Linux forwarding-ports mail traffic over ssh

last updated in Categories Howto, Linux, Tips, UNIX

It is used to keep network traffic secure. Insecure traffic examples include pop3, SMTP, HTTP protocols. If you are using a DSL or wireless network, then hackers (read as crackers) can read your sensitive information such as email username/password, and FTP login information. Recently a friend of mine told me that his SMTP login information is used to send spam email to thousands of users. The solution is simple to use ssh to forward arbitrary TCP ports to the other end of your connection so that you can protect the emails, the web(HTTP), and FTP traffic.


NOTE: If your ISP offers SSL for POP/SMPT, use SSL when using your POP and SMTP services.

Consider the following scenario

Normally you directly pull or send an email via ISP server. However, with the help of remote ssh server, you can secure the traffic. These days most of ISP do not provide the ssh access to pop3/smtp server. Then the solution is to use your universities shell account or free service providers such as or server provided by your workplace. If you do not have remote ssh server, then stop reading this post.
click to view image
Your ISP pop3 server name:
Your remote ssh server name: or
Your remote ssh server login name: vivek


Considering above information your ssh command will be as follows. First, login as root user type the command (when prompted for password, type vivek’s password on :
# ssh -f -N

  • -f: Requests ssh to go to background just before command execution.
  • -N: Indicates we are forwarding port i.e do not open shell prompt.
  • -L : This is use to define a tunnel of port 110 on local system to port 110 on It uses following syntax:
  • port:host:hostport which means given port on the local (client) host is to be forwarded to the given host and port on the remote side.
  • Remote ssh user (vivek) and server name (
  • Here is another example where I’m using yahoo’s pop3 and smpt server to send and receive email via’s shell account:
    # ssh -f -N
    # ssh -f -N -L

    Please note that it is quite useful when you are on the wireless network (laptop) or when you do not truest your local network. If your mail server also provides the ssh access then command would be:
    # ssh -f -N -L
    Naturally next step is to reconfigure your mail clients such as Thunderbird or any other mail client, make sure you use pop3 server as localhost and rest of the configuration remain as it is, here sample configuration:

    POP3 Server: localhost
    Port: 110
    Username: my-pop3-username

    Please note that secure SSH tunnel only works while you maintain a connection to a remote UNIX/Linux SSH server. If you disconnect from remote ssh server or quit the SSH session, your tunnel also goes down.


    Posted by: Vivek Gite

    The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

7 comment

  1. If your ISP offers it, use SSL when using your POP and SMTP services. Most mail clients offer this option, including mutt (mutt-ssl) and pine.

  2. Anonymous said…
    If your ISP offers it, use SSL when using your POP and SMTP services. Most mail clients offer this option, including mutt (mutt-ssl) and pine.

    Yup only if you secure POP3/SMTPS avilable else use this trick.

  3. Anonymous said…
    will putty on windows do the same thing?

    Sure you can use putty on windows to the same thing. Try as follows:

    (A) Visit putty download page and download both putty.exe and plink.exe (a command-line interface to the PuTTY back ends), Save them to C: or D:

    (B) Open your windows xp/NT shell by clicking on Start > Run > Type command ‘cmd’. Once at XP/NT shell prompt type the commands:

    plink -L -N

    Supply password and leave plink running once it connects.

  4. I like this recommendation, but I have reservations about it…first your link to the remote sshd (ssh server) may be secure, but the weak link here is the POP3/SMTP connection from the remote ssh server.

                ^ secure                 ^not secure?

    You would have to have a lot of trust in the remote ssh server you are using. If someone is eavesdropping on your unsecure connection (client to POP3/SMTP), it doesn’t proscribe an effort by a determined party to start eavesdropping from the unsecure link on the remote server (granted it might be harder, but not unlikely). So…I would agree with anonymous in the first comment, SSL is “secure” all the way from client to server.

    It boils down to this: If you can’t have ssh directly to POP3/SMTP because your host doesn’t support it, you can’t have it from your remote connection either.

  5. First thanks for highlighting this point to all of our readers.

    I must agree with you, If remote sshd is not trusty then it is not useful at all; however if remote sshd and mail server are same or trusty (like then you can use it.

    Bottom line if SSL supported by email (POP3) server use it, else go to mail server/sshd 🙂

  6. Hi Vivek,

    I am a new reader who has just got a chance to read your articles. Your blog is very much interesting and it is really a knowledge sharing site. I am really impressed with your postings.

    I’m maintaining 24 servers in remote manner. I am having 2yrs experience in this, but wish to learn many things from you. So, if you have any collections about linux, please let me know…

    Thank you!
    Soundar Raj

    Have a question? Post it on our forum!