Re (2): [Oberon] SMTP/SSH tunnel
W B Hacker
wbh at conducive.org
Sun Mar 25 10:54:50 MEST 2007
peasthope at cablelan.net wrote:
> H is my Debian Linux system at home. It has
> exim4, a connection to my home LAN and a
> continuous cable connection to P.
I don't 'DO' Windows or Linux, but the minute you say 'Exim4' I know the
configuration *may be* handled very differently from Exim on Unix.
Does the same job - but configuration is structured and managed differently, so
you need to look at Marc Haber's docs and Exim-Debian specific mailing list
archives and postings to be sure you are making the appropriate config settings
in the correct place.
And/or ask Marc. But go forth with accurate and detailed information, i.e.
hostnames and IP's not just 'H' and 'W' and 'P'.
Any of us sufficiently smtp-aware to help can find all that out anyway, but we
resent pulling teeth.
> P belongs to the ISP and is beyond my control.
Given. But amazed thay accept your relay on port 25.
> When W is on the LAN with H, H relays
> messages to P with no problems. Apparently
> W, H and P all use port 25. SSH is not
> When W is away from the home LAN but can
> connect to H through the Internet, messages
> should go from W to H through a SSH tunnel.
> H should continue to relay messages to P as
> mentioned above. The tunnel should be invoked
> by W.
'H' can have more than one set of interface ports and protocols,
and may need them.
> wh> Best to use 587.
> So /etc/exim4/exim4.conf.template should
> contain this line?
> tls_on_connect_ports = 587
With the added information of the intervening boxen, I am no longer sure you
even *need* the particular change initially suggested.
It is odd that your ISP is allowing relay via port 25 at all, odder still that
it fails when you are accessing a box back of the relay host from different
places but still coming to the ISP from the same 'last mile' box.
> H should continue to allow a local
> connection on port 25 ...
> and this might open the tunnel from W to H?
Pass. May be unrelated.
> SSH.StartForwarding peter at peasthope.yi.org 25:localhost:587 ~
> This will be the data flow?
> [W:Oberon MUA:25] ==(SMTP in SSH tunnel)==>
> [587:H:exim:25] ==(SMTP in cable)==> [25:P]
Something like Home (Oberon) opens ssh tunnel on 44444 TO 66666, 587-as-SSL, or
whatever, at WORK (Exim+Linux). Oberon will need fixed port numbers at both
ends, and Exim can 'meet' it there, but probably best to stay OFF 25 and 587
entirely for that.
How 'weird' the port and protocol assignments are depends on whether Oberon is
locked to specific ports. You do not want to 'depart' off port 25, for example,
but rather some port well above 1024.
WORK (Exim+Linux) opens 'conventional' smtp to P (the ISP mailhost)
That last part is a road well-traveled and should need nothing 'weird'.
See Marc's docs and such for configuring Exim to 'submit' traffic to a smart
host. But you seem to have that part working already.
> Thanks again for all the information,
> ... Peter E.
> Desktops.OpenDoc http://carnot.pathology.ubc.ca/
More digging of facts is needed, and my lack of both Oberon AND Linux awareness
makes me the wrong guy for the rest of that.
The generality (from DOS) is:
With the MTA accepting SSL, at least from the specific local box, on 465 or
some other chosen port. MTA-onward is 'standard'.
I actually used port 666 for the MSDOS Win-boxen.....
> Oberon at lists.inf.ethz.ch mailing list for ETH Oberon and related systems
More information about the Oberon