|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: smtp proxy that takes in smtp auth?
From: Mailinglists Address (mailinglist
expresshosting.net)
Date: Tue Jul 11 2006 - 12:35:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
zHihaO wrote:
> i'm looking at this senario :
>
> we have got a lot of clients in china who have problems connecting to
> our servers locally. For some reasons unknown, traffic to our network
> from china is being filtered by the government over there. So the
> ideal solution i'm looking at is to have a server in china herself to
> act as a proxy between the users there and the servers here since
> datacentre to datacentre connection is so much better. Since we have
> got multiple smtp servers for different clients, the proxy must be
> able to forward the credentials between the users in china and the
> smtp servers here locally. ideas anyone?
>
> ./zhihao
>
Why not setup an SSH based TCP tunnel? Bind a bunch of IPs as aliases to
the server's interface in China, then bind the other end of each tunnel
to the servers in your DC.
Setup a server in China that has an SSH session bound to port 25 for a
given IP, then pass the traffic via the SSH tunnel to the remote server
on port 25. The only thing you need in addition to that is a keepalive
script to kick off the tunnel again in case the tunnel dies (which does
occur if the connections between the two servers is broken).
Something like this for the SSH (to be run on the server in China):
ssh -b localip -g -C -N -f -L localport:remotehost2:remoteport
remoteuserremotehost2
Granted this must be run as root because you are dealing with privileged
ports (lower than 1024). Additionally you will need to setup key based
authentication as well.
ssh -b 4.3.2.1 -g -C -N -f -L 25:1.2.3.4:25 root1.2.3.4
And then you just need a shell script to check that the shell is still
running... we used once every minute, not perfect, but it did the trick
for us.
#!/bin/bash
COUNT=`/bin/netstat -nap |/bin/grep :::25 | /bin/grep ssh | /usr/bin/wc -l`
if [ $COUNT != "1" ]; then
/usr/bin/ssh -g -C -N -f -L 25:1.2.3.4:25 root1.2.3.4;
fi
Hope that helps.
Tom Walsh
Express Web Systems, Inc.
http://www.expresswebsystems.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]