Using smtp from remote locations
Regular readers will know that I’m in Ottawa for a short trip. That
means you know something my parents don’t know yet. They’re still in Portugal on
holiday. I’ll be picking them up upon their return. That’s when they’ll find
out I’m visiting.
Before I left, I set up an APOP server so I
could remotely and securely get my mail from home. I have set myself up with a local (actually regional) ISP. I’m free to use their mail
servers and that works well. But some sites (freebsd.org included) are very strict
about the mail they will receive. In this case, they won’t accept mail from the
look.ca mail server (I suspect this is because my mail will have a different reply-to
domain other than look.ca). I was getting around this using a very simple procedure
but I quickly grew tired of doing this every time I logged into my ISP. So I’ve
found a better way.
In case it makes any difference, I’m using FreeBSD 4.3-BETA and sendmail 8.11.3.
relay-domains
sendmail uses the file /etc/mail/relay-domains1 as a list of domains from which it will accept mail for
relay. In short, if you send from a host within one of the domains listed in this
file, sendmail will accept it and redeliver it for you. This file already
contained the names of the domains within my subnet. In order to tell sendmail to
accept mail from my dial up account with look.ca, I did the following:
- I ssh’d to my mail server.
- Modify /etc/mail/relay-domains to add the IP address from which I was
connected. I could tell this from the who command:
# who
dan ttyp0 Apr 7 09:42 (216.154.60.217)
- I hup’d sendmail:
killall -HUP sendmail
Then I was able to send mail. This had two side effects.
- I had to do the able every time I connected to my ISP because my IP changed each time.
- The mail headers in my messages contained an extra hop to indicate the connection from
my ISP. This isn’t really a problem. It’s merely a personal preference.
1 This local may vary from one operating system to another
and is determined by the sendmail.cf setting FR-o /etc/mail/relay-domains or by
the feature FEATURE(relay_entire_domain). See http://www.sendmail.org/tips/relaying.html
for more detail.
ssh tunnel
This method requires a ssh login from your local workstation to the remote
mail server. It’s not very scalable as you don’t necessarily want all users to have
an ssh connection. This solution is fine for just yourself and/or a few trusted
users.
I’ve talked about an ssh tunnel before in the cvs
remote article. With an ssh tunnel, you can redirect a local port to a
port on a remote machine. In this case, I want to redirect port 25 on my box to port
25 on my mail server. This can be done easily with a FreeBSD client with the
following command:
ssh -p 25 -L 25:localhost:25 mail.example.org
This will redirect port 25 on your box to port 25 on your mail server at example.org.
If you are using a Windows, I know that Terra Tera (TTSSH)works. See my list of windows ssh clients. To set up SSH Forwarding in TTSSH,
do the following steps:
- Select Setup | SSH Forwarding from the TTSSH menu
- Click on Add
- Select smtp from as the forward local port
- Enter the name of the remote machine (e.g. mail.example.org)
- Select smtp from as the port on the remote machine.
- Use TTSSH to connect to the remote machine as you would normally.
- On your mail client, set the smtp server to be localhost. On my Pegasus mail
client, I do this via Tools | Internet Options | Sending (SMTP) | SMTP host. - If you want to save these settings for next time: select Setup | Save Setup from the TTSSH
menu.
With an ssh tunnel, you do have to connect to the mail server via ssh each
time. But you don’t have to modify anything and your mail headers look the same no
matter where you send your mail from.
My thanks to Lazarus for help with this.
Other options
You can also do POP-before-smtp. This is probably
a better solution if you have many users. For examples, I searched with Google and found:
http://iecc.com/pop-before-smtp.html
http://people.oven.com/bet/pop-before-smtp/and much more
See also smtpAuth at http://www.sendmail.org/~ca/email/auth.html.
more remote SMTP stuff (added on 9 April 2001)
Patrick Hawley writes:
Hey there…I saw your post on remote SMTP stuff, and wanted to let you know about a
few things:* the best POPbeforeSMTP utility I’ve found is called poprelayd:
…however, Outlook/Outlook Express both attempt to send mail *first* and retrieve mail
*second*. Therefore, if your mail server users, for example, compose mail ‘offline’ and
then attempt to connect to the mail server, it will fail as their mail client is trying to
send mail *before* retrieving mail, while poprelayd works by snarfing IP addresses
authenticated POP/IMAP requests and adding those IP addresses to a separate "alright
to relay" database (/etc/mail/popip.db).* there is an excellent unofficial HOWTO on SMTP_auth in the comp.mail.sendmail
archives (you probaly can’t click through to it, but will have to trvaerse there from
www.perl.jann.com):* if you add the following line to /etc/mail/access:
208.190.223.7 RELAY
and then rebuild the access.db by running
makemap hash /etc/mail/access < /etc/mail/access
you should be able to send mail through your mail server (instead of using relay-domains).
Just a few comments – I ran pop before SMTP for a while (as it was provided by my web host) but found it unreliable.
Send mail first (as some email programs do) and you get errors – very frustrating.
A techie friend suggested I try AuthSMTP (URL: http://www.authsmtp.com) – works like a dream compared to pop before SMTP relaying.
Hope it helps!