by Gaz
Road Warrior Email
1:10 am in Technology, Travel by Gaz
As we’ve travelled from hotel to hotel across the US for the last couple of months, I’ve had intermittent problems with sending email depending on which hotel we’ve been staying with. I figured that the problematic ones were the result of the network administrators blocking traffic over ports 25 (standard SMTP port) and 465 (standard SMTP over SSL port), ostensibly to prevent their customers (and perhaps wardrivers taking advantage of the open SSID) from using their wireless network as an open mail relay to distribute spam. That’s all well and good, but a good part of my job involves being able to respond to and send email in a timely fashion, so I’ve been cogitating on a workaround for some time now…
While it is very easy to set up an SSH tunnel to another machine where you have login access, setting up xinetd to open up the tunnel whenever a connection at the local end is requested is laborious, and I didn’t figure out how to persuade the remote MTA to accept an email pushed from the local end of the tunnel :-(
The final piece fell into place when I found out about Mail Submission Protocol, and decided to see which of my mail providers supported it by simply turning off SSL and changing my outgoing mail port from 25 to 547 (leaving username and password the same where authentication was required), to see whether I could then get outgoing email past the hotel firewalls. It turns out that in every case, I could. What’s more many of them continued to work even if I turned SSL back on. I took the opportunity to security audit my outgoing mail settings, to make sure I have SSL turned on for my incoming mail too where possible — no sense in passing my login details over the wire in clear text for all to see if I can avoid it!
Here are the results:
| Account | RFC 2487? | RFC 2487+SSL? | POP3+SSL? | IMAP4+SSL? |
|---|---|---|---|---|
| Mac | yes | yes | yes | yes |
| Fastmail | yes | yes | yes | yes |
| Dreamhost | yes | no | yes | yes |
| GMail | yes | yes | yes | yes |
| Yahoo! | yes | no | no | no |
Conclusions:
I have to tweak a couple of things to make sure my email is always encryted over the wire, and that I can still use email even when the firewall is blocking ports 25 and 465…
- Always use outgoing port 2487, with SSL turned on;
- Don’t use my yahoo account for anything (except where I have to give an email address for website registration or the like);
- Send my outgoing mail from my Dreamhost account through one of my working RFC2487+SSL SMTP servers.
