[plug] Domains blocking mail from dialup pools
Cameron Patrick
cameron at patrick.wattle.id.au
Fri Nov 5 17:41:23 WST 2004
James Devenish wrote:
> In message <418AD86B.3040106 at tigris.org>
> on Fri, Nov 05, 2004 at 09:33:31AM +0800, Timothy White wrote:
> > Maybe I will just have to set up a tunnel, any one known how I can set
> > up a tunnel using SSH so that the connection appears to come from the
> > computer I tunnel into.
>
> Shouldn't be a problem -- it's generally the default no-frills behaviour
> anyway.
I think you misunderstood Tim's sentence - the "so that" was a "the
reason I want to use the SSH tunnel is so that" rather than a "I want
the SSH tunnel set up such that".
Tim: is there any particular reason why you don't want to use your
ISP's mail relay server? (As a former Iinet customer, I understand
that there may well be a good reason :-P)
Also, rather than stuffing about with an SSH tunnel, it might be
easier to find a machine with a static IP that is willing to relay
mail for you directly. (i.e. your machine connects to
generous.person.net.au:25 and authenticates to send outgoing mail.)
Keeping an SSH tunnel open reliably could be quite insecure unless you
are careful. I'd advise setting up a (passphrase-less) SSH key which
can be used only for tunnels (see the ssh man page for details, and
also Bernard's guide at
http://www.ucc.gu.uwa.edu.au/~dagobah/things/secure-backups.html
only you'd omit "no-port-forwding" and set the command to something
innocuous like /bin/true). That way, if your SSH key gets stolen, the
attacker hasn't automatically compromised your account on the remote
machine too. You'd also want to enable the SSH keepalive option so
that SSH notices when the connection dies, and write a script that
runs SSH in a loop while your dial-up connection is up. At this point
it's starting to look a little messy and alternative options may be
more attractive...
> > I don't which computer I will use yet but it may have [its] own SMTP
> > server
>
> Normally, an SMTP MTA would attempt to deliver 'directly' to the
> recipient's MX, but you should be able to find a configuration option
> that enables you to specify a 'relay host' through which outgoing mail
> will be sent. You should find that you are able to specify a 'port
> number' for the relay host.
James, with quotes like that I fully expect you to have a 'laser'
hidden on your 'moon base' too. ;-)
Cheers,
Cameron.
PS. Tim, aren't you posting rather a lot to PLUG for someone who'll
be sitting the TEE next week...?
More information about the plug
mailing list