[sf-lug] sending mail through SSH port forwarding

Jeffrey Malone ieatlint at tehinterweb.com
Mon Oct 13 20:34:32 PDT 2008 

As a note on the b) point -- the connections for ssh have no "keep
alive" messages.
So while a timeout will close the connection, no timeout will start
unless data is sent.

Practically, this means that if you login to a server, and then
disconnect from the network, wait 5 minutes and reconnect to the
network, the ssh session will still be open -- providing you didn't
type anything into the ssh console, and the server didn't try and send
you any output.
This is normal, intended bevhaviour, and by no means a security risk.

You may wish to look into SSL SMTP, however.  Many providers have it
for SMTP and POP3 (and probably IMAP).  The advantages being that
there would be no need to relay off another server (which puts you at
the mercy of that server's availability) and no need to pre-configure
the tunnel before sending an email.  Also, you then will have the same
connection settings for both secure and "insecure" networks.

Jeffrey

On Mon, Oct 13, 2008 at 2:48 PM, Jeff Tchang <jeff.tchang at gmail.com> wrote:
>> This seems to be working, but I had a few general questions:
>>
>> a)  Is the above setup actually sending everything encrypted (safe
>>    to use over unsecured public wifi networks)?
>
> Data within the tunnel is encrypted. For all intensive purposes this
> is enough to foil someone's attempt at sniffing your outgoing mail.
>
>> b)  I notice that the SSH port forwarding remains persistent across
>>    disconnecting & reconnecting the DSL connection. Are there any
>>    potential disadvantages to leaving this up? Is there a way to stop
>>    the process other than killing it by PID? Would it make sense
>>    to issue the above ssh command when booting ( /etc/init.d/ )?
>
> Exactly what do you mean by disconnecting and reconnecting the DSL
> connection? You mean the connection on the remote host?
> In general the tunnel will go down when you disconnect your SSH
> session cleanly. If you don't do it cleanly the open socket will
> linger a while until the TCP timeout is reached.
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
>

More information about the sf-lug mailing list