Use ssh port forwarding for email forwarding

Article Title: Use ssh port forwarding for mail forwarding. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

A wiki is set up on the server. you need to submit an email report to the users on each watch's interface based on the page modification. The server is located behind BSO and its level is restrictive. that is, the server cannot initiate any external connection. There are two solutions to solve this problem. one is to reduce the BSO level. The problem is that a lot of patch work is required, and the procedure is troublesome. Second, use some tips. Ssh tunneling technology is used here

1. smtp service

Wiki itself has the mail sending function and needs to call the mail () function of PHP. This function is supported by PHP by default. the OS requires the sendmail binary file and provides the smtp function.

In rhel, sendmail is installed as the mail server by default. you can enable the sendmail service to use the smtp service (in the previous red hat version, smtp does not require sendmail support, but in the current OS, the sendmail service must be enabled ?). The smtp service port is 25. You can perform the test using the following methods:

# Mail user_name@domain.name.com

Subject: hello from the server

This is the body of the e-mail.

Cc:

Here, the Subject is the title, followed by the Mail body, and the text is written. The last part is the CC address.

If smtp works properly, you can receive your own email in your mailbox.

2. ssh tunnel

Ssh can establish a tunnel for IP packet forwarding. For more information, see man ssh. Note that you need to enable the ip forwarding function (?) in the OS (?). Two important tunnel creation commands are:

Ssh-C-f-N-g-R remote_port: local: port user @ remotehost

You can bind a port remote_port of the remote server to the local port, where-C is used for data compression and-f is used for background operations. only when the user name and password are prompted Can you switch to the front-end. -N is not used to execute remote commands. This command is useful when only port forwarding is performed. -G allows the remote host to connect to the local forwarding port. -R indicates that the remote host port is mapped to the local port. If it is-L, the local port is mapped to the remote host port.

Ssh-L ........ This command is widely used on the internet. For more information, see.

The main difference between the two commands is that the-L parameter is used to forward the local port to the remote host, while the-R parameter forwards the remote host port to the local host.

Note:

1. the ssh tunnel should be started before the sendmail service and listen to port 25 in advance. At this time, sendmail on the server will prompt a failure to bind the socket. ignore this. if it is bound to it, you will not be able to work.

2. specify the realy host of sendmail and modify/etc/mail/sendmail. cf and/etc/mail/submit. cf. the DS field is added to your domain name. In this way, sendmail will not randomly find the relay host.

3. in/etc/sysconfig/sendmail, you can specify sendmail as the daemon state. in this case, the daemon state should be set; otherwise, php will not call sendmail.

Because our host is located after BSO and can only accept connections, I established a tunnel to the server on my own thinkcentre and forwarded the server port 25 to the local port 25. Port 25 and smtp service are enabled for both the remote host and local host. once apache sends an email to the server, the email is forwarded to port 25 at the remote end, and then forwarded by the local smtp service, this removes the firewall restriction.

NOTEs:

In some cases, for example, if an exception occurs on one end of the machine, you need to restart the sendmail service of both sides. In this case, port 25 cannot be bound to the forwarder. This is because port 25 of the server is occupied by the previous ssh tunnel.

The solution is to restart the sshd service on the server side, stop the sendmail service on the server side, re-establish an ssh transfer on the adapter side, and restart the sendmail service on the server and locally.

This article from The CSDN blog, reproduced please indicate the source: http://blog.csdn.net/DigBug/archive/2006/12/26/1462540.aspx