Index of /muntsos/extensions/mailrelay

      Name                    Last modified       Size  

[DIR] Parent Directory 03-Apr-2019 07:30 - [   ] Makefile 16-Apr-2019 07:48 3k [TXT] README.txt 20-Jul-2017 12:55 2k [   ] control 28-Mar-2018 07:08 1k [   ] preinst 28-Mar-2018 07:08 2k

MuntsOS Mail Relay Extension Package Builder

This package builder creates a MuntsOS extension package customized for a particular server that has been configured for SMTP relay over SSH. Given a SSH server public key entry from an OpenSSH known_hosts file, the Makefile builds a MuntsOS extension package that will install everything necessary to enable SMTP relay over SSH.

Server Configuration

The mail relay server must have a user mailrelay, that is forced to connect to the server's local SMTP server by adding the following to sshd_config:

AllowUsers mailrelay

Match User mailrelay
        AllowTcpForwarding no
        ForceCommand /usr/bin/nc localhost 25

The mailrelay user on the server must also have the MuntsOS target's root user SSH public key appended to its authorized_keys file.

How It Works

The package installer appends an entry to /etc/inetd.conf similar to the following:

127.0.0.1:smtp stream tcp nowait root /usr/bin/ssh -q -T mailrelay@foo.bar.com
It also appends an entry to /root/.ssh/known_hosts similar to the following:
foo.bar.com,1.2.3.4 ecdsa-sha2-nistp256 BLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBLABLAHBL

When a program on the MuntsOS target connects to the local SMTP service (at localhost:25), inetd runs an openssh command to open a tunnel to the mail relay server's local SMTP service (also localhost:25).

This eliminates the need to run an SMTP agent program (which would be large and complicated) on the MuntsOS target. It also provides an encrypted tunnel to bypass any ISP (Internet Service Provider) restrictions. ISP's often block access to port 25 SMTP servers other than their own, in an attempt to block SPAM senders.


Questions or comments to Philip Munts phil@munts.net

I am available for custom system development (hardware and software) of products based on embedded Linux microcomputers or other processors.