≡ Menu

Linux forwarding-ports mail traffic over ssh

It is used to keep network traffic secure. Insecure traffic examples include pop3, SMTP, HTTP protocols. If you are using a DSL or wireless network, then hackers (read as crackers) can read your sensitive information such as email username/password, and FTP login information. Recently a friend of mine told me that his SMTP login information is used to send spam email to thousands of users. The solution is simple to use ssh to forward arbitrary TCP ports to the other end of your connection so that you can protect the emails, the web(HTTP), and FTP traffic.

NOTE: If your ISP offers SSL for POP/SMPT, use SSL when using your POP and SMTP services.

Consider the following scenario

Normally you directly pull or send an email via ISP server. However, with the help of remote ssh server, you can secure the traffic. These days most of ISP do not provide the ssh access to pop3/smtp server. Then the solution is to use your universities shell account or free service providers such as metawire.org or server provided by your workplace. If you do not have remote ssh server, then stop reading this post.
click to view image
Your ISP pop3 server name: pop3.myisp.com
Your remote ssh server name: metawire.org or ssh.myuni.ac.in
Your remote ssh server login name: vivek


Considering above information your ssh command will be as follows. First, login as root user type the command (when prompted for password, type vivek’s password on metawire.org) :
# ssh -f -N -L110:pop3.myisp.com:110 vivek@metawire.org

{ 7 comments… add one }
  • AnonymousAugust 2, 2005, 5:52 am

    If your ISP offers it, use SSL when using your POP and SMTP services. Most mail clients offer this option, including mutt (mutt-ssl) and pine.

  • AnonymousAugust 2, 2005, 11:18 pm

    will putty on windows do the same thing?

  • VivekAugust 2, 2005, 11:43 pm

    Anonymous said…
    If your ISP offers it, use SSL when using your POP and SMTP services. Most mail clients offer this option, including mutt (mutt-ssl) and pine.

    Yup only if you secure POP3/SMTPS avilable else use this trick.

  • VivekAugust 2, 2005, 11:53 pm

    Anonymous said…
    will putty on windows do the same thing?

    Sure you can use putty on windows to the same thing. Try as follows:

    (A) Visit putty download page and download both putty.exe and plink.exe (a command-line interface to the PuTTY back ends), Save them to C: or D:

    (B) Open your windows xp/NT shell by clicking on Start > Run > Type command ‘cmd’. Once at XP/NT shell prompt type the commands:

    plink -L 110:pop.bizmail.yahoo.com:110 vivek@metawire.org -N

    Supply password and leave plink running once it connects.

  • Timothy StoneAugust 4, 2005, 7:59 pm

    I like this recommendation, but I have reservations about it…first your link to the remote sshd (ssh server) may be secure, but the weak link here is the POP3/SMTP connection from the remote ssh server.

                ^ secure                 ^not secure?

    You would have to have a lot of trust in the remote ssh server you are using. If someone is eavesdropping on your unsecure connection (client to POP3/SMTP), it doesn’t proscribe an effort by a determined party to start eavesdropping from the unsecure link on the remote server (granted it might be harder, but not unlikely). So…I would agree with anonymous in the first comment, SSL is “secure” all the way from client to server.

    It boils down to this: If you can’t have ssh directly to POP3/SMTP because your host doesn’t support it, you can’t have it from your remote connection either.

  • VivekAugust 4, 2005, 11:09 pm

    First thanks for highlighting this point to all of our readers.

    I must agree with you, If remote sshd is not trusty then it is not useful at all; however if remote sshd and mail server are same or trusty (like metawire.org) then you can use it.

    Bottom line if SSL supported by email (POP3) server use it, else go to mail server/sshd :)

  • AnonymousJanuary 4, 2006, 3:36 pm

    Hi Vivek,

    I am a new reader who has just got a chance to read your articles. Your blog is very much interesting and it is really a knowledge sharing site. I am really impressed with your postings.

    I’m maintaining 24 servers in remote manner. I am having 2yrs experience in this, but wish to learn many things from you. So, if you have any collections about linux, please let me know…

    Thank you!
    Soundar Raj

Security: Are you a robot or human?

Leave a Comment