Re: smtp proxy that takes in smtp auth?

zHihaO wrote:
i'm looking at this senario :

we have got a lot of clients in china who have problems connecting to
our servers locally. For some reasons unknown, traffic to our network
from china is being filtered by the government over there. So the
ideal solution i'm looking at is to have a server in china herself to
act as a proxy between the users there and the servers here since
datacentre to datacentre connection is so much better. Since we have
got multiple smtp servers for different clients, the proxy must be
able to forward the credentials between the users in china and the
smtp servers here locally. ideas anyone?

./zhihao

Why not setup an SSH based TCP tunnel? Bind a bunch of IPs as aliases to
the server's interface in China, then bind the other end of each tunnel
to the servers in your DC.

Setup a server in China that has an SSH session bound to port 25 for a
given IP, then pass the traffic via the SSH tunnel to the remote server
on port 25. The only thing you need in addition to that is a keepalive
script to kick off the tunnel again in case the tunnel dies (which does
occur if the connections between the two servers is broken).

Something like this for the SSH (to be run on the server in China):

ssh -b localip -g -C -N -f -L localport:remotehost2:remoteport
remoteuser@remotehost2

Granted this must be run as root because you are dealing with privileged
ports (lower than 1024). Additionally you will need to setup key based
authentication as well.

ssh -b 4.3.2.1 -g -C -N -f -L 25:1.2.3.4:25 root@xxxxxxx

And then you just need a shell script to check that the shell is still
running... we used once every minute, not perfect, but it did the trick
for us.

#!/bin/bash
COUNT=`/bin/netstat -nap |/bin/grep :::25 | /bin/grep ssh | /usr/bin/wc -l`
if [ $COUNT != "1" ]; then
/usr/bin/ssh -g -C -N -f -L 25:1.2.3.4:25 root@xxxxxxx;
fi

Hope that helps.

Tom Walsh
Express Web Systems, Inc.
http://www.expresswebsystems.com/

Relevant Pages

  • Re: Application level proxy for POP3/SMTP protocol
    ... Our users in china have got alot of problems ... have to get a server up in a datacentre in china and setup ssh port ... local servers on port 110 here. ... proxy that will redirect users based on the result of their dns records? ...
    (Focus-Linux)
  • Re: Application level proxy for POP3/SMTP protocol
    ... You will just write a redirect with dns enabled on the ... Our users in china have got alot of problems ... have to get a server up in a datacentre in china and setup ssh port ... local servers on port 110 here. ...
    (Focus-Linux)
  • Re: Site to Site VPN w/DHCP
    ... do this natively with some PIXs: ... I'm working on getting the VPN going but just having one problem. ... and download "Servers Alive." ... one site in USA one in China. ...
    (comp.dcom.vpn)
  • Re: Application level proxy for POP3/SMTP protocol
    ... A way for this solution is iptables, you can do the PAT concept, (port ... You will just write a redirect with dns enabled on the ... Our users in china have got alot of problems ... local servers on port 110 here. ...
    (Focus-Linux)
  • Re: smtp proxy that takes in smtp auth?
    ... smtp proxy that takes in smtp auth? ... we have got a lot of clients in china who have problems connecting to ... from china is being filtered by the government over there. ... proxy between the users there and the servers here since datacentre to ...
    (Focus-Linux)