I own two laptops and one desktop computer, all of which run Linux. Most modern Linux distributions come with postfix and/or sendmail that allows them to send email. Unfortunately, in an attempt to reduce spam, many sysadmins have configured their mail servers not to accept email sent this way.
On a desktop machine you can simply configure your mail client software to use your institute's or your Internet service provider's mail relay. Life is not so easy with a laptop. You have to change the settings in your email client every time you change locations. If you carry your laptop to and from work this could mean changing your settings twice a day.
This web page describes some solutions to this problem using ssh tunnels. In order to implement these solutions you need to be able to access your institute's (company or university) system via ssh and you need to have ssh client software installed on your laptop. The solutions I describe use openssh on Linux, but should be easily modified to use any version of ssh on any operating system, including Microsoft's operating systems using the very good putty ssh software.
If you're not comfortable with these instructions and you would prefer something simpler, you can try a commercial solution instead.
The simplest way to solve this problem is via an ssh tunnel. Suppose your institute's gateway is called gw.ms.com and your institute's SMTP server is called mail.ms.com (these could be the same machine). This solution involves a simple ssh tunnel from your laptop to your SMTP server.
The following command (run as root) will open an ssh tunnel from your laptop to your mail server.
ssh -N -L25:mail.ms.com:25 username@gw.ms.com
After prompting you for your password, ssh will listen on port 25 of your laptop (the smtp port) and connect any incoming connection to port 25 of mail.ms.com. Now, if you configure your mail client (on your laptop) to use the SMTP server "localhost" you will be able to send mail through your institute's email server. To the receiver of the mail, it will appear as if the mail came from mail.ms.com.
The drawback of this solution is that when your laptop becomes disconnected from the Internet for any reason the ssh tunnel will collapse and you will have to run the above command again to reopen the tunnel. Furthermore, ssh requires your password in order to open the tunnel, so you can't easily automate this process by putting it in a startup script or cron job.
It is possible to open an ssh tunnel without a password provided that you're willing to do a bit of configuring beforehand. For this, you will need a special-purpose private/public key pair generated with ssh-keygen.
As root, on your laptop, run the command:
ssh-keygen -t dsa -f ~/.ssh/specialkey
and enter an empty passphrase when prompted. This will create the files ~/.ssh/specialkey (your private key) and ~/.ssh/specialkey.pub (your public key). Leave the first file where it is. From the second file you will make a new special authorized key on your institute's gateway.
The second file (~/.ssh/specialkey.pub) contains some text of the form
ssh-dss AAAAB3NzaC1kc3MAAAC.........
Copy this text and on the gateway (gw.ms.com) add a line to the file ~/.ssh/authorized_keys2 that looks like this
command="echo Connected!",no-X11-forwarding,no-agent-forwarding,permitopen="mail.ms.com:25" ssh-dss AAAAB3NzaC1k....
(You may have to create the file ~/.ssh/authorized_keys2.) Now, if you've done everything right you should be able to open an ssh tunnel to your mail server by issuing the command
ssh -N -i ~/.ssh/specialkey -L25:mail.ms.com:25 username@gw.ms.com
without having to enter your password. Be aware, however, that if hacker gains access to your account on your laptop then they also gain access to your institute's SMTP server and could use this to impersonate you or send spam from this server. This could make your sysadmin very unhappy with you.
Now you can keep your laptop's tunnel open by running a script like the following:
#!/bin/bash while [[ 1 ]]; ssh -N -L25:mail.ms.com:25 username@gw.ms.com sleep 5 done
This script will open an ssh tunnel and when that tunnel collapses for whatever reason it will open it again in 5 seconds. This should be sufficient for personal email. You may want to run this script from your laptop's startup files.
Your ssh tunnel is essentially a service offered to email client software and occasionally this service needs to be restarted. Under Linux, the tool that handles these kinds of services is inetd, or xinetd. These are daemons that listen on a port and when a connection arrives at that port they start a server process to handle that connection. They do this by connecting the server process' stdin and stdout streams to the connection on the incoming port.
From the above description it sounds like it should be easy to make xinetd work with ssh. Unfortunately, that's not the case. The ssh software can be used to tunnel between two ports on different machines or connect the stdin/stdout of processes on two machines but it can't connect stdin/stdout from a process on one machine to a port on another machine.
The workaround for this is to connect the stdin/stdout of a process running on your laptop to the stdin/stdout of a process running on your institute's gateway and then forward that to the SMTP port of your SMTP server.
To make a long story short, add the following to the xinetd configuration file on your laptop and restart the xinetd service.
# description: This uses ssh to tunnel to the mail relay at service smtp { socket_type = stream protocol = tcp wait = no user = root disable = no server = /usr/bin/ssh server_args = -q -T -i /root/.ssh/specialkey username@gw.ms.com groups = yes bind = 127.0.0.1 }
and add this line to the file ~/.ssh/authorized_keys2 on your institute's gateway:
command="nc mail.ms.com smtp",no-X11-forwarding,no-agent-forwarding,no-port-forwarding ssh-dss AAAAB3NzaC1k.......
When your laptop's mail client tries to send mail, xinetd will make an ssh connection to gw.ms.com and execute the command "nc mail.ms.com smtp" to connect to port 25 (the SMTP port) of mail.ms.com. This requires that the netcat (nc) program be installed on this machine, and be in the user's path. Alternatively, the programs socat or socket can be used instead of netcat. In these cases, you would replace the command above with
command="socat TCP4:mail.ms.com:25"or
command="socket mail.ms.com 25"
respectively.
That's it! If you have any questions or comments about this then send me email. In particular, if you know how to use ssh with xinetd without requiring the netcat, socat or socket software I would love to hear about it. It would be better to replace socket with telnet (which is standard in most operating sytems) but telnet's information messages seem to get in the way.
Some Mac OS X and BSD instructions were contributed by Stefan Langerman. I also received this information from Jon Connell.