SSH Tunnels | Secure SMTP access
Imagine you have a laptop PC, and you need to send email. Normally, you would use your local (home/office) or your Internet provider's mail (SMTP) server.
Assuming you are using typical email client, e.g. Mozilla Thunderbird, you simply define your default SMTP server, in my case smtp.telus.net, and voila - you are sending emails in no time.
What happens if you travel with your laptop to another state or country ? You need to modify SMTP server settings in your Mozilla Thunderbird email client, and define new SMTP server. If you travel a lot, it can be a hassle, especially if some hotels do not provide SMTP servers. I happen to travel a lot, visiting various clients I'm working for (many of or clients we provide IT consulting services for, are located in US), and I need a reliable email solution for my laptop.
Here is a solution that I'm using on my own laptop.
We have an office SMTP server (running Exim on Debian, but that's irrelevant).
For security reasons, our SMTP server does not allow relying - i.e. does not
allow sending emails to remote email addresses from remote IP addresses.
Only local (private) IP address can rely, so I can't use this SMTP server
directly in Mozilla Thunderbird.
Instead, I create a simple SSH connection (a tunnel) to our server, which will allow connection to the SMTP server. SMTP server will this connection as soming from the local IP.
Basically we will create a tunnel, that will map port 25 (SMTP) on the laptop,
to port 25 on the SMTP server.
Of course, we are going to use free (as in 'free beer') software - in
my case I'm using PUTTY:
It's free, secure, runs on Windows and Linux, and it's very simple to set up.
Windows version complete with smtp.bat script desribed below can also be downloaded from here.
- Download and install the software on your laptop.
We are assuming it is installed in c:\bin\putty directory
- Run c:\bin\putty\putty.exe
and connect/login to your ssh server.
By doing this, putty will remember your server's ssh keys, and it will not ask any questions later on.
- Create a script c:\bin\putty\smtp.bat :
################### REM LOCAL IP SET IP=127.0.0.1 REM SSH/SMTP SERVER SET SERVER=myserver.com REM SSH USER NAME SET USER=smtptunnel REM SSH USER PASSWORD SET PASS=thisismypassword SET SSHPORT=22 c:\bin\putty\plink.exe -ssh -2 -T -P %SSHPORT% -batch -l %USER% -pw %PASS% -L %IP%:25:localhost:25 %SERVER% ###################
- Of course you'll need to provide valid username/password (smtptunnel/thisismypassword is just an example), the same that you used to log in to the ssh server in step 2), and actual ssh port (usually 22).
- Define default SMTP server in the Mozilla Thunderbird email client (or whatever other email client you are using, e.g. MS Outlook): 127.0.0.1
- Run the script. Send emails. We are done. It's like having local SMTP server at 127.0.0.1:25
Additional benefit of this solution - all communications with your SMTP server are encrypted and secure.
The same or similar technique, can be used of course for other applications - such as IMAP, SAMBA, etc... We are using similar tunnels to access our SAMBA volumes that actually reside on the Linux server, and we map these SAMBA volumes as local drives in Windows office PCs. It's little bit more tricky, because we must use port 139 (netbios), and this port is used by Windows itself, so new, virtual local IP address is needed, but it also is failry easy to do. We've been often using this and similar solutions in our IT Consulting services.
Our Last Five Customers
- WCB, Richmond
- Introduction to Linux
- Bash Beginners Guide
- Perl Programming Basics
- Shell Scripting
- Advanced Shell Scripting
- UNIX Sockets FAQ
- Mastering Regular Expressions
- UNIX Programming Examples
- C Programming (Marshall)
- Data Structures and Algorithms
- Art of UNIX Programming
- Advanced Linux Programming
- Linux Kernel Module Programming
- Linux for Mobile Devices
- Basic Unix Administration