[ale] SMTP and AT&T (VPN solution)

Bob Toxen transam at VerySecureLinux.com
Mon Apr 14 15:17:07 EDT 2008 

Mike's idea is, of course, great.

My solution is to set up a VPN.  I invoke the following on my internal
firewall to my mail server, called babble:

  ssh -lbob -o 'AllowedAuthentications password' -e none -S -g -\
    L 10.0.0.1:25:babble.com:25 babble.com
  echo "ssh mail VPN died" | Mail -s "SSH mail VPN died" \
    bob at VerySecureLinux.com
  echo "Sent email notifying bob that we died"

Of course, the above needs restarting any time either system goes down.
Using an empty passphrase, a loop around the code, and starting from
rc.local would fix that problem.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality spam and virus filters.
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002


On Mon, Apr 14, 2008 at 10:44:08AM -0400, Michael H. Warfield wrote:
> 
> On Mon, 2008-04-14 at 09:59 -0400, Chris Fowler wrote:
> > I went with AtNex and my partner went with AT&T.  I was going to do both
> > with AtNex but Louie had the idea that we should be with different
> > providers.  Also, he was lured with promises of a 6 meg connection.
> > With SF I never got my promised 3 meg and every dsl test I did never
> > made it that high.  I'm skeptical about any numbers about dsl speed.
> 
> > I use an outgoing sendmail server for his mail.  I hear AT&T blocks port
> > 25.  will a smart relay host in sendmail work with AT&T?
> 
> 	Probably not, unless it's over IPv6 or it's an AT&T smart host.
> 
> 	Last I knew, AT&T blocks 25 and 465(smtps?) both inbound and outbound
> but only on IPv4 (since they don't even see IPv6).  If you've got and
> IPv6 smart host, you can just relay that from your 6to4 address and AT&T
> will never even see it.  If you've got control of an IPv4 public host
> you can use as a smart host, just enable it's 6to4 address and you're
> good to go.
> 
> 	Some people have reported requesting that port 25 be unblocked with
> varying success.
> 
> > Chris
> 
> 	Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
> 



> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale

More information about the Ale mailing list