[sf-lug] sending mail through SSH port forwarding

Rick Moen rick at linuxmafia.com
Mon Oct 13 23:31:04 PDT 2008

Quoting Asheesh Laroia (asheesh at asheesh.org):
> On Tue, 14 Oct 2008, Tyler Trafford wrote:
> > John Magolske wrote:
> >> In an attempt to send email through SSH for protection against
> >> password sniffing while using public wifi, I set up port forwarding
> >> with this command:
> >>
> >> ssh -l remote_username -L 9999:mydomain.net:25 user1 at mydomain.net -N -f
> >
> > Related reading:
> >
> > http://www.debian-administration.org/articles/487
> I created my own version of the above that I like more.  See 
> http://www.asheesh.org/note/sysop/mail-tunnel.html .

I might be missing something fundamental about the problem the original
poster was trying to solve.  Isn't the MTA you're tunneling to going to
turn around and (generally speaking) deliver the SMTP stream across the
global Internet in plaintext, anyway?  That being the case, and
considering that it's simply unwise to send confidential data via SMTP
at _all_ (unless content-encrypted at the sub-SMTP level, or confined 
to special scenarios), what's the point of tunneling "for protection
against password sniffing" over the first hop _only_?

Over hear at Chez Moen, we all know that the wireless network is
fundamentally insecure, and so simply make a point of not trusting it.

More information about the sf-lug mailing list