Problem: Many Windows e-mail programs send account ID, password and e-mail content over the network in clear-text.
Today there are a number of solutions available to provide protection against someone sniffing your credentials and data from the network, including VPN, SSL and SSH.
In this section, we will show how to utilize SSH port forwarding to securely send and retrieve email using IMAP and SMTP. Port forwarding allows you to run TCP based services in an SSH session from your local machine to a remote machine. By running the TCP based services in the SSH tunnel, all data going from your local machine to the remote machine endpoint is encrypted.
Note |
Keep in mind that by utilizing OpenSSH port forwarding, you are only encrypting the data as it goes from your local machine to your email server. The email is unencrypted as it travels from your email server to its destination server. To encrypt the contents of your email in this way, a program such as PGP or GPG is required. |
We first need to set up the initial connection settings to the remote mail server within PuTTY.
Note |
The server and port of the machine you enter here does not have to be the machine to which you will be creating the SSH connection. If you enter a machine different from the one to which will connect via SSH, your data will be secured between the client and the SSH server, but not between the SSH server and the final destination. Only ports forwarded to the SSH server itself are encrypted. |
Now we need to add the address of the computer to which we send our outgoing mail, utilizing SMTP. The default port for SMTP is 25.
The Port Forwarding section of the PuTTY configuration should look like the screen below:
Now that PuTTY is configured to allow port forwarding, we need to connect to the remote server and verify that the local machine is listening on the correct ports.
(In fact, that is exactly what you have done - while the SSH port forwarding session is open, you are also connected interactively to the remote machine.)
Now that the connection is open, we need to verify that the local machine is listening on the ports we specified earlier:
(If the output scrolls by too quickly to read, pipe the command through more by running netstat “an more . This will allow you to see the output one page at a time.)
Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1037 0.0.0.0:0 LISTENING TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING TCP 0.0.0.0:1388 0.0.0.0:0 LISTENING TCP 0.0.0.0:9420 0.0.0.0:0 LISTENING TCP 192.168.1.10:1388 192.168.1.1:22 ESTABLISHED TCP 127.0.0.1:25 0.0.0.0:0 LISTENING TCP 127.0.0.1:143 0.0.0.0:0 LISTENING UDP 0.0.0.0:53 *:* UDP 0.0.0.0:135 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1026 *:* UDP 0.0.0.0:1028 *:* UDP 0.0.0.0:1326 *:* UDP 0.0.0.0:44333 *:* UDP 127.0.0.1:123 *:*
As you can see, the output shows the open and listening connection for the local machine. You will want to look for lines similar to the ones highlighted above. The first highlighted line:
TCP 192.168.1.10:1388 192.168.1.1:22 ESTABLISHED
is the SSH connection from your local machine to the remote machine. You can tell this is an established connection by the ESTABLISHED state displayed in the fourth column.
The next two highlighted lines:
TCP 127.0.0.1:25 0.0.0.0:0 LISTENING TCP 127.0.0.1:143 0.0.0.0:0 LISTENING
show us the port forwarding connections we have set up. The LISTENING state in the fourth column tells us that our local machine is listening on the ports specified in the second column. In this case, our local machine is listening on port 25, SMTP, and port 143, IMAP, at IP address 127.0.0.1. IP address 127.0.0.1 is the IP address of the loopback interface for our machine, also known as localhost.
Now that we have port forwarding for SMTP and IMAP configured and the connection has been verified , we need to configure our email client to take advantage of port forwarding.
For this example, we will use Outlook 2000 as our email client. However, the process should apply to other email clients as well.
The properties for the mail account should now look like the screen shown below:
SECTION I - Obtaining, Compiling and Installing OpenSSH
SECTION II - How to Use OpenSSH Clients for Unix-to-Unix Connectivity
SECTION III - How To Use PuTTY/WinSCP For PC-To-Unix Connectivity
SECTION IV - Using Public Key Authentication
SECTION V - Troubleshooting SSH Connections
SECTION VI - Advanced SSH Topics
Conclusion
Appendix - Sample sshd_config File