Skip to main content.

Tue, 25 Dec 2007

Sending mail from a laptop

I often find myself on what I would call "hostile" networks: They allow only very limited Internet access, like by blocking port 25 so I can't connect to my mail server. Maybe for you, you're never on filtered Internet access, but your home ISP doesn't let you send mail out when you're not at home, but you want to send email directly from your laptop anyway.

Just do what I do! Let me explain.

Summary

Justification

Implementation in Three Steps

Step 1: ssh tunnel

This is the hardest part. To make things simple, I create a dedicated user on each end.
On the remote server (server)
[me@laptop] $ ssh me@server
[me@server] $ sudo adduser tunnelendpoint
[me@server] $ sudo su - tunnelendpoint
[tunnelendpoint@server] $ mkdir .ssh
On the local machine (laptop)
[me@laptop] $ sudo adduser tunnelclient
[me@laptop] $ sudo su - tunnelclient
[tunnelclient@laptop] $ ssh-keygen -t rsa # make it passwordless
[tunnelclient@laptop] $ cat .ssh/id_rsa.pub | ssh tunnelendpoint@server 'mkdir -p .ssh ; chmod 0700 .ssh ; cat >> .ssh/authorized_keys'
On the remote server
[me@server] $ sudo su - tunnelendpoint
[tunnelendpoint@server] $ nano -w .ssh/authorized_keys
You'll see a key that starts with "ssh-dss". Before that, add this string and leave a space before "ssh-dss":
command="nc localhost 25",no-X11-forwarding,no-agent-forwarding,no-port-forwarding

(Note: "nc" is in the netcat package.)

On the local machine (laptop)
[tunnelclient@laptop] $ ssh tunnelendpoint@server
220 rose.makesad.us ESMTP Postfix (Debian/GNU): "every tragedy is a beauty that has passed"

Hooray! If you see a reply like mine that starts with "220", then all is well.

You're done with the hard part. Now the easy parts.

Step 2: inetd

[me@laptop] $ sudo aptitude install openbsd-inetd

Now edit /etc/inetd.conf to have this line:

127.0.0.1:125 stream  tcp     nowait  tunnelclient    /usr/bin/ssh    -q -T tunnelendpoint@server

Now restart the inetd (sudo /etc/init.d/openbsd-inetd restart) and test it:

[me@laptop] $ telnet localhost 125 
220 rose.makesad.us ESMTP Postfix (Debian/GNU): "every tragedy is a beauty that has passed"

Step 3: Postfix (optional)

This is my favorite part, but it's only necessary if you plan to send email when you're not connected to the Internet.

Just install Postfix, and add this to /etc/postfix/main.cf:

relayhost = 127.0.0.1:125

Restart Postfix and you should be set. Try sending some mail!

Closing

I was inspired by a Debian Administration post, except I had my own ideas about the best way to do it. I still like my way best.

One problem with the above approach is that it requires root on "server". It would be possible to do the ssh tunnel thing without using a separate "tunnelendpoint" account, but instead to add that key to your regular username.

[] permanent link and comments

Comment form

  • The following HTML is supported: <a href>, <em>, <i>, <b>, <blockquote>, <br/>, <p>, <abbr>, <acronym>, <big>, <cite>, <code>, <dfn>, <kbd>, <pre>, <small> <strong>, <sub>, <sup>, <tt>, <var>
  • I do not display your email address. It is for my personal use only.

Name: 
Your email address: 
Your website: 
 
Comment: