The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Using smtp from remote locations 7 April 2001
Need more help on this topic? Click here
This article has 1 comment
Show me similar articles
Regular readers will know that I'm in Ottawa for a short trip.  That means you know something my parents don't know yet.  They're still in Portugal on holiday.  I'll be picking them up upon their return.  That's when they'll find out I'm visiting.

Before I left, I set up an APOP server so I could remotely and securely get my mail from home.  I have set myself up with a local (actually regional) ISP.  I'm free to use their mail servers and that works well.  But some sites (freebsd.org included) are very strict about the mail they will receive.  In this case, they won't accept mail from the look.ca mail server (I suspect this is because my mail will have a different reply-to domain other than look.ca).  I was getting around this using a very simple procedure but I quickly grew tired of doing this every time I logged into my ISP.  So I've found a better way.

In case it makes any difference, I'm using FreeBSD 4.3-BETA and sendmail 8.11.3.

relay-domains
sendmail uses the file /etc/mail/relay-domains1 as a list of domains from which it will accept mail for relay.  In short, if you send from a host within one of the domains listed in this file, sendmail will accept it and redeliver it for you.  This file already contained the names of the domains within my subnet.  In order to tell sendmail to accept mail from my dial up account with look.ca, I did the following:
  • I ssh'd to my mail server.
  • Modify /etc/mail/relay-domains to add the IP address from which I was connected.  I could tell this from the who command:

# who
dan ttyp0 Apr 7 09:42 (216.154.60.217)

  • I hup'd sendmail:

killall -HUP sendmail

Then I was able to send mail.  This had two side effects.

  1. I had to do the able every time I connected to my ISP because my IP changed each time.
  2. The mail headers in my messages contained an extra hop to indicate the connection from my ISP.  This isn't really a problem.  It's merely a personal preference.

1 This local may vary from one operating system to another and is determined by the sendmail.cf setting FR-o /etc/mail/relay-domains or by the feature FEATURE(relay_entire_domain).  See http://www.sendmail.org/tips/relaying.html for more detail.

ssh tunnel
This method requires a ssh login from your local workstation to the remote mail server.  It's not very scalable as you don't necessarily want all users to have an ssh connection.  This solution is fine for just yourself and/or a few trusted users.

I've talked about an ssh tunnel before in the cvs remote article.  With an ssh tunnel, you can redirect a local port to a port on a remote machine.  In this case, I want to redirect port 25 on my box to port 25 on my mail server.  This can be done easily with a FreeBSD client with the following command:

ssh -p 25 -L 25:localhost:25 mail.example.org

This will redirect port 25 on your box to port 25 on your mail server at example.org.

If you are using a Windows, I know that Terra Tera (TTSSH)works.  See my list of windows ssh clients.  To set up SSH Forwarding in TTSSH, do the following steps:

  1. Select Setup | SSH Forwarding from the TTSSH menu
  2. Click on Add
  3. Select smtp from as the forward local port
  4. Enter the name of the remote machine (e.g. mail.example.org)
  5. Select smtp from as the port on the remote machine.
  6. Use TTSSH to connect to the remote machine as you would normally.
  7. On your mail client, set the smtp server to be localhost. On my Pegasus mail client, I do this via Tools | Internet Options | Sending (SMTP) | SMTP host.
  8. If you want to save these settings for next time: select Setup | Save Setup from the TTSSH menu.

With an ssh tunnel, you do have to connect to the mail server via ssh each time.  But you don't have to modify anything and your mail headers look the same no matter where you send your mail from.

My thanks to Lazarus for help with this.

Other options
You can also do POP-before-smtp.  This is probably a better solution if you have many users.  For examples, I searched with Google and found:

http://iecc.com/pop-before-smtp.html
http://people.oven.com/bet/pop-before-smtp/

and much more

See also smtpAuth at http://www.sendmail.org/~ca/email/auth.html.

more remote SMTP stuff 9 April 2001
Patrick Hawley writes:

Hey there...I saw your post on remote SMTP stuff, and wanted to let you know about a few things:

* the best POPbeforeSMTP utility I've found is called poprelayd:

http://poprelay.sourceforge.net/poprelay.html

...however, Outlook/Outlook Express both attempt to send mail *first* and retrieve mail *second*. Therefore, if your mail server users, for example, compose mail 'offline' and then attempt to connect to the mail server, it will fail as their mail client is trying to send mail *before* retrieving mail, while poprelayd works by snarfing IP addresses authenticated POP/IMAP requests and adding those IP addresses to a separate "alright to relay" database (/etc/mail/popip.db).

* there is an excellent unofficial HOWTO on SMTP_auth in the comp.mail.sendmail archives (you probaly can't click through to it, but will have to trvaerse there from www.perl.jann.com):

http://www.perl.jann.com/sendmail/200011/msg00564.html

* if you add the following line to /etc/mail/access:

208.190.223.7     RELAY

and then rebuild the access.db by running

makemap hash /etc/mail/access < /etc/mail/access

you should be able to send mail through your mail server (instead of using relay-domains).


Need more help on this topic? Click here
This article has 1 comment
Show me similar articles