IT Consulting in Richmond, BC, Canada
Minek Systems Inc. - IT Consulting Vancouver, Canada, Linux Consulting
email fax 305-356-7141
250-2639 Viking Way, Richmond, BC, V6V 1N3, Canada

SSH Tunnels | Secure SMTP access

Imagine you have a laptop PC, and you need to send email. Normally, you would use your local (home/office) or your Internet provider's mail (SMTP) server.

Assuming you are using typical email client, e.g. Mozilla Thunderbird, you simply define your default SMTP server, in my case, and voila - you are sending emails in no time.

What happens if you travel with your laptop to another state or country ? You need to modify SMTP server settings in your Mozilla Thunderbird email client, and define new SMTP server. If you travel a lot, it can be a hassle, especially if some hotels do not provide SMTP servers. I happen to travel a lot, visiting various clients I'm working for (many of or clients we provide IT consulting services for, are located in US), and I need a reliable email solution for my laptop.

Here is a solution that I'm using on my own laptop. We have an office SMTP server (running Exim on Debian, but that's irrelevant). For security reasons, our SMTP server does not allow relying - i.e. does not allow sending emails to remote email addresses from remote IP addresses. Only local (private) IP address can rely, so I can't use this SMTP server directly in Mozilla Thunderbird.
Instead, I create a simple SSH connection (a tunnel) to our server, which will allow connection to the SMTP server. SMTP server will this connection as soming from the local IP.

Basically we will create a tunnel, that will map port 25 (SMTP) on the laptop, to port 25 on the SMTP server. Of course, we are going to use free (as in 'free beer') software - in my case I'm using PUTTY:
It's free, secure, runs on Windows and Linux, and it's very simple to set up.
Windows version complete with smtp.bat script desribed below can also be downloaded from here.

Here is step by step procedure:
  1. Download and install the software on your laptop.
    We are assuming it is installed in c:\bin\putty directory
  2. Run c:\bin\putty\putty.exe and connect/login to your ssh server.
    By doing this, putty will remember your server's ssh keys, and it will not ask any questions later on.
  3. Create a script c:\bin\putty\smtp.bat :
    SET IP=
    SET USER=smtptunnel
    SET PASS=thisismypassword
    c:\bin\putty\plink.exe -ssh -2 -T -P %SSHPORT% -batch -l %USER% -pw %PASS% -L %IP%:25:localhost:25 %SERVER%
  4. Of course you'll need to provide valid username/password (smtptunnel/thisismypassword is just an example), the same that you used to log in to the ssh server in step 2), and actual ssh port (usually 22).
  5. Define default SMTP server in the Mozilla Thunderbird email client (or whatever other email client you are using, e.g. MS Outlook):
  6. Run the script. Send emails. We are done. It's like having local SMTP server at

Additional benefit of this solution - all communications with your SMTP server are encrypted and secure.

The same or similar technique, can be used of course for other applications - such as IMAP, SAMBA, etc... We are using similar tunnels to access our SAMBA volumes that actually reside on the Linux server, and we map these SAMBA volumes as local drives in Windows office PCs. It's little bit more tricky, because we must use port 139 (netbios), and this port is used by Windows itself, so new, virtual local IP address is needed, but it also is failry easy to do. We've been often using this and similar solutions in our IT Consulting services.

[Marvin Lee]

Our Last Five Customers

  • WCB, Richmond

Technical Guides

Other Links