[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:misc:proxying_smpt [2015/11/27 23:27 (UTC)] – [Scenario 2] louigi600howtos:misc:proxying_smtp [2016/06/20 07:28 (UTC)] (current) – proxying_smtp renamed to howtos:misc:proxying_smtp (Ended up in the wrong namespace) alienbob
Line 6: Line 6:
 Here are some scenarios with examples on how you could go about working around the problem. Here are some scenarios with examples on how you could go about working around the problem.
  
-Throughout the scenarios we will be referring so 3 machines:+Throughout the scenarios we will be referring to 3 machines:
  
-  * Machine A with IP address 192.168.0.2 (cannot send meils directly via internet and cannot use Local Mail Relay)+  * Machine A with IP address 192.168.0.2 (cannot send mails directly via internet and cannot relay on Local Mail Relay)
   * Machine B with IP address 192.168.1.2    * Machine B with IP address 192.168.1.2 
   * Local Mail Relay (LMR) with IP address 192.168.2.2   * Local Mail Relay (LMR) with IP address 192.168.2.2
Line 14: Line 14:
  
 ===== Scenario 1 ===== ===== Scenario 1 =====
-Machine A cannot send mails directly (has no local MTA and cannot access directly any other RELAY) +  * Machine A cannot relay on any local or internet MTA 
-but Machine A has access to machine and Machine B can access LMR's port 25 and is allowed to use LMR for relaying mails.+  Machine A can reach Machine on some unused port (1234 in the example below) 
 +  * Machine B can relay thought LMR 
 +  * Machine B can reach LMR's port 25
  
-We can use nc to proxy mail from A to LMR+We can use nc on Machine B to proxy mail from A to LMR. In this example it will appear to LMR as if it was Machine B that is sending the email.
  
 On machine B On machine B
Line 57: Line 59:
   * Machine A can reach the LMR but only on port 22.   * Machine A can reach the LMR but only on port 22.
  
-We use a ssh tunnel between A and LMR to do the job for us.+We use a ssh tunnel between A and LMR to do the job for us. In this example we are bypassing firewall by using ssh to forward traffic trough a encrypted tunnel. For this to work properly the ssh client that is going to be forwarding needs to be executed by an administrative account.
  
 <note important>This time we will be working exclusively on machine A</note> <note important>This time we will be working exclusively on machine A</note>
Line 72: Line 74:
   DATA   DATA
   354 End data with <CR><LF>.<CR><LF>   354 End data with <CR><LF>.<CR><LF>
-  FROM:drao@invallee.it +  FROM:me@localnet.com 
-  TO:drao@invallee.it+  TO:dude@localnet.com
   SUBJECT:test using ssh tunnel   SUBJECT:test using ssh tunnel
   if you get this sending email trough ssh tunnel worked   if you get this sending email trough ssh tunnel worked
Line 93: Line 95:
 We can then start the ssh socks proxy on Machine B listening on a port Machine A can access: We can then start the ssh socks proxy on Machine B listening on a port Machine A can access:
  
-On machine B+On machine B with a privileged user
   ssh -2 -D 192.168.1.2:1024 -N  192.168.2.2 &   ssh -2 -D 192.168.1.2:1024 -N  192.168.2.2 &
  
Line 107: Line 109:
   DATA   DATA
   354 End data with <CR><LF>.<CR><LF>   354 End data with <CR><LF>.<CR><LF>
-  FROM:drao@invallee.it +  FROM:me@localnet.com 
-  TO:drao@invallee.it+  TO:dude@localnet.com
   SUBJECT:test using ssh tunnel   SUBJECT:test using ssh tunnel
   if you get this sending email trough ssh tunnel worked   if you get this sending email trough ssh tunnel worked
Line 119: Line 121:
  
 ===== Scenario 4 ===== ===== Scenario 4 =====
-Mostly like Scenario 2 but Machine A is not allowed to relay on LMR dew to MTA configuration.+  * Machine A cannot reach LMR's port 25 
 +  * Machine A is not allowed to relay thought LMR  
 +  * Machine A cannot proxy on any other machine that is allowed to relay trough LMR 
 +  * Machine A can reach the LMR but only on port 22. 
 We can still get the whole command to run on the LMR via ssh: We can still get the whole command to run on the LMR via ssh:
 +
 +<note important>This time we will be working exclusively on machine A</note> 
  
   cat << EOF > send_this_mail   cat << EOF > send_this_mail
Line 139: Line 147:
  
 ====== NOTES ====== ====== NOTES ======
-The command we used above is probably a good example of bad unixcraft, let me give a brief explanation on how it works.+The command we used in Scenario 1 is probably a good example of bad unixcraft, let me give a brief explanation on how it works.
 Let's momentarely get rid of the odd use of the fifo by just using this: Let's momentarely get rid of the odd use of the fifo by just using this:
  
Line 153: Line 161:
 so now the whole command line looks like this: so now the whole command line looks like this:
   cat /tmp/f | nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25 >> /tmp/f   cat /tmp/f | nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25 >> /tmp/f
-it is possible to do the same thing without having to use cat it is a little neater but still bad unixcraft+it is possible to do the same thing without having to use catit is a little neater but still bad unixcraft
   nc -l  -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f   nc -l  -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f
  
 howtos:misc:proxying_smtp ()