smtp - can it be ssh tunneled?

smtp - can it be ssh tunneled?

[Harry Putnam]

[ALERT... Even more patience required]

Hope I'm not completely wearing out my welcome with the gurus on this
list.....

I'll be finding my self between a rock and a hard spot in a few days.
Anyone who followed the thread about smtp authentication may recall,
that my current ISP is having trouble with a bank of phones and the
machine that runs them, that stand between my home hookup and the ISPs
own hardware.

Near as I understand the problem... and only partial at best, is that
the machine that relays the dialup accounts to the home hardward
including the ISPs smtp server, does something untoward in the
protocol which causes the smtp server, or any smtp server to disallow
a connection from that machine.

This seems to be born out by my telnet sessions.  When dialed up to my
ISP I cannot telnet to their smtp server nor can I telnet to another
server I have on newsguy.com.

However I can telnet to either one successfully when on a DSL line
that is also on  the same ISP but in the same city.  That is, when I'm
not using the problem phone bank. 

All this wouldn't be much of a problem except that my stay at the
remote address is now over, so I am homeward bound where I will only
have the problem connection.

I'm not eager to just switch ISPs, especially since they tell me this
is a temporary problem until they sack the outfit they are pardnered
with and get a new one.  Possibly two wk or so duration.

This ISP has been friendly and have allowed me shell access... an
IMAP server, etc that isn't really that common with ISPs in my
experience.  I really appreciate being able to ssh into my
public_html instead of doing everything with ftp.

Further, I will have a DSL connection at the home address soon with
this same ISP but no problems with a phone bank.  But this won't
happen for 3/4 wks.

I have dialup access, plus shell access to the ISP machines via telnet
and ssh from my home connection.... but not the smtp server port.

So I'm wondering if there wouldn't be some way to do business over a
ssh tunnel.  The ISP is willing to do things like this If I can figure
out how it would be done.

A few points to consider... I can pull my mail down from their pop
server with no problem.

I have an individual account on the machine running the smtp server,
that I can access via telnet or ssh.

> From there I can telnet to any smtp server I want.
  (having finally learned how to do that here)     

Or just use shell account tools to handle mail.  The thing would be to
automate it some how so that dinking around with all the connections
wouldn't make it intolerably slow.

I don't really understand ssh port forwarding but is it possible to 
forward the port that my outgoing mail uses to my ISPs smtp port and
dump my mail in that way?

Or maybe the opposite way round.  Ssh to the ISP machine then forward
port 25 to my home machine. And aim sendmail at `localhost 25' or
something similar.

Re: smtp - can it be ssh tunneled?

[Kevin Falcone]

>>>>> "HP" == Harry Putnam <reader@newsguy.com> writes:

  HP> I don't really understand ssh port forwarding but is it possible
  HP> to forward the port that my outgoing mail uses to my ISPs smtp
  HP> port and dump my mail in that way?

If you use smtpmail.el to send mail, then

ssh -L 2525:mail.server:25 shell.server

will point port 2525 on the localhost to 25 on the mailserver,
bouncing it through the shell.server so that it appears that the smtp
conversation is coming from the shell.server.

  HP> Or maybe the opposite way round.  Ssh to the ISP machine then
  HP> forward port 25 to my home machine. And aim sendmail at
  HP> `localhost 25' or something similar.

I do this:

ssh -C -q -L 2525:sierra.seas.upenn.edu:25  blue.seas.upenn.edu

then I twiddled sendmail.cf (not recommended) for the Msmtp Mesmtp
Msmtp8 and Mrelay lines to say localhost 2525 instead of localhost 25

So, gnus invokes sendmail on bowline.jibsheet.com, whose sendmail
relays through sierra.seas.upenn.edu using the ssh port forward from
2525 to 25.

If you want more details, feel free to reply offlist.

-kevin

-- 
"Never go in against a sicilian when death is on the line" 
    -- Vizzini in "The Princess Bride"

Re: smtp - can it be ssh tunneled?

[Kai Großjohann]

I think you could try this:

ssh -f -L 25:smtp.newsguy.com:25 ssh.access.newsguy.com sleep 3600

Then doing "telnet localhost 25" (on your home machine) would connect
you to smtp.newsguy.com, but smtp.newsguy.com would think you're
coming from ssh.access.newsguy.com.

You might have to do that ssh command as root.  Hm.  Maybe it's safer
to replace the first 25 with 10025 or something, and then tell
smtpmail.el that you want to connect to host localhost, port 10025.
Then you wouldn't have to do the ssh command as root.

(Once you have connected, the tunnel stays open as long as the
connection stays open.  You have 3600 seconds to connect.)

kai
-- 
A large number of young women don't trust men with beards.  (BFBS Radio)

Re: smtp - can it be ssh tunneled?

[Harry Putnam]

Kevin Falcone <kevinfal@seas.upenn.edu> writes:

[...]

> ssh -L 2525:mail.server:25 shell.server

[...]

> > ssh -C -q -L 2525:sierra.seas.upenn.edu:25  blue.seas.upenn.edu

[...]

Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes:

> I think you could try this:
> 
> ssh -f -L 25:smtp.newsguy.com:25 ssh.access.newsguy.com sleep 3600

Alright.....  Now were talking.. Thanks fellows...

Where I usually drop the ball is between `man page' and translating it
to the command line.

These several clear examples... should give me a big legup on that.

I always wondered why clear basic examples aren't manditory for
manpages.

> If you want more details, feel free to reply offlist.

Thanks, that is likely to be the case at some point.  So I'll be
taking it off list from here on.

I can't test the real machines just now but am setting up some
experiments ..... 

Re: smtp - can it be ssh tunneled?

[Jack Twilley]

>>>>> "Kai" == Kai Großjohann <Kai.Grossjohann@CS.Uni-Dortmund.DE> writes:

Kai> ssh -f -L 25:smtp.newsguy.com:25 ssh.access.newsguy.com sleep 3600

You don't have to mess with sleeps and the like with a reasonably
recent version of ssh.  I do something like this for tunnelling VNC:

ssh -N -g -L 5901:inside:5900 outside

ssh -V returns:

SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).

Jack.
-- 
Jack Twilley
jmt at tbe dot net
http colon slash slash www dot tbe dot net slash tilde jmt slash