April 18, 2003
WiFi workarounds
When travelling be sure you've got contingency services available. Ben Hammersley's travelling and discovers the WiFi provider is blocking port 25 traffic. Thus Ben can't use his own SMTP servers while in this network. I've run into this myself and I have a workaround.
What I do is run an SMTP server on a different port. I run it on port 80. This way I can tell my mail software to use port 80 and everything keeps working. Most network environments, wireless or not, will pass port 80 traffic. This lets my traffic out, to my remote server and off from there. It does require configuring said box and using one that's not already running something legitmate on port 80 (like apache). But this is a great application for an old Pentium 133mHz box.
Alternatively, many networks won't block ports above 1024. Put your remote server on some random port number above that (up to 65535) and use that instead. YMMV, of course.
A word of caution, it's generally a BAD idea to use regular POP, SMTP and IMAP over wireless links. The traffic is sent in clear text when you use these protocols. So anyone sniffing the airwaves will SEE your PASSWORD as clear text. This is bad. When you use secured forms the passwords aren't in the clear. The packets can be picked up but breaking the passwords is more complicated. It's not impossible, however.
So when you use a WiFi network, even with WeP and secured services, be SURE to change your passwords when you get back home. No sense in leaving them set to something a hacker could come back and attack days or even months later.
The IANA reserves port 587 for message submission agents to differentiate from mail transport agents (which run on port 25). My sendmail servers have a submission agent running on port 587, and you can't submit a message unless you authenticate. Most ISPs don't block port 587, but don't put up a submission agent unless you do some kind of control over submissions, or ISPs will start blocking that one, too.
Also, some mail servers will have a TLS-enabled transport agent listening on port 465 to accomodate user agents that haven't caught up with the whole STARTTLS thing.
One thing that I've always done for handling SMTP authentication issues is just to do LocalForward in an SSH session and pass it off to a remote server that way. It's rare for SSH to be blocked, and all you need is this:
LocalForward 9025 localhost:25
Then tell your mail agent to always talk to port 9025 (Mail.app does this easily, as do most others I've worked with). It's not the "right way," but often it's the easiest way to get it all passed around without having to fight with authentication issues.
Posted by: petrilli on April 22, 2003 01:32 PM
