[ltp] Re: Re: Sending email from laptops?

Joachim Schrod linux-thinkpad@linux-thinkpad.org
Wed, 3 Nov 2004 12:02:26 +0100


>>>>> "VB" == Volker Braun <volker.braun@physik.hu-berlin.de> writes:

VB> On Tue, 02 Nov 2004 08:02:50 -0500, James Knott wrote:
>>> The only reliable option is to use an ssh tunnel [...]
>> 
>> Assuming you don't get stuck behind a firewall that blocks ssh.

VB> Running sshd on non-standard ports is your friend :-) At least, until
VB> your admin goes through the trouble of setting up an application level
VB> firewall. Never encountered that though.

I encounter this all the time. Actually, any firewall setup that
doesn't involve at least stateful inspection to check the used
protocol isn't worth its setup cost and should be exchanged
immediately.

In such situations, stunnel is your friend, http://www.stunnel.org/. 
Run your stunnel server on port 443 (https). If there is already a SSL
Web server and you don't have a second IP address, use port 563
(nntps), that's usable in many circumstances.

For those situations where no direct connection is allowed from
workstations, patches are availabe to use stunnel over an HTTP proxy
like Squid. No public patches are available for authenticated HTTP
proxies, but that's just a four lines change.

Be aware that by using stunnel you might be in conflict with your
security policy. This might have grave consequences for your
employment. If you're a consultant and do this at a client, you might
risk law suits with high penalties. In doubt, talk with your
supervisor / client contact and watch your step. There are dragons out
there.

Cheers,
	Joachim

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim		     The most exciting phrase to hear in science, the
Rödermark, Germany   one that heralds new discoveries, is not "Eureka!"
<jschrod@acm.org>    (I found it!) but "That's funny..." [Isaac Asimov]