Security Issues and Privacy
IMAPS and Tunnelled SMTP over SSH
If you simply want to read your e-mail over a secure connection, or are just worried about your password being sniffed over the Internet, please view the instructions on setting up an IMAPS connection at http://www.maths.ox.ac.uk/help/faqs/email/remote.shtml.
If you are worried about the messages you send being intercepted, you will need to set up a tunnel for SMTP connections initially.
To do this, follow the instructions at http://www.maths.ox.ac.uk/help/faqs/security/email-over-ssh/index.shtml but set up an SSH tunnel to use port 25 only to gate.maths.ox.ac.uk.
The servers to use in your mail reader will then be IMAPS to imap.maths.ox.ac.uk (tcp/993) and For the tunnelled SMTP connection, run the following commands initially:
yourhost$ ssh -l <username> -L 2025:localhost:2025 gate.maths.ox.ac.uk
gate$ ssh -N -l <username> -L 2025:localhost:25 <publicly available machine>
where <publicly available machine> is one of the machines listed at http://www.maths.ox.ac.uk/help/machines
Then use localhost:2025 as your SMTP server.
Detailed information.
To help with the understanding of what is happening, here are the commands explained.
The initial ssh connection will set up a port forward to gate using an unpriviledged port number 2025.
The next ssh connection will set up a port forward from the unpriviledged port on gate which you have just set up (2025) to a machine running an SMTP server on priviledged port 25.
If you find that you cannot connect, it may be someone already has the unpriviledged port open. Simply change the destination unpriviledged address to something different, i.e. 2125, and connect as normal, e.g.
yourhost$ ssh -l <username> -L 2125:localhost:2125 gate.maths.ox.ac.uk
gate$ ssh -N -l <username> -L 2125:localhost:25 <publicly available machine>
Note privilidged ports are all <= 1024.