On Sat, 2005-08-27 at 12:31, Jonathan Berry wrote:
> > If your ISP can't keep their mail server running, find another ISP.
>
> Actually, I mean not available as in not there, rather than not
> functional at times. And switching ISPs is not an option for someone
> on a University network (see other emails).
So you want a roaming client, like a laptop that might be
connected elsewhere or a client you configure on a different
network to be able to send to 'your' ISP's server? In the
'fixed client at another location' case you may be able to
send though a local smtp server. The roaming on is a
little harder. Of course the easy fix is to get a gmail.com
account and use that from everywhere. If you need your
own connection, you need to first decide if you want to
handle SMTP sending as a special case or if you really
want full access to your base machine from the internet.
In the latter case, you would probably want to set up
openvpn on the laptop and your base machine. Make that
connection and everything else works as it would locally,
and it is encrypted across the internet. You can also
use ssh and port-forward smtp (and a few other things)
though it with the setup controlled by the client request.
>From your client:
ssh -L25:isp_ipaddress:25 your_server
and be sure that is connected before you send from your
mail program which you configure to send to localhost:25.
> Right. But the client I want to connect to it is not on the local
> LAN. It needs to come across the internet.
>
> >
> > It is easy to do this either with iptables or xinetd's 'redirect'
> > function, but I don't see the point here. If you have one email
> > client, point it to the ISP. If you want a local server, use
> > its smart_host feature to send everything outbound through the ISP.
> Obviously, I was not very clear on what I wanted to do. Sorry about
> that. Your two choices do not describe what I want. So can iptables
> or the xinetd redirect take traffic and send it back out the same
> interface to my ISP's SMTP server? That sounds like what I might want
> if so.
With iptables it is better to work on different interfaces for
port forwarding. Xinetd doesn't really care and you could arrange
for an odd high port to magically connect to your ISP's smtp port
with a 'redirect' entry but it would not be secure at all and
I wouldn't recommend it. A better alternative would be to
use 'stunnel' to accept ssl connections with a client certificate
required and forward t o your isp, or run your own mail server
with ssl on port 465 or port 587 with TLS and require authenticated
logins for SMTP forwarding. Most current mail clients support
this (I even do it with my palm-based treo phone's wireless
internet). I don't remember enough about the setup to give you
a step-by-step, but you should be able to find HOWTO's for
stunnel and the sendmail setup for those approaches.
Also, for something even easier - your ISP may have a web
interface for roaming access.
--
Les Mikesell
lesmikesell@xxxxxxxxx
