[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

This is an old revision of the document!


Proxying Emails to Your Local Mail Relay Server

There may be times where you may need to send emails from a machine, that can not do so directly nor thought your local SMTP relay. As far as I know SMTP protocol does not support proxy itself but I can think of several ways to work around the problem. Let us have a look at some scenarios with examples on how you could go about working around the problem. Throughout the scenarios we will be referring so 3 machines:

Machine A with IP address 192.168.0.2 (cannot send meils directly via internet and cannot use Local Mail Relay)

Machine B with IP address 192.168.1.2

Local Mail Relay (LMR) with IP address 192.168.2.2

Scenario 1

Machine A cannot send mails directly (has no local MTA and cannot access directly any other RELAY) but Machine A has access to machine B and Machine B can access LMR's port 25 and is allowed to use LMR for relaying mails.

We can use nc to proxy mail from A to LMR

On machine B

mkfifo /tmp/f
nc -l  -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f
The above command is a dirty way to get the output from LMR back to A. See NOTES below if it is not clear to you how it works.

On machine A

telnet 192.168.1.2 1234
Trying 192.168.1.2 ...
Connected to 192.168.1.2.
Escape character is '^]'.
220 smtp.localnet.com ESMTP Postfix
helo cicciobello
250 smtp.localnet.co
MAIL FROM:me@localnet.com
250 2.1.0 Ok
RCPT TO:dude@localnet.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
FROM:me@localnet.com
TO:dude@localnet.com
SUBJECT:test sending email from A trough B into smtp.localnet.com
If you get this it works.
.
250 2.0.0 Ok: queued as 1B1189AC
quit
221 2.0.0 Bye
exit
Connection closed by foreign host.

Scenario 2

Let's suppose that Machine A can reach the LMR but only on port 22 can we use a ssh tunnel between A and LMR to do the job for us ?

This time we will be working exclusively on machine A
ssh -2 -D localhost:1024 -N  192.168.2.2 &
curl telnet://smtp.localnet.com:25 -p --socks4 localhost:1024
220 merak.invallee.it ESMTP Postfix
helo testme
250 smtp.localnet.co
MAIL FROM:me@localnet.com
250 2.1.0 Ok
RCPT TO:dude@localnet.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
FROM:drao@invallee.it
TO:drao@invallee.it
SUBJECT:test using ssh tunnel
if you get this sending email trough ssh tunnel worked
.
250 2.0.0 Ok: queued as 29C549A7
quit
221 2.0.0 Bye
exit

This method may or may not work depending on whether Machine A is configured to be able use LMR for relaying mails (intendes as the MTA on LMR will allow Machien A to relay trought it). This leads to yet another scenario (see Scenario 3) or an alternative if Machine B can send emails trough LMR and A has access to B.

We can then start the ssh socks proxy on Machine B and have it listen on a port Machine A can access:

On machine B

ssh -2 -D 192.168.1.2:1024 -N  192.168.2.2 &

On machine A

curl telnet://smtp.localnet.com:25 -p --socks4 192.168.1.2:1024
220 merak.invallee.it ESMTP Postfix
helo testme
250 smtp.localnet.co
MAIL FROM:me@localnet.com
250 2.1.0 Ok
RCPT TO:dude@localnet.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
FROM:drao@invallee.it
TO:drao@invallee.it
SUBJECT:test using ssh tunnel
if you get this sending email trough ssh tunnel worked
.
250 2.0.0 Ok: queued as 29C549A7
quit
221 2.0.0 Bye
exit

Scenario 3

Mostly like Scenario 2 but Machine A is not allowed to relay on LMR dew to MTA configuration. We can still get the whole command to run on the LMR via ssh:

cat << EOF > send_this_mail
echo "helo testme
MAIL FROM:me@localnet.com
RCPT TO:dude@localnet.com
DATA
FROM:me@localnet.com
TO:dude@localnet.com
SUBJECT:test using ssh on remote server
it worked
.
quit
exit
EOF" | curl telnet://localhost:25
cat send_this_mail |ssh 192.168.2.2

NOTES

The command we used above is probably a good example of bad unixcraft, let me give a brief explanation on how it works. Let's momentarely get rid of the odd use of the fifo by just using this:

nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25

If we repeat rest of Senario 1 we would see the output from LMR's MTA show up on Machine B and no feedback at all making it to Machine A. What we want to do is feed the output of “nc 192.168.2.2 25” (that connects to LMR) back into the nc that is in listening mode so that it can make it back to Machine A. The pipe itself is not bidirectional so we need some unixcraft to work around the problem: we create a fifo and have the output of “nc 192.168.2.2 25” fed into it

nc 192.168.2.2 25 >> /tmp/f

and we feed the other end of the fifo into the other nc that is listening

cat /tmp/f | nc -l -p 1234 -s 192.168.1.2

so now the whole command line looks like this:

cat /tmp/f | nc -l -p 1234 -s 192.168.1.2 | nc 192.168.2.2 25 >> /tmp/f

it is possible to do the same thing without having to use cat it is a little neater but still bad unixcraft

nc -l  -p 1234 -s 192.168.1.2 < /tmp/f |nc 192.168.2.2 25 >> /tmp/f

Sources

Originally written by Louigi600

 howtos:misc:proxying_smtp ()