smtp-tunnel with SSH

From braindump
Jump to navigation Jump to search


Generally the concept is pretty simple you have to send mails but all the know port to send mail namely smtp (TCP/25), smtps (TCP/465) and submission (TCP/587) are blocked by a firewall or some other such as a router with ACLs.

I have been more than once is such a tough spot and a bit of SSH tunnel magic has works wonder to master the situation. This not only works with OpenSSH but with PuTTY on Windows as well.

Tunnel to the MTA

The easiest is to simply ssh to the host running the MTA and forward via localhost.

ssh -L <LocalPort>:localhost:{25,465,587} <MtaHostName>

Assuming we want to connect to port 25 on the MTA and listen on port 2525 locally it looks like this:

ssh -L 2525:localhost:25 <MtaHostName>

Tunnel via a jump host

In case of a jump host the syntax is the same but instead of localhost the IP address of the hostname of the MTA is being used.

 ssh -L <LocalPort>:<MtaHostName>:{25,465,587} <JumpHost>

Assuming the connection is to listen on port 5587 forwarding to the MTA's port 587 (mta.example.net) with a jump host of 1.2.3.4:

ssh -L 5587:mta.example.net:587 1.2.3.4