PDA

View Full Version : using SMTP via a secure connection



banec
07-12-2004, 12:28 AM
hey there,

need help on this one.
I haev a newly created account and I am setting up the emails (which is all right) and the email clients (which is not all right)

I will use my email for work and, for the same reason I am mainly on-site at my customer's.

this involve the use of their networks (LAN's) to access internet and SMTP blocked by their firewalls.

I know I can install a webmail SW and I will, but this is just a mere workaround, and not really userfriendly.
I also know I can use their SMTP but I will not ask customers permanently for this.

so the solution would be for me to use a kind of specific client (windows) server (linux) tool, encrypted and tunnelling the SMP data.

as follow:
email client == sends email via SMPT == caught by the tunnelling tool == transfer the data to the server side tunnel == decoded and unwrapped by the server side == presented to the SMTP port 25.

of course the tunnel should require login and password information, and unlike some VPN, leave access to all other IP and ports free (cisco VPN will lock your NIC when comnnected).

not only it will allow me to send emails safely, but with a firewall on my server, it will also forbid any IP to use the port 25, but the server itself.


ANY IDEA of what I can use? PLEASE.

BM

FZ
07-12-2004, 11:17 AM
I've never tried what you are trying to accomplish (and I am certainly no networking guru), but offhand I did think of Putty as I read your post:

Not that I have tried this (and it might not even apply to this situation) but could you not use Putty's SSH Tunnels feature to do this? Don't ask me how, I wouldn't have a clue - sorry!

Apart from that, installing Webmail is simple (assuming you are on WestHost 2.0): just install either IMP or Neomail via Site Applications in your Site Manager.

Let us know how it goes.

banec
07-12-2004, 08:31 PM
FZ,

you are right,
I did a bit of research and the best, as you mentionned, would be to tunnel the POP and SMTP traffic through SSH.

Putty seems to be all-right, although you have to set up the source IP or define it as dynamic (not at my taste).

I found that Stunnel, that I used before in my job is a very good solution.
it can be found at: www.stunnel.org,
the windows version is simple to install and configure (with an extra dll to load)

for the server side, I still struggle: new at westhost, I am trying to figure out exactly what is on the server:
OS: version
openssl installed
man, snoop, tcpdump are not installed aparently.
I have to put gcc as well

is there a detailed description of what is in the servers? (version 2) somewhere ? it will spare me a few days to sort out everything in details.

Branko Milojic

FZ
07-12-2004, 08:41 PM
Branko,

I'm glad my idea helped you start off in the right direction.

Unfortunately, the closest thing to a description of what is on the servers would be the manual (http://manual.westhost.com) which, in terms of this, is not detailed at all. The only other thing - as I am sure you have noticed - is to get your hands dirty with SSH and poke around to discover what is and is not available. Alternatively, I don't see the harm in contacting tech support and asking them about your uncertainties.

As for OpenSSL and GCC, you can get those installed via your Site Manager (http://yourdomain.com/mananger - log in and then click on Site Applications). It really can't be simpler to install those two. The rest of the utilities you mentioned might not be available, but you could 1. ask tech support about them and 2. install them yourself.

Don't hesitate to ask for help on the forums.

banec
07-12-2004, 08:52 PM
thanks a lot,
I do apreciate that.

I will install these myself (not a big deal) although gcc I will remove after the make.

I guess I should at least try to contact the site manager, not to do my dirty job, but just to be sure I breack no security policy with these tools (or am I allowed anything?)

thanks again.

bane

FZ
07-12-2004, 09:09 PM
No problem.

I doubt we are "allowed anything". There's the obvious stuff, like no porn, illegal MP3s/warez, etc. but there may be subtle stuff. Better to be safe - and ask - than to be sorry! I think it is safe to say, though, that we can install any applications we want on our VPS' - except stuff that would bog down the server and (as I recall from the Terms of Service) IRC/chat scripts.

WestHost - RSimpkins
07-16-2004, 11:05 AM
You are free to run SSH tunnels in your VPS. A couple things to keep in mind: We regularly terminate SSH sessions over a certain time frame. This usually translates to days. Establish the SSH session only when you need it to ensure that this doesn't happen to you. Also, if at any time the tunnel starts using large amounts of server resources that would not be allowed (although it shouldn't unless there is some major misconfig).

You are free to install stunnel into your VPS. For this I would suggest obtaining a dedicated IP for your VPS if you do not have one. Also, you will need to be familiar with choosing alternate lib paths when compiling software. I downloaded the src to my test account - compiled without a hitch but wouldn't install because I didn't chose the right lib path -- but the binary does run. I'm a big fan of stunnel and if I had my druthers would rather run it for e-mail and pop3 than ssh. It's easier to setup on the client end as most e-mail clients can use it with out setting up putty.

Of course, WestHost does not officially support any of the above. I do hope that the information is enough to at least point you in the right direction.