[ale] SMTP and AT&T (VPN solution)
Bob Toxen
transam at VerySecureLinux.com
Mon Apr 14 15:17:07 EDT 2008
Mike's idea is, of course, great.
My solution is to set up a VPN. I invoke the following on my internal
firewall to my mail server, called babble:
ssh -lbob -o 'AllowedAuthentications password' -e none -S -g -\
L 10.0.0.1:25:babble.com:25 babble.com
echo "ssh mail VPN died" | Mail -s "SSH mail VPN died" \
bob at VerySecureLinux.com
echo "Sent email notifying bob that we died"
Of course, the above needs restarting any time either system goes down.
Using an empty passphrase, a loop around the code, and starting from
rc.local would fix that problem.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality spam and virus filters.
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
On Mon, Apr 14, 2008 at 10:44:08AM -0400, Michael H. Warfield wrote:
>
> On Mon, 2008-04-14 at 09:59 -0400, Chris Fowler wrote:
> > I went with AtNex and my partner went with AT&T. I was going to do both
> > with AtNex but Louie had the idea that we should be with different
> > providers. Also, he was lured with promises of a 6 meg connection.
> > With SF I never got my promised 3 meg and every dsl test I did never
> > made it that high. I'm skeptical about any numbers about dsl speed.
>
> > I use an outgoing sendmail server for his mail. I hear AT&T blocks port
> > 25. will a smart relay host in sendmail work with AT&T?
>
> Probably not, unless it's over IPv6 or it's an AT&T smart host.
>
> Last I knew, AT&T blocks 25 and 465(smtps?) both inbound and outbound
> but only on IPv4 (since they don't even see IPv6). If you've got and
> IPv6 smart host, you can just relay that from your 6to4 address and AT&T
> will never even see it. If you've got control of an IPv4 public host
> you can use as a smart host, just enable it's 6to4 address and you're
> good to go.
>
> Some people have reported requesting that port 25 be unblocked with
> varying success.
>
> > Chris
>
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list