> From: moparisthebest (adminmoparisthebest.com)
>
> Just thought I'd mention that I accomplish this (running postfix at home
> with a residential connection) via a server-to-server OpenVPN tunnel.
> It gives me an IP on both ends to bind to and route traffic across, and
> is just as secure as SSH if not more so.
SOLVED
As moparisthebest pointed out, the solution can be attained without
socks and instead using smtp_bind_address and a layer 2 tunnel
/etc/postfix/main.cf:
smtp_bind_address = 192.168.4.1
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_helo_name = [1.2.3.4]
# 1.2.3.4 is the public ip address you will use
I have kind of done a lot of this:
# set up tunnel on Postfix machine
sudo ssh -w 3:3 -o Tunnel=ethernet -o ControlMaster=no [email protected]
# there are some ssh sshd setup if you're not using tunnels yet
# yes tunnels require root ssh
# If you have/want ipv6 capability, duplicate routing
# on remotehost
sudo ifconfig tap3 192.168.4.2 netmask 255.255.255.0
sudo iptables --insert FORWARD 1 --in-interface tap3 --out-interface
eth0 --jump MARK --set-mark 5
sudo iptables --table nat --insert POSTROUTING 1 --match mark --mark 5
--jump MASQUERADE
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# on postfix host
sudo ifconfig tap3 192.168.4.1 netmask 255.255.255.0
echo "21 smtpx" | sudo tee --append /etc/iproute2/rt_tables
sudo ip rule add from 192.168.4.1/32 table 21
sudo ip route add 192.168.4.0/24 dev tap3 src 192.168.4.1 table 21
sudo ip route add default via 192.168.4.2 dev tap3 table 21
Send secure email, be happy, use Postfix!
Thanks for the help!
