Re: SMTP server or "forwarding"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/27/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Sat, 2005-08-27 at 12:31, Jonathan Berry wrote:
> 
> > > If your ISP can't keep their mail server running, find another ISP.
> >
> > Actually, I mean not available as in not there, rather than not
> > functional at times.  And switching ISPs is not an option for someone
> > on a University network (see other emails).
> 
> So you want a roaming client, like a laptop that might be
> connected elsewhere or a client you configure on a different
> network to be able to send to 'your' ISP's server?  In the

Basically, yes.

> 'fixed client at another location' case you may be able to
> send though a local smtp server.  The roaming on is a

That would be ideal, but I do not know if such a server is available.

> little harder.  Of course the easy fix is to get a gmail.com
> account and use that from everywhere.  If you need your

Yes, that is something I had thought about.  That is definitely a
possible solution.

> own connection, you need to first decide if you want to
> handle SMTP sending as a special case or if you really
> want full access to your base machine from the internet.
> In the latter case, you would probably want to set up
> openvpn on the laptop and your base machine. Make that

I might want to do that sometime, but I don't need that much right now.

> connection and everything else works as it would locally,
> and it is encrypted across the internet.   You can also

It can also be a little slow, but yeah.

> use ssh and port-forward smtp (and a few other things)
> though it with the setup controlled by the client request.
> >From your client:
> ssh -L25:isp_ipaddress:25  your_server
> and be sure that is connected before you send from your
> mail program which you configure to send to localhost:25.

This is interesting.  How exactly does it work?  Is this for
connecting to the ISP SMTP or to my own server that I setup?

> > Right.  But the client I want to connect to it is not on the local
> > LAN.  It needs to come across the internet.
> >
> > >
> > > It is easy to do this either with iptables or xinetd's 'redirect'
> > > function, but I don't see the point here.  If you have one email
> > > client, point it to the ISP.  If you want a local server, use
> > > its smart_host feature to send everything outbound through the ISP.
> 
> > Obviously, I was not very clear on what I wanted to do.  Sorry about
> > that.  Your two choices do not describe what I want.  So can iptables
> > or the xinetd redirect take traffic and send it back out the same
> > interface to my ISP's SMTP server?  That sounds like what I might want
> > if so.
> 
> With iptables it is better to work on different interfaces for
> port forwarding.  Xinetd doesn't really care and you could arrange
> for an odd high port to magically connect to your ISP's smtp port
> with a 'redirect' entry but it would not be secure at all and

I like this solution, nice and simple.  I have it setup right now
(confined to my local network by my hardware firewall for now).  I
certainly do not want to help spammers and/or viruses in spreading,
but how much of a real security risk is this?  Do spammers/viruses
look for SMTP servers on strange ports?  I know I see a lot of knocks
on my firewall logs to all kinds of ports, but I have no idea what
they are trying to do.  Is there a way to set this up with a lot of
logging to where I could see what traffic was going through?  How does
this look to the SMTP (is the connection seen from my IP or the
originating IP)?  I want to get in trouble for helping spammers even
less than I want to help spammers :).  I could always lock down the
from IP range, and tweak it if I need it from a different location via
ssh.  Any thoughts on this?

> I wouldn't recommend it.  A better alternative would be to
> use 'stunnel' to accept ssl connections with a client certificate

This sounds interesting too.  I like the idea of having some auth that
would be simple to setup.  I guess I'll do some reading up on stunnel
and see if I can get that working.  Anyone have any experience with
stunnel?

> required and forward t o your isp, or run your own mail server
> with ssl on port 465 or port 587 with TLS and require authenticated
> logins for SMTP forwarding.  Most current mail clients support

Might as well use Gmail if I'm to go that far.  Less to have to keep track of.

> this (I even do it with my palm-based treo phone's wireless
> internet).   I don't remember enough about the setup to give you
> a step-by-step, but you should be able to find HOWTO's for
> stunnel and the sendmail setup for those approaches.
> 
> Also, for something even easier - your ISP may have a web
> interface for roaming access.

Yeah, they do and it is a pathetic interface and very slow.  But the
idea was to use a regular MUA rather than webmail.

Thanks for the ideas,
Jonathan


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux