there much pushback from your users having to maintain two mailboxes or with copies-to-self not being in the company mailbox? 

    Sellerie,

    Yes, I have three road warriors that routinely connect via IMAP.  I do as well during long holidays.  I don't know anything about vpn's other than what the acronym stands for and their purpose so am obviously clueless about what that would look like for connecting to Mercury.

  •  12-18-2018, 9:19

    • Joerg is not online. Last active: 06-26-2019, 2:25 Joerg
    • Top 25 Contributor
    • Joined on 03-25-2008
    • German Baltic Sea Coast
    • Contributor
    • Points 7,310

    AW: Re: AW: Re: Mercury I security

    Brian Fluet:
    Is there much pushback from your users having to maintain two mailboxes or with copies-to-self not being in the company mailbox?

    When travelling, our users do send e-mails (by android cell phones) only for their travel planning, like informing the ship agent about their arrival or receiving updated itineraries from us. Insofar the second account doesn't matter. Quite the reverse, for that insignificant mails to many different agencies around the world we do not have to burn our standard e-mail addresses. Big Smile

    Brian Fluet:
    Yes, I have three road warriors that routinely connect via IMAP.  I do as well during long holidays.  I don't know anything about vpn's other than what the acronym stands for and their purpose so am obviously clueless about what that would look like for connecting to Mercury.

    But for important e-mail communication they can use their Windows notebooks with VPN client installed, since our VPN client is working under Windows only.

    We are a small company without an separate IT department or big IT budget. Nevertheless a firewall is essential to ensure the security of Company's IT devices and LAN. When purchased, we took care that the appliance has VPN built-in abilities since we are not interested to install and maintain a separate VPN server (like OpenVPN). Finally we've purchased a Zyxel USG110. Beside a "next-generation-firewall" the device could work as VPN terminator for L2TP, IPSec and SSL VPNs. But because the other types of VPN are a little bit complicated to setup, we are using the SSL VPN ability. Beside some VPN settings in the firewall only a SSL VPN Windows Client has to be installed on affected notebooks. When starting the client it establishes a tunnel through the internet where your notebook obtains an IP from your remotely located company LAN. Now you could even start your Pmail. But often, depending on your internet connection speed, it takes quite long until Pmail is completely loaded. That's why some colleagues are using Thunderbird, connected by IMAP and others are using Roundcube as a local mail webservice in our LAN.

    VPNs are a fantastic business since you are working inside your local network while located elsewhere.

  •  12-18-2018, 15:44

    • Brian Fluet is not online. Last active: 06-26-2019, 2:22 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 25,225

    Re: AW: Re: AW: Re: Mercury I security

    Thanks Joerg.

    I have a decent Cisco Router that has VPN capability and client software so that piece is in place.  My hurdle then becomes my iDevice users.  All three push email to iPhones and/or iPads via IMAP.  My research shows that VPN apps exist but these guys have to react and respond quickly so I think the enable VPN > fetch mail > disable VPN process would be prohibitive. 

    More thinking and research to be done...

  •  01-11-2019, 20:49

    • Sellerie is not online. Last active: 2019/06/25, 21:50 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,110

    Re: AW: Re: AW: Re: Mercury I security

    I think there is no need for enable > fetch > disable or not in every case. Are the iDevices from your company? If so, then let the guys run the vpn the entire time or at least for the working hours.
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page