On 8/27/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > On Sat, 2005-08-27 at 12:31, Jonathan Berry wrote: > > > > If your ISP can't keep their mail server running, find another ISP. > > > > Actually, I mean not available as in not there, rather than not > > functional at times. And switching ISPs is not an option for someone > > on a University network (see other emails). > > So you want a roaming client, like a laptop that might be > connected elsewhere or a client you configure on a different > network to be able to send to 'your' ISP's server? In the Basically, yes. > 'fixed client at another location' case you may be able to > send though a local smtp server. The roaming on is a That would be ideal, but I do not know if such a server is available. > little harder. Of course the easy fix is to get a gmail.com > account and use that from everywhere. If you need your Yes, that is something I had thought about. That is definitely a possible solution. > own connection, you need to first decide if you want to > handle SMTP sending as a special case or if you really > want full access to your base machine from the internet. > In the latter case, you would probably want to set up > openvpn on the laptop and your base machine. Make that I might want to do that sometime, but I don't need that much right now. > connection and everything else works as it would locally, > and it is encrypted across the internet. You can also It can also be a little slow, but yeah. > use ssh and port-forward smtp (and a few other things) > though it with the setup controlled by the client request. > >From your client: > ssh -L25:isp_ipaddress:25 your_server > and be sure that is connected before you send from your > mail program which you configure to send to localhost:25. This is interesting. How exactly does it work? Is this for connecting to the ISP SMTP or to my own server that I setup? > > Right. But the client I want to connect to it is not on the local > > LAN. It needs to come across the internet. > > > > > > > > It is easy to do this either with iptables or xinetd's 'redirect' > > > function, but I don't see the point here. If you have one email > > > client, point it to the ISP. If you want a local server, use > > > its smart_host feature to send everything outbound through the ISP. > > > Obviously, I was not very clear on what I wanted to do. Sorry about > > that. Your two choices do not describe what I want. So can iptables > > or the xinetd redirect take traffic and send it back out the same > > interface to my ISP's SMTP server? That sounds like what I might want > > if so. > > With iptables it is better to work on different interfaces for > port forwarding. Xinetd doesn't really care and you could arrange > for an odd high port to magically connect to your ISP's smtp port > with a 'redirect' entry but it would not be secure at all and I like this solution, nice and simple. I have it setup right now (confined to my local network by my hardware firewall for now). I certainly do not want to help spammers and/or viruses in spreading, but how much of a real security risk is this? Do spammers/viruses look for SMTP servers on strange ports? I know I see a lot of knocks on my firewall logs to all kinds of ports, but I have no idea what they are trying to do. Is there a way to set this up with a lot of logging to where I could see what traffic was going through? How does this look to the SMTP (is the connection seen from my IP or the originating IP)? I want to get in trouble for helping spammers even less than I want to help spammers :). I could always lock down the from IP range, and tweak it if I need it from a different location via ssh. Any thoughts on this? > I wouldn't recommend it. A better alternative would be to > use 'stunnel' to accept ssl connections with a client certificate This sounds interesting too. I like the idea of having some auth that would be simple to setup. I guess I'll do some reading up on stunnel and see if I can get that working. Anyone have any experience with stunnel? > required and forward t o your isp, or run your own mail server > with ssl on port 465 or port 587 with TLS and require authenticated > logins for SMTP forwarding. Most current mail clients support Might as well use Gmail if I'm to go that far. Less to have to keep track of. > this (I even do it with my palm-based treo phone's wireless > internet). I don't remember enough about the setup to give you > a step-by-step, but you should be able to find HOWTO's for > stunnel and the sendmail setup for those approaches. > > Also, for something even easier - your ISP may have a web > interface for roaming access. Yeah, they do and it is a pathetic interface and very slow. But the idea was to use a regular MUA rather than webmail. Thanks for the ideas, Jonathan
