Given all the fuss over blocking dynamic IPs due to spam, I’ve long sent outgoing SMTP via my server (which lives on a static IP). I download my mail from that using fetchmail over an SSH tunnel, and have done for a while. It’s very reliable, and that way it really doesn’t matter where I download from — quite neat. Also means I don’t have to futz with SMTP AUTH, IMAP/SSL, Certifying Authorities, or any of the other hand-configured complex PKI machinery required to use SSL for authentication.
However, I’ve been using plain old SMTP for outgoing traffic, by just poking a hole in the access db for the IP I’m on. A bit messy and generally not-nice.
So I decided to make it sensible and deliver using SMTP-in-an-SSH-tunnel. In the same SSH tunnel, in fact ;) With Postfix, it turned out very easy — here’s how to do it:
Add this option to the SSH commandline in the SSH tunneling script (I’m presuming you have one ;):
-L 8025:127.0.0.1:25
That’ll port-forward port 25 on the remote system to port 8025 on localhost, so that if a connection is made to port 8025 on localhost, it’ll talk to port 25 on the remote host. Std SSH tunneling there.
Now for Postfix — add this to /etc/postfix/main.cf:
default_transport = smtp:localhost:8025
This means that Postfix will always use SMTP to localhost on port 8025 for any non-local deliveries.
Run service postfix reload (cough, Red Hat-ism) and that’s it!
A whole lot easier than I was expecting… Postfix rocks.