On Thu, Apr 10, 2014 at 07:21:09AM -0400, Chris Nehren wrote: > On Thu, Apr 10, 2014 at 11:05:36 +0200, Oswald Buddenhagen wrote: > > On Thu, Apr 10, 2014 at 02:31:54PM +0800, Eric Abrahamsen wrote: > > > I'm having a hell of a time getting my imap mail through China's > > > national firewall, even with a VPN. I'm fairly sure it's because all of > > > my accounts are gmail, and they don't like google/gmail. > > > > > if that really is the problem, any kind of tuneling/proxying will do. > > > > > Connecting via SSH through the server is another possibility, but SSH > > > traffic is dicey as well, and I wonder if Google's domain/IP would ever > > > be visible in the process? > > > > > the whole point of ssh tuneling is privacy, so of course nothing of that > > will be visible. > > That depends, actually. If you're not routing DNS through the > tunnel, then DNS requests will be leaked and the local ISP is > free to intervene and return whatever they like for them. > i don't think there is much to worry about. suppose you use this command:
$ ssh -N -L 40143:mail.google.com:143 myproxy.com myproxy.com is obviously resolved by your local DNS. you should make reasonably sure that you actually are getting the ip of your proxy server, e.g., verifying its fingerprint once you are connected. but google.com is resolved by the proxy server. for one, it is resolved on demand only (i.e., when you actually connect to localhost:40143), and second because if you log into a NATed network, the client's DNS might not even know how to resolve the target host. fwiw, the best way to use an ssh tunnel with mbsync would be Tunnel "ssh myproxy.com tcpconnect mail.google.com 143" - in this case it is even more obvious that the resolution will be done by the proxy, as the tcpconnect command is run there. ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
