On 2011-09-06 Matthias Andree wrote: > I am in a situation where I would like to achieve either of these > solutions: > > Alternative A: > > - have Postfix's smtp client talk through a command via stdin/stdout > (instead of a TCP stream). > > That command would be ssh -W mailhub:25, with a user-specified > password and possibly some sort of credentials cache (like ssh-agent). > > - Ideally, I would be able to pass relevant environment variables such > as SSH_AUTH_SOCK to the SMTP client somehow, and Postfix's smtp client > would run under my own unprivileged user ID if possible (else I need > to find a proxy for ssh-agent, too, because it checks the peer user > ID). > > - What I can do, but dislike because it's unreliable and consequently > insecure, is: set up a regular ssh tunnel (with local listening TCP > stream socket) with "-L" local forwarding and redirect Postfix there.
What makes you believe that an SSH tunnel were any less reliable than "ssh -W"? Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq