Email firewall rules…Really?

Does your corporate IT security team block outbound smtp ports (25, 465, 587) but allow 993 traffic?

REALLY?


Let us sidestep this silly “security” meme. I am using gmail here because I trust their ability to timely deliver email on a consistent basis. Side note: email is supposed to be easy you fool!

Do you have outbound port 22 SSH access to another server? If not, that is the topic of another post!

The following works on Mac and Linux boxen. A slight modification will be needed for that other OS.

First you need to add the following line to your /etc/hosts file:

#127.0.0.1 smtp.gmail.com

Now the good stuff. Add this to ~/bin/gmail_tunnel.sh and chmod +x ~/bin/gmail_tunnel.sh

#!/bin/bash

if [[ $EUID -ne 0 ]]; then
    echo "You must run as root" >&2
    exit 1
fi

clear
cat <<'EOF'
                                         ,,    ,,  
  .g8"""bgd                              db  `7MM  
.dP'     `M                                    MM  
dM'       ` `7MMpMMMb.pMMMb.   ,6"Yb.  `7MM    MM  
MM            MM    MM    MM  8)   MM    MM    MM  
MM.    `7MMF' MM    MM    MM   ,pm9MM    MM    MM  
`Mb.     MM   MM    MM    MM  8M   MM    MM    MM  
  `"bmmmdPY .JMML  JMML  JMML.`Moo9^Yo..JMML..JMML.

EOF


echo "Enabling hosts hack..."
sed -ie 's/^\#127\.0\.0\.1 smtp\.gmail\.com/127\.0\.0\.1 smtp\.gmail\.com/' /etc/hosts

echo "Enabling tunnel..."
ssh -c arcfour -L 25:smtp.gmail.com:25 \
 -L 465:smtp.gmail.com:465 \
 -L 587:smtp.gmail.com:587 external-server -N

echo "Removing hosts hack..."
sed -ie 's/^127\.0\.0\.1 smtp\.gmail\.com/\#127\.0\.0\.1 smtp\.gmail\.com/' /etc/hosts

Leave a Reply

Your email address will not be published. Required fields are marked *