Re: SMTP server or "forwarding"?
From: Jonathan Berry (berryja_at_gmail.com)
Date: 08/28/05
- Previous message: Stéphane Bruno: "Re: Some services fail to start after upgrade to FC3"
- In reply to: Les Mikesell: "Re: SMTP server or "forwarding"?"
- Next in thread: Tim: "Re: SMTP server or "forwarding"?"
- Reply: Tim: "Re: SMTP server or "forwarding"?"
- Reply: Les Mikesell: "Re: SMTP server or "forwarding"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 27 Aug 2005 17:57:51 -0500 To: For users of Fedora Core releases <fedora-list@redhat.com>
On 8/27/05, Les Mikesell <lesmikesell@gmail.com> wrote:
> On Sat, 2005-08-27 at 12:31, Jonathan Berry wrote:
>
> > > If your ISP can't keep their mail server running, find another ISP.
> >
> > Actually, I mean not available as in not there, rather than not
> > functional at times. And switching ISPs is not an option for someone
> > on a University network (see other emails).
>
> So you want a roaming client, like a laptop that might be
> connected elsewhere or a client you configure on a different
> network to be able to send to 'your' ISP's server? In the
Basically, yes.
> 'fixed client at another location' case you may be able to
> send though a local smtp server. The roaming on is a
That would be ideal, but I do not know if such a server is available.
> little harder. Of course the easy fix is to get a gmail.com
> account and use that from everywhere. If you need your
Yes, that is something I had thought about. That is definitely a
possible solution.
> own connection, you need to first decide if you want to
> handle SMTP sending as a special case or if you really
> want full access to your base machine from the internet.
> In the latter case, you would probably want to set up
> openvpn on the laptop and your base machine. Make that
I might want to do that sometime, but I don't need that much right now.
> connection and everything else works as it would locally,
> and it is encrypted across the internet. You can also
It can also be a little slow, but yeah.
> use ssh and port-forward smtp (and a few other things)
> though it with the setup controlled by the client request.
> >From your client:
> ssh -L25:isp_ipaddress:25 your_server
> and be sure that is connected before you send from your
> mail program which you configure to send to localhost:25.
This is interesting. How exactly does it work? Is this for
connecting to the ISP SMTP or to my own server that I setup?
> > Right. But the client I want to connect to it is not on the local
> > LAN. It needs to come across the internet.
> >
> > >
> > > It is easy to do this either with iptables or xinetd's 'redirect'
> > > function, but I don't see the point here. If you have one email
> > > client, point it to the ISP. If you want a local server, use
> > > its smart_host feature to send everything outbound through the ISP.
>
> > Obviously, I was not very clear on what I wanted to do. Sorry about
> > that. Your two choices do not describe what I want. So can iptables
> > or the xinetd redirect take traffic and send it back out the same
> > interface to my ISP's SMTP server? That sounds like what I might want
> > if so.
>
> With iptables it is better to work on different interfaces for
> port forwarding. Xinetd doesn't really care and you could arrange
> for an odd high port to magically connect to your ISP's smtp port
> with a 'redirect' entry but it would not be secure at all and
I like this solution, nice and simple. I have it setup right now
(confined to my local network by my hardware firewall for now). I
certainly do not want to help spammers and/or viruses in spreading,
but how much of a real security risk is this? Do spammers/viruses
look for SMTP servers on strange ports? I know I see a lot of knocks
on my firewall logs to all kinds of ports, but I have no idea what
they are trying to do. Is there a way to set this up with a lot of
logging to where I could see what traffic was going through? How does
this look to the SMTP (is the connection seen from my IP or the
originating IP)? I want to get in trouble for helping spammers even
less than I want to help spammers :). I could always lock down the
from IP range, and tweak it if I need it from a different location via
ssh. Any thoughts on this?
> I wouldn't recommend it. A better alternative would be to
> use 'stunnel' to accept ssl connections with a client certificate
This sounds interesting too. I like the idea of having some auth that
would be simple to setup. I guess I'll do some reading up on stunnel
and see if I can get that working. Anyone have any experience with
stunnel?
> required and forward t o your isp, or run your own mail server
> with ssl on port 465 or port 587 with TLS and require authenticated
> logins for SMTP forwarding. Most current mail clients support
Might as well use Gmail if I'm to go that far. Less to have to keep track of.
> this (I even do it with my palm-based treo phone's wireless
> internet). I don't remember enough about the setup to give you
> a step-by-step, but you should be able to find HOWTO's for
> stunnel and the sendmail setup for those approaches.
>
> Also, for something even easier - your ISP may have a web
> interface for roaming access.
Yeah, they do and it is a pathetic interface and very slow. But the
idea was to use a regular MUA rather than webmail.
Thanks for the ideas,
Jonathan
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Stéphane Bruno: "Re: Some services fail to start after upgrade to FC3"
- In reply to: Les Mikesell: "Re: SMTP server or "forwarding"?"
- Next in thread: Tim: "Re: SMTP server or "forwarding"?"
- Reply: Tim: "Re: SMTP server or "forwarding"?"
- Reply: Les Mikesell: "Re: SMTP server or "forwarding"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
