Re: HTML email "bug", of sorts.

From: John Fitzgibbon (fitz@jfitz.com)
Date: 08/21/01 

Message-ID: <002801c129f5$4357d300$070ca8c0@FITZLT>
From: "John Fitzgibbon" <fitz@jfitz.com>
To: <Thor@HammerofGod.com>, <Jason.Haar@trimble.co.nz>, <bugtraq@securityfocus.com>
Subject: Re: HTML email "bug", of sorts.
Date: Mon, 20 Aug 2001 20:55:29 -0700

> Under Outlook, this isn't possible.
...and...
> This is a kludge, and I know it is a kludge, ....
...and ...
>There just doesn't seem to be a good compromise here.

This is possible, (I'm using it right now)...
It's not a kludge, (in my book anyway)...
And it's a pretty decent compromise...
... and it has (at least one) nice side-effect :-)

1. Install cygwin, (freely available from redhat)

2. Create a shell script to port forward your mail:
#!/bin/sh
ssh -L 25:localhost:25 -L 110:localhost:110 mailxxx.xxx.domain

3. Create a batch file to call the script,
(for example, say it's my_mail_forwarder.sh):
@echo off
C:
chdir \cygwin\bin
bash --login my_mail_forwarder.sh

4. Create a shortcut to the batch file. Run it before you use mail to log on
to your mailserver with port forwarding, (use keys if you don't want to have
to type passwords).

5. Configure Outlook to pop/smtp off localhost,
(under Tools -> Accounts -> Properties)

At this point, you should be downloading your mail securely from your
mailserver, (this is the nice side-effect). But not done yet....

6. Install Zone Alarm.
(Free for personal use, $20 for biz -- you don't need the pro version.)

7. In ZA Control Center -> Security -> Advanced:
Add 127.0.0.1 to the local network, (not sure why it's not there by default)

8. When Outlook next tries to access "Local Network", (popping/sending mail
via the port forwarding ssh session), tell ZA to allow this traffic, (and
remember this setting). When it tries to access the "Internet", (for example
when you open a HTML email), tell ZA to block this traffic, (and remember
this setting).

At this point you are sorted. Outlook will happily render HTML emails in
readable format, but will be blocked from fetching images, (and other nasty
activity that it is prone to undertaking without your consent).

If you have multiple email accounts on different servers, port forward
other, (unused), local ports and configure the Outlook account's ports
appropriately, (Advanced tab in account settings).

Relevant Pages

  • Re: Error 0x800CCC60
    ... port 25 as it may recognize you as a spammer especially if you are sending ... SMTP Error # 0x800ccc60 ... until I set up their e-mail in Outlook under the new logon. ... blocking SMTP traffic in some situations, so I disabled McAfee on one ...
    (microsoft.public.outlook)
  • Re: Error 0x800CCC60
    ... SMTP Error # 0x800ccc60 ... until I set up their e-mail in Outlook under the new logon. ... blocking SMTP traffic in some situations, so I disabled McAfee on one ... on port 25, even if I telnet from a working box, so I can't tell if ...
    (microsoft.public.outlook)
  • Re: Cant Send e-mails - Outlook 2003
    ... Rich, the answer to #1 is yes, at home Outlook sends messages just fine. ... I asked them about other port numbers, and they say they do not have any ... Your original settings might have been okay, but Verizon may have had server ...
    (microsoft.public.outlook.installation)
  • Re: Which SMTP port number to use
    ... AOLis SMTP port is 587. ... Diane Poremsky [MVP - Outlook] ... >> What is correct SMTP port number for outlook 2003? ... > AOL user, you will have to use whatever AOL says to use. ...
    (microsoft.public.outlook.general)
  • Re: SMTP SSL on Port Other than 25
    ... > use SSL/TLS over SMTP on a port other than 25. ... expertise with MS Outlook to offer a solution. ... and its predecessor, RFC 821, describe the SMTP protocol. ... which allows for authenticated connections by Message Submission Agents ...
    (microsoft.public.outlook)