[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IMAP over an SSH tunnel -- how does it work?

Matt Price <matt.price@utoronto.ca> writes:

> Hi everyone,
> the IMAP server at my ISP doesn't support ssh.  so I'm trying to set
> up an ssh tunnel for my mail to pass through (mostly I care about my
> password, not my mail, I guess that much be obvious).  
> I odn't have a shell account on the mailserver so I can't just do
> this:
> ssh -u <username> <mailbox.server.name>
> After some hunting and some suggestions I've found this, which seems
> to work:
> ssh <me>@localhost -L 9143:<mailbox.server.name>:143 
> then I just point getmail to 
> port = 9143
> server = localhost
> and my mail gets picked up!  But:  I guess I don't really believe that
> the mail is encrypted, since I don't understand how the connection to
> <mailbox.server.name> is encrypted when I don't log in or anything.
> Do other folks understand better how this works?  Or (more to the
> point) whether the packets sent by the mailserver are actually
> encrypted before they reach my local box?  

You'd be right to be sceptical.

All that -L does is create a TCP tunnel to the destination you

So what the program does given your is this:

  connects securely to localhost
  sets up a listener on 9143 on localhost
    whenever a connection arrives on that listener:
       a connection is made to mailbox.server.name port 143

so the connections to your mail server are still unencrypted.

It's not unusual for your mail server to not support ssh. However, you
might find that they support TLS/SSL for IMAP. This is the accepted
way to cryptographically secure IMAP.

Nic Ferrier

Reply to: