Remote ESL Email On A Mac With OS-X
Using SSH Tunneling & Port Forwarding
Excerpted from: http://adrianhoe.com/2006/10/22/secure-wireless-email-on-mac-os-xW
ireless hotspots have blossomed in recent years and have become popular spots for businessmen, executives, working class, students and even veterans to surf, read and send emails. Cafes, restaurants, shopping complexes and many other public installations are providing wireless hotspots to lure visitors. Majority of these public wireless networks are configured with lowest security to allow trouble-free and ultra convenient connections to visitors. People equipped with wireless-capable notebook computers and PDAs overdrive this convenience. While they are enjoying their coffee and communicating wirelessly, little do they know that someone could be eavesdropping their digital conversation.When you are connected to public wireless network, anyone with some technical knowledge could have easily watching you sending your username, password, messages and essentially everything you send or receive. This is like someone overhearing your conversation in public area. With packet sniffer, anyone with little computer knowledge could effortlessly intercept your wireless signal going to and coming from your computer without you knowing they are doing so.
How? Computers communicate with each other over the network send and receive information in a form of packets. A packet contains information about the origin and destination of the packet in the header. This information includes the IP addresses of both sender and recipient. The body contains the data. When the packets are transmitted wirelessly, anyone within the wireless range can intercept the packets without any difficulties and you knowing it. These data packets travel freely through the air in clear text. There is also no indication that the packets have been intercepted or received by computers other than the intended recipient. It is just like you are talking to your friend with many strangers around you in a cafe. Everyone including your friend can listen to your conversation. The only difference is that they are not necessarily sitting near you. They can be in another room or anywhere as long as they are within the wireless range.
They can receive, save and analyze packets to obtain your username and password and use them against you. The next terrible fact you need to know, is that, the packets can be intercepted even on wired network. As long as the perpetrators are on the same network with you, they can easily intercept your packets using any sniffer software.
SSH tunneling
When an email client is sending or receiving messages to and from your email server, these messages including your username and password are in clear text and not encrypted.
How can we secure our wireless email? One easier way to do it is to tunnel your email access through SSH (Secure SHell). SSH is the standard for secure file transfer and remote logins over the internet. All traffic including terminal emulation and X11 traffic is encrypted with public key cryptography. It also supports tunneling and forwarding arbitrary TCP ports.
Essentially, anything that passes through SSH will be encryoted and appears to be garbled and meaningless to human eyes. Through SSH tunneling and port forwarding, all incoming and outgoing email as well as your username and password used to access your email will be encrypted.
In this article, I am going to show the steps to configure SSH tuneling on Mac OS X. I assume you already have set up public and private RSA or DSA keys for SSH. Although it looks a little tricky, the setting up of these keys can be as simple as the execution of a few Terminal commands. I will skip this part.
Port forwarding
The setting up and controlling of the SSH tunnel is done through Terminal with long command-line instructions that intimidate users. Fortunately, some programmers have developed small applications to handle this job with easy to use GUI.
SSH Tunnel Manager
There is a FREE Mac OS X utility called SSH Tunnel Manager (STM). It is a convenient GUI utility allowing you to create SSH tunnel to connect between SSH and your email client. It is simple to configure when you have understood ports and forwarding and SSH tunnel. Once configured, it can connect the tunnel automatically every each time you login to your Mac OS X user account.
STM setup
Download and install STM to your Applications folder. Launch STM. You will see STM’s main window (SSH Tunnels). Click Configuration to add new tunnel. A preference window will appear. Click [+] button below tunnel list. Enter the name of this tunnel, your ssh username, password and your ssh server location. The standard ssh port is 22. Most likely your ssh server uses port 22 as well.
The ESL SSH Server is “esl.eng.ohio-state.edu”. The SSH port is 22.
Next, you will need your mail host and port number. In my case, my mail host is mail.adrianhoe.com, POP port is 110 and SMTP port is 25.
The ESL Email Server is “esl.eng.ohio-state.edu”. The ESL POP port is 110 and the SMTP Port is 25
In this case, my POP and SMTP port (110 and 25) are tunnel through port 1100 and 2500 on adainmotion.com respectively. You can use a local IP as your ssh host.
Since you want to redirect through the tunnel locally on your computer, you’ll use Local port forwarding. At the preference window under Local
redirections, click the [+] button to add new port forwardings. Your unique local port will be on the left, then your remote mail host, and followed by your
mail port number on the right.
The last thing you need to do this click on “Options” button on the lower right of the preference window. Make sure the “Auto connect” option is checked. Other options and the command-line instruction are available in this drawer:
Email client setup
The last thing you need to configure is your email client. Before you can take the advantage of SSH tunneling, the settings of your email client have to be tweaked slightly. The following steps are specific to Apple’s Mail application. It is possible to make similar changes in other email clients.
Open your Mail’s preference and go to Account. Under Account Information, change “Incoming Mail Server” to localhost.
Lastly, click “Advanced” tab. Change “Port” to 1100. Save your changes and quit Mail.
You’re done!
If you see your mailbox in the Inbox has been greyed out, that means Mail cannot connect to local port 1100 and 2500. Check whether STM is running and your tunnel has been connected. If your computer shuts down or goes to sleep, it will disconnect the tunnel. A brief outage of the wireless connection will destroy the tunnel as well. In this case, reconnect the tunnel.
You can configure Mac OS X to launch STM every each time you login to your user account. On the dock, right click the STM application icon and make sure “Open at login” is checked.
That’s it.
If you need additional help, please do not hesitate to contact one of the ESL Network Administrators for assistance:
