Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Send mail from outside a firewalll via Mail.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Send mail from outside a firewalll via Mail.app
Authored by: tomn on Aug 29, '03 11:39:01AM
What a cool way of doing this. I was just trying to figure this out yesterday.. shoudl have waited a day. :) Just tested this.. and it does work. I modified it slightly though.

Insted of using my normal ssh keys, I created a new key with no passphrase. When I put the entry in the .ssh/authorized_keys2 file I gave it the nc command. Here's the entry:

command="/usr/local/bin/nc 127.0.0.1 25",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa KEY
Then.. I changed the inetd line to:
snet_sm stream  tcp     nowait  tomn    /usr/libexec/tcpd       /usr/bin/ssh -T -q -l tomn -i /Users/tomn/.ssh/id_snet_email pluto.sneaky.net
This allows that key to ONLY run "nc localhost 25".

Now, I'm setting up the rest of my tunnels. I am also going to use this to forward to our internal IMAP server. (Which doesn't have IMAP-SSL enabled.)

[ Reply to This | # ]

neet
Authored by: nyarlathotep on Aug 31, '03 11:44:59AM

That is a nice tip too thanks, but if you cared enough to have a pasword on your ssh-private keys, wouldn't you just be using ssh-agent? I don't care what any sysadmin says about autoomated logins, the least secure thing in the world is for me to continually be typing my passphrase into scp/ssh sesssions right in front of students. Sure, the passphrase is only good on that one machine, but it gives out a lot of general information about what my passphrases look like. No pasephrase is possibly more secure.. and ssh-agent is obviously the "only right way."

You might need to pull some stunts for the inetd spawned ssh processses to know about the ssh-agent, but I can imagine several ways of doing that.



[ Reply to This | # ]
On using other daemons
Authored by: nyarlathotep on Aug 31, '03 11:54:57AM

I'm using it for IMAP too (as my looser ass mail server does not support IMAP), but I did not bother to post those tips as I figured very few peoplee were in that situation. I noticed that just imapd does not appear to have an configuration options at all, which massively sucks. Mail.app needs to tell it to lok in the Mail directory for additional folders, as it defaults to my frigging home directory! I'm sure there are ways to configure it, but they do not appear to bee advertised anyplace.

I'd also like email name completion for people with emai laccounts on the ssame mail server. I wass considering setting up LDAP via this method, but it seems like itm ight be slow (if it needs to start the ssh tunnel and daemon every time).



[ Reply to This | # ]