Difference between revisions of "SSH/smtp-tunnel"
(Created page with "{{DISPLAYTITLE:smtp-tunnel with SSH}} Category:Mail Category:SSH") |
|||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:smtp-tunnel with SSH}} |
{{DISPLAYTITLE:smtp-tunnel with SSH}} |
||
Generally the concept is pretty simple you have to send mails but all the know port to send mail namely smtp (TCP/25), smtps (TCP/465) and submission (TCP/587) are blocked by a firewall or some other such as a router with ACLs. |
|||
I have been more than once is such a tough spot and a bit of SSH tunnel magic has works wonder to master the situation. This not only works with OpenSSH but with <tt>PuTTY</tt> on Windows as well. |
|||
=== Tunnel to the MTA === |
|||
The easiest is to simply ssh to the host running the MTA and forward via localhost. |
|||
ssh -L <span class="input"><LocalPort></span>:localhost:<span class="input">{25,465,587}</span> <span class="input"><MtaHostName></span> |
|||
Assuming we want to connect to port 25 on the MTA and listen on port 2525 locally it looks like this: |
|||
ssh -L <span class="input">2525</span>:localhost:<span class="input">25</span> <span class="input"><MtaHostName></span> |
|||
=== Tunnel via a jump host === |
|||
In case of a jump host the syntax is the same but instead of <tt>localhost</tt> the IP address of the hostname of the MTA is being used. |
|||
ssh -L <span class="input"><LocalPort></span>:<span class="input"><MtaHostName></span>:<span class="input">{25,465,587}</span> <span class="input"><JumpHost></span> |
|||
Assuming the connection is to listen on port 5587 forwarding to the MTA's port 587 (mta.example.net) with a jump host of 1.2.3.4: |
|||
ssh -L <span class="input">5587</span>:<span class="input">mta.example.net</span>:<span class="input">587</span> <span class="input">1.2.3.4</span> |
|||
[[Category:Mail]] |
[[Category:Mail]] |
||
Latest revision as of 20:38, 26 May 2012
Generally the concept is pretty simple you have to send mails but all the know port to send mail namely smtp (TCP/25), smtps (TCP/465) and submission (TCP/587) are blocked by a firewall or some other such as a router with ACLs.
I have been more than once is such a tough spot and a bit of SSH tunnel magic has works wonder to master the situation. This not only works with OpenSSH but with PuTTY on Windows as well.
Tunnel to the MTA
The easiest is to simply ssh to the host running the MTA and forward via localhost.
ssh -L <LocalPort>:localhost:{25,465,587} <MtaHostName>
Assuming we want to connect to port 25 on the MTA and listen on port 2525 locally it looks like this:
ssh -L 2525:localhost:25 <MtaHostName>
Tunnel via a jump host
In case of a jump host the syntax is the same but instead of localhost the IP address of the hostname of the MTA is being used.
ssh -L <LocalPort>:<MtaHostName>:{25,465,587} <JumpHost>
Assuming the connection is to listen on port 5587 forwarding to the MTA's port 587 (mta.example.net) with a jump host of 1.2.3.4:
ssh -L 5587:mta.example.net:587 1.2.3.4