Re: pre-connect and smtp ?

[Brian Stafford <brian stafford uklinux net>]

On Sun, 19 August 20:36 christophe barbe wrote:
> Yes as Melanie said it, It's not really about encryption it's more about
> port forwarding.

Well, see my comments about port forwarding in my other reply on this topic.

> The use I have in mind is the following: 
> You've an account on a machine with an associated mail account. You can
> only use this account on local. You set up a ssh port forwarding with a
> pre-connect script and then you can use it as a local one. You use the same
> mechanism to login on your remote account and to set up your port
> forwarding. With ssh-agent this is a very appealing solution. 

I can see why you'd want to do this with POP or IMAP, but there doesn't
seem to be a lot of reason to do it for SMTP except perhaps for
authenticated relay.  But then SMTP has all the necessary AUTH and STARTTLS
facilities in the protocol.  Use a server that provides these instead of
using a hack.  LibESMTP provides the support and it works.

> btw I can't follow you on MTA and encryption. I've not enough knowledge in
> this domain but I'm not sure to be able to set up a ssmtp config. 
> 
> But I can't agree that ssh doesn't provide you real privacy. If you use a
> machine on a local network, everybody (with local root access) can easily
> spy you (he only needs to set his network interface in promiscuous mode).
> With port forwarding you secure your data up to a outside network where
> data becomes more difficult to gather.

STARTTLS is the correct solution for this.

> A normal user can't set up a private port forwarding in inetd (or i'm wrong
> ?). 

My mistake.

> Under balsa we only need (in send.c) to execute (blindly) the pre-connect
> command at the process_queue beginning.

Use Melanie's solution: wrap balsa and the port forwarder with a script.

Brian Stafford