Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Re: Mail.app and SSH or SSH2?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Re: Mail.app and SSH or SSH2?
Authored by: andi on Sep 17, '01 10:55:52PM

This tip (in this version) requires Terminal-access:

- Open a Terminal
- Type the following:

ssh -L8110:yourpopserver.somewhere.com:110
yourauthserver.somewhere.com -lusername

[ on a single line of course ]

where "yourauthserver.somewhere.com" is probably the same as
"yourpopserver.somewhere.com"

ssh will then ask for your passphrase which will probably be set up to be your
password

after you successfully logged in this way, ssh has set up port-forwarding for
POP3 connections, so all you have to do is create an account in Mail.app
with POP server set to "localhost" instead of "yourpopserver.somewhere.com"
then go to the advanced options tab and specify "8110" instead of "110" as the POP port

In principle the same trick works for outgoing mail, too, only you have to have root
permissions and do

sudo ssh -L8110:yourpopserver.somewhere.com:110
-L25:yoursmtpserver.somwhere.com:25
yourauthserver.somewhere.com -lusername

instead.

This tells ssh to forward SMTP connections to the remote host on the regular
SMTP port (25), unfortunately that is a priviledged port and that's why you need
the root permissions.

We cannot just forward from a different port like we did with POP since Mail.app apparently
has no option for changing the SMTP port

if you set up SMTP forwarding like this you must of course also change the SMTP server
in Mail.app from "yoursmtpserver.somewhere.com" to "localhost"

Hope this helps,
Andi

P.S.: To make this process a little less troublesome you can create a script to
the trick or create a config file specifying the forwards.
Look at "man ssh" for help on the config file which lives in /.ssh/settings (IIRC)



[ Reply to This | # ]
Nice tip!
Authored by: DeusExMachina on Sep 19, '01 03:52:55AM

Always nice to get specific examples of Things You Can Do with command line tools. Sure, you can use the man pages to find out how to use a command to accomplish a task, but the biggest problem I've encountered is not knowing a given command OFFERS a solution to a given task...

That said, to the guy who is asking the question (Elander?): this is probably NOT what you want.

Someone correct me if I'm wrong, but just because a server excepts incoming mail sending commands over an encrypted channel doesn't mean it subsequently sends that mail the rest of the way in an encrypted form. Obviously it can't use your original SSH encryption, since that would necessitate that you have an account on the receiving mail server too... So, by using this trick you may make it hard for anyone on your subnet to read your mail, but anything outward from the server you're connecting to will still be getting your message as plain text.

If your goal is to encrypt your communications, whether from Eschelon or some random script-kiddie-down-the-hall, then you need to look into something that encrypts the message during the entire transit process, like PGP.

Oh, nifty trick, while we're on the topic of treating mail servers as more than telephone switchboards: You can actually (in most cases) telnet manually into an smtp server. Specify port 25 when you're connecting, and once in you can use some basic commands (RCPT TO, HELO, et al, HELP usually gives a listing IIRC) to make an email by hand. Since much of the (generally noticed) identifying info in mail headers is voluntarily sent by your mail package, this makes a handy way to bother your roommate with "ghosts in the machine" ;)

DeusExMachina



[ Reply to This | # ]