Re: Relay over SSH tunnel with Postfix?
On Sat, 2006-04-22 at 20:55 +0100, Magnus Therning wrote:
> On Fri, Apr 21, 2006 at 01:58:45PM -0400, Roberto C. Sanchez wrote:
> >You could try `ssh -L 25:localhost:25 you@your.server`
> >
> >Of course, that requires that you be root. If that will not work, use
> >port 2525 on the first part of the tunnel specification and then
> >configure your MUA to use port 2525 on localhost.
>
> Yes, I've tried that and it works fine, now I want to automate it.
> Ideally the tunnel would be created on demand, when postfix needs to
> flush its spool. Can I do that?
I'm not familiar with Postfix, but in Exim, you can create a simple
router that does this. You'll need to set up public-key authentication
for password-less logins to the remote box. This needs to be somewhere
before the primary router configuration in the exim config:
# ------------------------
ssh_remote:
debug_print = "R: ssh_remote for $local_part@$domain"
driver = redirect
domains = ! +local_domains
senders = *@mydomain
pipe_transport = address_pipe
user = local_user
data = "| ssh -C -l remote_user /usr/sbin/sendmail -bm
$local_part@$domain"
no_more
#-------------------------
The following values need to be replaced with their appropriate values:
mydomain : the real domain (example.com)
local_user : the user on the local machine that will be running the ssh
machine (this is the user whose public key will need to be on the remote
account's ~/.ssh/authorized_keys)
remote_user : the user on the remote machine
The line "senders = *@mydomain" is optional. It qualifies this router
is used only if the sender address has the domain mydomain. If you wish
to relay for all senders, then you can comment it out.
Casey
Reply to: