Am 06.09.2011 22:41, schrieb /dev/rob0: > On Tuesday 06 September 2011 13:59:20 Matthias Andree wrote: >> Am 06.09.2011 19:30, schrieb Wietse Venema: >>> Matthias Andree: >>>> Greetings, >>>> >>>> I am in a situation where I would like to achieve either of >>>> these solutions: >>>> >>>> Alternative A: >>>> >>>> - have Postfix's smtp client talk through a command via >>>> stdin/stdout (instead of a TCP stream). >>> >>> Can you describe the problem instead of the solution? There may >>> be other solutions than the ones you have in mind. >> >> The problem is this: >> >> - I cannot connect to the remote SMTP relayhost via plain TCP, it's >> firewalled on all ports. >> >> - The relayhost does not offer submission STARTTLS or SSL-wrapped >> legacy ports. >> >> - I *can* (and am permitted to) connect to a computer in the same >> LAN as the SMTP server by SSH. > > If you have root on this internal machine, or if you can persuade the > administrator to allow it, you can set up a p2p-mode openvpn between > your host and the one you SSH to. This can punch through closed > firewalls, because each endpoint is trying to send packets to the same > UDP port on the other. A stateful firewall will typically assume that > the outside host is replying to the LAN host.
Good plan, but neither root nor any chance to persuade $admin. The firewall block is deliberate. I've set up OpenVPN more than once, so that would've been easy. 8-)
