[tech] marblefish
James Andrewartha
trs80 at ucc.gu.uwa.edu.au
Mon Feb 27 22:39:23 WST 2006
On Mon, 27 Feb 2006, Grahame Bowland wrote:
> On 26/2/06 10:20 PM, "James Andrewartha" <trs80 at ucc.gu.uwa.edu.au> wrote:
>> I was thinking IPSec or OpenVPN, I'm not sure whether terminating on
>> madako or mooneye is the best plan (probably mooneye).
>
> If 2.6 is generally flakey on Alpha, can we just run 2.4? I don't trust some
> magic SMP fix warm and smoking off the debian-alpha list to actually -work-,
> and the machine is going to be annoyingly hard to poke if it stops booting
> or decides to corrupt its filesystems.
Because I couldn't get a recent 2.4 kernel to boot (I'm fairly sure 2.4.27
has security holes). 2.6 is fine if you don't run SMP, which is not a
great loss given it's 833MHz of alpha and all it'll be doing is pushing
packets.
> For the link, why not just use SSL-encrypted SMTP, running on the standard
> secure SMTP port? It's really easy to get postfix to permit relaying based
> on the SSL cert that the client has got. That's really all you need, and it
> won't rely on some tunnel being up all the time.
Mainly because I want to reject invalid users at rcpt.to time. There will
be a local SMTP server as a secondary MX that will then deliver via your
method if the tunnel goes down at any point.
--
# TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
[ "There's nobody getting rich writing ]| -- Collect and hide your |
[ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 /
More information about the tech
mailing list