Re: [Evolution] imaps over a firewall?

From: David Woodhouse <dwmw2 infradead org>
To: Dan Winship <danw ximian com>
Cc: Mike Godfrey <migod uwaterloo ca>, evolution lists ximian com
Subject: Re: [Evolution] imaps over a firewall?
Date: Thu, 23 Oct 2003 11:42:27 +0100

On Wed, 2003-10-22 at 14:25 -0400, Dan Winship wrote:

I've got red-carpet working with appropriate proxy settings inside the
firewall ... is there any obvious way to connect to my external imap
server too?


There's a protocol called SOCKS which is designed for just that (letting
the sysadmin be schizophrenic and configure the firewall to both block
traffic and let it through), but evo doesn't support it.

Yes it does. Evo can run a command and use its stdin/stdout, instead of
trying to make a TCP connection directly. If you have a socksified
telnet or ssh, or indeed any other way of connecting to the outside
world, you can just use that.

Mike, you just need to work out some command which you can run from the
command prompt which lets you talk to your IMAP server through the
firewall; once you have that working it's fairly easy to make Evo use
it.

For reference, examples of such commands could be...

socks-telnet $mailserver 143
socks-ssl-telnet $mailserver 993
ssh $mailserver exec /usr/sbin/imapd
ssh $mailserver exec netcat localhost 143

If you're trying to connect through a firewall, SSH can also do clever
things to get at its remote server rather than just trying to connect
directly... you can go via a web proxy if it allows CONNECT requests,
for example...

ssh -o "proxycommand sh -c '( echo CONNECT %h:%p HTTP/1.0; echo; cat ) | nc proxy 3128'" $mailserver exec
imapd

You can make this easier by adding something like the following to your
~/.ssh/config file:

Note some proxies allow CONNECT only to certain ports; often only 443
and 563 (https and nntps resp.). So you could run a SSH daemon on port
563 of some box somewhere (preferably your mail server itself) and use
that via the web proxy...

Connecting to _internal_ machines from the outside is also fairly
simple, if there's a SSH bastion host you can log in through. For
example, I have Evo on my laptop configured to just run
'ssh $mailhost.company.internal exec imapd', and SSH knows that for host
*.company.internal it needs to run
'ssh bastionhost.company.com exec netcat %h %p' instead of just trying
to do a DNS lookup and connect....

The possibilities are endless. Evolution can almost certainly do what
you're after, if there's _any_ way of connecting from where it is to the
outside world.

--
dwmw2

Follow-Ups:
- Re: [Evolution] imaps over a firewall?
  - From: Lonnie Borntreger

References:
- [Evolution] imaps over a firewall?
  - From: Mike Godfrey
- Re: [Evolution] imaps over a firewall?
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]