JavaMail use of SSHD ports (when on open networks)
https://stackoverflow.com/questions/11075184
-
15-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a (hopefully) simple question. Is it possible to use SSHD tunneling to securely access your Microsoft Exchange server using JavaMail when you are on a public network? I read about someone using SSHD tunneling to use airport wifi securely, can I do the same for my mail client?
Consider the following code fragment which currently allows me to log into my mail server (assuming correct username and password)
1 Properties props = System.getProperties();
2 props.setProperty("mail.imap.port", "993");
3 Session session = Session.getInstance(props, null);
4 Store store = session.getStore("imaps");
5 store.connect(host, name, pass);
My question is on line 2, is port 993 on my machine or the mail server? Can I simple SSHD to my office using port 8080 and substitute 8080 for 993, thus using the secure tunnel I set up?
Note: to my knowledge I'm not encrypting any network traffic, and even if it is naturally encrypted by way of "secure wireless" I would still like an additional layer of protection. Thanks for taking the time to read
Solution
Port 993 is on the mail server. Unless you can ssh into the machine running your mail server, it's not going to be simple to set up the tunnel you need. If you can only ssh into your office machine, you would need a port on that machine that you can connect to and get to your mail server from there. You can use something like the netcat program to set up a series of tunnels, but again not that simple.
OTHER TIPS
You probably read about the proxy server support in ssh. What you want in this case is simpler.
ssh -L 8080:mailserver:993 user@officepc
This statement says listen on the local machine's port 8080. And traffic to port 8080 should go to mailserver:993. To get to mailserver:993 the traffic first goes through the secure connection to officepc.
So you'd modify the application to connect to localhost:8080.
Be aware that traffic between localhost->officepc is secured by ssh but from officepc->mailserver is not secured by ssh (but may be secure if the protocol is). If ssh is running on the mail server you could:
ssh -L 8080:mailserver:993 user@mailserver
This type of stuff is a little more important with web surfing than with email simply because with email it is easier for you to make sure you are already using SSL/TLS.
However sometimes in an attempt to combat spam internet providers may block mail ports (25 being the most common). SSH tunnels could help in that scenario.
