We are implementing a web application with workflow. There are web servers, another box hosting the appserver and workflow engine and another box hosting the DB server. There is a need for us to connect to an email server to send emails. How does one server authenticate another?
What should we be looking for to make sure that the connections are being requested by genuine servers? What are the different ways in which a server recognises another server?
One possible option is to use like an LDAP session and propogate the sessionId around (Provided you are using LDAP).
Use an X.509 certificate (yes, it is called PKI). Then issue certs to trusted servers.
However, if you just need authentication for your mail server sitting on your network, just password protect it and only trusted servers have the password. Also, most mail servers can be configured to only accept requests from certain ip addresses (or domain).