[Users] configuring IMAP over SSH tunnel

Tobias Crefeld tclx at klekih-petra.de
Thu Jun 5 13:13:51 CEST 2014 

Am Thu, 5 Jun 2014 10:41:50 +0200 schrieb Davide Mancusi
<arekfu at yahoo.it>:

> My IMAP server cannot be reached from the Internet, but I can ssh into
> a front-end machine and reach it from there. Claws Mail claims to
> support IMAP over SSH tunnel, and I noticed that the account
> configuration window has a "Use command to communicate with server"
> option.

I'm not familiar with this option so my reply doesn't fit exactly to
your question but as I am using ssh-tunnel as well in order to get
access to my imap / smtp server when I'm on the road my setup might be
helpful.

Before starting claws-mail I open a ssh-connection in a separate
terminal window (actually with an alias):

ssh -L 2525:local-smtp-ip:25 -L 1143:local-imap-ip:143 public-ip

Of course you could use numerical IP-address or FQDN for local and
public IP addresses. 
If the smtp- or imap-server is running on the same machine as the sshd
you could use "localhost" as address for local-smtp-ip or local-imap-ip.

I keep it open as long as claws-mail is running - actually after
connecting to an IMAP server it is not possible to close the
ssh-session as long as claws-mail runs...

After starting claws-mail you have to change the account data to new
addresses and ports for imap and smtp.

SMTP: localhost:2525
IMAP: localhost:1143

Of course you could use any other port on localhost as well, but using
ports < 1024 is not allowed without being root and there is no need to
use the same port addresses as the destination ports.

It's the same with the destination ports.  Especially if you use TLS
you probably want to use other ports to access IMAP and/or SMTP
service. Just replace the respective hostport entries in the ssh
statement above.

Of course there is this slight disadvantage that without resetting the
account data for the SMTP and IMAP services I always have to use the
ssh-tunnel from this client PC no matter whether I'm on the road or
have LAN access. In my environment this doesn't matter but you should
check your access to the public IP from your LAN.

-- 
Gruß,
 Tobias.
 
 no email, only xmpp: crefeld at xabber.de

More information about the Users mailing list