[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:misc:proxying_smpt [2015/11/27 05:46 (UTC)] – [Proxying Emails to Your Local Mail Relay Server] louigi600 | howtos:misc:proxying_smtp [2016/06/20 07:28 (UTC)] (current) – proxying_smtp renamed to howtos:misc:proxying_smtp (Ended up in the wrong namespace) alienbob | ||
---|---|---|---|
Line 1: | Line 1: | ||
<!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | ||
====== Proxying Emails to Your Local Mail Relay Server ====== | ====== Proxying Emails to Your Local Mail Relay Server ====== | ||
- | There may be times where you may need to send emails from a machine, that can not do so directly nor thought your local SMTP relay. | + | There may be times where you may need to send emails from a machine, that can not do so directly nor thought your local SMTP relay and you have no easy way out for mending |
- | As far as I know SMTP protocol does not support proxy itself but I can think of several ways to work around | + | |
- | Let us have a look at some scenarios | + | |
- | Throughout the scenarios we will be referring so 3 machines: | + | |
- | Machine A with IP address 192.168.0.2 (cannot send meils directly via internet and cannot use Local Mail Relay) | + | As far as I know SMTP protocol does not support proxy itself but I can think of several ways to work around the problem. |
+ | Here are some scenarios | ||
- | Machine B with IP address 192.168.1.2 | + | Throughout the scenarios we will be referring to 3 machines: |
- | Local Mail Relay (LMR) with IP address 192.168.2.2 | + | * Machine A with IP address 192.168.0.2 (cannot send mails directly via internet and cannot relay on Local Mail Relay) |
+ | * Machine B with IP address 192.168.1.2 | ||
+ | * Local Mail Relay (LMR) with IP address 192.168.2.2 | ||
===== Scenario 1 ===== | ===== Scenario 1 ===== | ||
- | Machine A cannot | + | * Machine A cannot |
- | but Machine A has access to machine | + | |
+ | * Machine B can relay thought LMR | ||
+ | * Machine B can reach LMR's port 25 | ||
- | We can use nc to proxy mail from A to LMR | + | We can use nc on Machine B to proxy mail from A to LMR. In this example it will appear to LMR as if it was Machine B that is sending the email. |
On machine B | On machine B | ||
Line 53: | Line 55: | ||
===== Scenario 2 ===== | ===== Scenario 2 ===== | ||
- | Let' | + | * Machine A cannot reach LMR' |
- | can we use a ssh tunnel between A and LMR to do the job for us ? | + | * Machine A is allowed to relay thought LMR but firewall is preventing it from reaching port 25 on LMR |
+ | * Machine A can reach the LMR but only on port 22. | ||
+ | |||
+ | We use a ssh tunnel between A and LMR to do the job for us. In this example we are bypassing firewall by using ssh to forward traffic trough a encrypted tunnel. For this to work properly the ssh client that is going to be forwarding needs to be executed by an administrative account. | ||
<note important> | <note important> | ||
Line 69: | Line 74: | ||
DATA | DATA | ||
354 End data with < | 354 End data with < | ||
- | FROM:drao@invallee.it | + | FROM:me@localnet.com |
- | TO:drao@invallee.it | + | TO:dude@localnet.com |
SUBJECT: | SUBJECT: | ||
if you get this sending email trough ssh tunnel worked | if you get this sending email trough ssh tunnel worked | ||
Line 80: | Line 85: | ||
+ | ===== Scenario 3 ===== | ||
+ | * Machine B can relay emails trough LMR | ||
+ | * Machine B cannot reach LMR's port 25 | ||
+ | * Machine B can access LMR via ssh | ||
+ | * Machine A has access to Machine B on whatever port we choose to let ssh listen on for forwarding (1024 in the exaple). | ||
- | This method may or may not work depending on whether Machine A is configured to be able use LMR for relaying mails (intendes as the MTA on LMR will allow Machien A to relay trought it). This leads to yet another scenario (see Scenario 3) or an alternative if Machine B can send emails trough | + | This is a bit like Scenario 1 but we will be using ssh to forward stuff to LMR and Machine B needs not be able to reach LMR's port 25 |
- | We can then start the ssh socks proxy on Machine B and have it listen | + | We can then start the ssh socks proxy on Machine B listening |
- | On machine B | + | On machine B with a privileged user |
ssh -2 -D 192.168.1.2: | ssh -2 -D 192.168.1.2: | ||
Line 99: | Line 109: | ||
DATA | DATA | ||
354 End data with < | 354 End data with < | ||
- | FROM:drao@invallee.it | + | FROM:me@localnet.com |
- | TO:drao@invallee.it | + | TO:dude@localnet.com |
SUBJECT: | SUBJECT: | ||
if you get this sending email trough ssh tunnel worked | if you get this sending email trough ssh tunnel worked | ||
Line 110: | Line 120: | ||
- | ===== Scenario | + | ===== Scenario |
- | Mostly like Scenario 2 but Machine A is not allowed to relay on LMR dew to MTA configuration. | + | * Machine A cannot reach LMR's port 25 |
+ | * Machine A is not allowed to relay thought | ||
+ | * Machine A cannot proxy on any other machine that is allowed | ||
+ | * Machine A can reach the LMR but only on port 22. | ||
We can still get the whole command to run on the LMR via ssh: | We can still get the whole command to run on the LMR via ssh: | ||
+ | |||
+ | <note important> | ||
cat << EOF > send_this_mail | cat << EOF > send_this_mail | ||
Line 126: | Line 142: | ||
quit | quit | ||
exit | exit | ||
- | | + | " | curl telnet:// |
+ | EOF | ||
cat send_this_mail |ssh 192.168.2.2 | cat send_this_mail |ssh 192.168.2.2 | ||
====== NOTES ====== | ====== NOTES ====== | ||
- | The command we used above is probably a good example of bad unixcraft, let me give a brief explanation on how it works. | + | The command we used in Scenario 1 is probably a good example of bad unixcraft, let me give a brief explanation on how it works. |
Let's momentarely get rid of the odd use of the fifo by just using this: | Let's momentarely get rid of the odd use of the fifo by just using this: | ||
Line 144: | Line 161: | ||
so now the whole command line looks like this: | so now the whole command line looks like this: | ||
cat /tmp/f | nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25 >> /tmp/f | cat /tmp/f | nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25 >> /tmp/f | ||
- | it is possible to do the same thing without having to use cat it is a little neater but still bad unixcraft | + | it is possible to do the same thing without having to use cat, it is a little neater but still bad unixcraft |
nc -l -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f | nc -l -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f | ||