Disable ssl validation for replication?
Joseph Ward
jbwlists at hilltopgroup.com
Thu Dec 21 16:43:52 EET 2017
I only have one public IP at each site, so having all internal services
(and I have a lot of them) communicating over the internet to that
single IP (on each side) would get pretty complex with a lot of rules
and a lot of interesting port remapping and additional firewall rule
complexity. That additional complexity also involves more chances to
make mistakes that introduce security problems. So in general, I'm
eager to keep things going directly to the proper service internally.
Obviously I can work around that when it's necessary, but going outside
the VPN is the last option I'm entertaining.
Regards,
Joseph Ward
On 12/20/2017 20:24, Andrew Sullivan wrote:
> I guess what I don't understand is why the IP address approach is more
> attractive to you, and why you think the "public Internet" path is
> less good.
>
> Best regards,
>
> A
>
More information about the dovecot
mailing list