Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Mail.app and SSH or SSH2 Apps
I am using an AirPort network at home, and want to use a more secure way of sending mail. My mail server accepts connections over SSH, SSH2, TSL and SSL, but I can't find a way to configure Mail.app to use these protocols.

Does anyone have an idea on how to accomplish a change of protocols in Mail.app? Or is this something that is best done in NetInfo Manager? I'd rather not remap the ports, since I have more than one mail account on different servers, and not all of them accept the secure protocols...
    •    
  • Currently 3.50 / 5
  You rated: 2 / 5 (4 votes cast)
 
[9,039 views]  

Mail.app and SSH or SSH2 | 3 comments | Create New Account
Click here to return to the 'Mail.app and SSH or SSH2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Re: Mail.app and SSH or SSH2?
Authored by: andi on Sep 17, '01 10:55:52PM

This tip (in this version) requires Terminal-access:

- Open a Terminal
- Type the following:

ssh -L8110:yourpopserver.somewhere.com:110
yourauthserver.somewhere.com -lusername

[ on a single line of course ]

where "yourauthserver.somewhere.com" is probably the same as
"yourpopserver.somewhere.com"

ssh will then ask for your passphrase which will probably be set up to be your
password

after you successfully logged in this way, ssh has set up port-forwarding for
POP3 connections, so all you have to do is create an account in Mail.app
with POP server set to "localhost" instead of "yourpopserver.somewhere.com"
then go to the advanced options tab and specify "8110" instead of "110" as the POP port

In principle the same trick works for outgoing mail, too, only you have to have root
permissions and do

sudo ssh -L8110:yourpopserver.somewhere.com:110
-L25:yoursmtpserver.somwhere.com:25
yourauthserver.somewhere.com -lusername

instead.

This tells ssh to forward SMTP connections to the remote host on the regular
SMTP port (25), unfortunately that is a priviledged port and that's why you need
the root permissions.

We cannot just forward from a different port like we did with POP since Mail.app apparently
has no option for changing the SMTP port

if you set up SMTP forwarding like this you must of course also change the SMTP server
in Mail.app from "yoursmtpserver.somewhere.com" to "localhost"

Hope this helps,
Andi

P.S.: To make this process a little less troublesome you can create a script to
the trick or create a config file specifying the forwards.
Look at "man ssh" for help on the config file which lives in /.ssh/settings (IIRC)



[ Reply to This | # ]
Nice tip!
Authored by: DeusExMachina on Sep 19, '01 03:52:55AM

Always nice to get specific examples of Things You Can Do with command line tools. Sure, you can use the man pages to find out how to use a command to accomplish a task, but the biggest problem I've encountered is not knowing a given command OFFERS a solution to a given task...

That said, to the guy who is asking the question (Elander?): this is probably NOT what you want.

Someone correct me if I'm wrong, but just because a server excepts incoming mail sending commands over an encrypted channel doesn't mean it subsequently sends that mail the rest of the way in an encrypted form. Obviously it can't use your original SSH encryption, since that would necessitate that you have an account on the receiving mail server too... So, by using this trick you may make it hard for anyone on your subnet to read your mail, but anything outward from the server you're connecting to will still be getting your message as plain text.

If your goal is to encrypt your communications, whether from Eschelon or some random script-kiddie-down-the-hall, then you need to look into something that encrypts the message during the entire transit process, like PGP.

Oh, nifty trick, while we're on the topic of treating mail servers as more than telephone switchboards: You can actually (in most cases) telnet manually into an smtp server. Specify port 25 when you're connecting, and once in you can use some basic commands (RCPT TO, HELO, et al, HELP usually gives a listing IIRC) to make an email by hand. Since much of the (generally noticed) identifying info in mail headers is voluntarily sent by your mail package, this makes a handy way to bother your roommate with "ghosts in the machine" ;)

DeusExMachina



[ Reply to This | # ]
If an SSL socket is required.
Authored by: foamy on Sep 19, '01 07:40:04PM

Try this link. The University of Washington, does not allow SSH tunneling, but instead requires an SSL socket to connect. The instructions on these pages show you how to do it.

http://staff.washington.edu/jdlarios/imapssl-macosx.txt

His scripts require wget, which wasn't installed on many 10.1 builds. There is a package for wget available here.
http://students.washington.edu/meiering/

Warning, there are instructions on his homepage on how to compile OpenSSH for 10.1. This did not work on 10.1 for me and I had to get the SSH binaries from another 10.1 machine in order for SSH to work. Those instructions are found here.
http://staff.washington.edu/jdlarios/openssh-darwin.txt



[ Reply to This | # ]