Pine, IMAP, and SSH (SSH, The Secure Shell: The Definitive Gu...

Pine, IMAP, and SSH (SSH, The Secure Shell: The Definitive Guide)of 8http://www.hn.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/ssh...8/3/2005 2:16 PM11.3.2. Mail Relaying and News AccessPine uses IMAP to read mail but not to send it. For that, it can either call a local program (such as sendmail) or use an SMTP server. Pine can also be a newsreader and use NNTP (the Network News Transfer Protocol,RFC-977) to contact a news server.An ISP commonly provides NNTP and SMTP servers for its customers when connected to the ISP's network.However, for security and usage control reasons, the ISP generally restricts this access to connectionsoriginating within its own network (including its own dial-up connections). In other words, if you'reconnected to the Internet from elsewhere and try to use your ISP's services, the attempt will probably fail.Access to your usual servers can be blocked by a firewall, or if not, your outgoing mail can bounce with amessage about "no relaying," and the news server rejects you with a message about "unauthorized use."You are authorized to use the services, of course, so what do you do? Use SSH port forwarding! Byforwarding your SMTP and NNTP connections over an SSH session to a machine inside the ISP's network,your connections appear to come from that machine, thus bypassing the address-based restrictions. You canuse separate SSH commands to forward each port:$ ssh -L2025:localhost:25 smtp-server ...$ ssh -L2119:localhost:119 nntp-server ...Alternatively, if you have a shell account on one of the ISP's machines running SSH but can't log into themail or news servers directly, do this:$ ssh -L2025:smtp-server:25 -L2119:nntp-server:119 shell-server ...This is an off-host forwarding, and thus the last leg of the forwarded path isn't protected by SSH. Section9.2.4, "Forwarding Off-Host" But since the reason for this forwarding isn't so much protection as it isbypassing the source-address restriction, that's OK. Your mail messages and news postings are going to betransferred insecurely once you drop them off, anyway. (If you want security for them, you need to sign orencrypt them separately, e.g., with PGP or S/MIME.)In any case, now configure Pine to use the forwarded ports by setting the smtp-server and nntp-serverconfiguration options in your ~/.pinerc file:smtp-server=localhost:2025nntp-server=localhost:211911.3.3. Using a Connection ScriptThe Pine configuration option rsh-path can point not only to rsh or ssh, but also to any other program: mostusefully, a script you've written providing any needed customizations. There are a couple of reasons why youmight need to do this:The rsh-path setting is global, applying to every remote mailbox. That is, Pine tries to use this style ofaccess either for every remote mailbox or for none. If you have multiple remote mailboxes but onlysome of them are accessible via SSH/imapd, this leads to annoyance. Pine falls back to a direct TCPconnection if SSH fails to get an IMAP connection, but you have to wait for it to fail. If the server inquestion is behind a firewall silently blocking the SSH port, this can be a lengthy delay.