how to run dynamic ssh tunnels
service smtps
{
disable = no
socket_type = stream
wait = no
user = USER
server = /usr/bin/ssh
server_args = USER@HOST -C /home/USER/bin/localsmtp
bind = 127.0.0.1
}
service pop2
{
disable = no
socket_type = stream
wait = no
user = USER
server = /usr/bin/ssh
server_args = USER@HOST -C /home/USER/bin/localpop
bind = 127.0.0.1
}
I have the above in my xinetd configuration to automatically generate ssh tunnels. I configure my MUA to talk to localhost on the pop2 port for POP connections to my real POP server and I configure Postfix (my local MTA) to relay all mail through localhost on the smtps port with the directive "relayhost = 127.0.0.1:465".
The localpop script contains the command "nc 127.0.0.1 110" and the localsmtp script contains the command "nc 127.0.0.1 25". I use the localpop and localsmtp scripts so that if I change anything on the server end then I can easily adjust the scripts without reconfiguring the workstations that relay their mail.
The same configuration can be used whenever you have shell access via ssh to a machine that runs a MTA. It's not difficult and the ssh connections are terminated whenever the MUA or the MTA that initiated them times out and closes it's connection. This means that there is no need to have cron jobs monitoring the ssh tunnels or anything else that is difficult.