Reply to: to email server thru a firewall or proxy ?

Re: POP and SMTP through HTTP

yes but its an outgoing port, rather than an incoming port.

Re: POP and SMTP through HTTP

IMAP will encounter the same problems as SMTP ... it just uses a different port.

Re: POP and SMTP through HTTP

IMAP?

Re: POP and SMTP through HTTP

Hi Folks,
Thanks for all the replies! Very complete also, I might add.

I have finally established that the proxy server won't accept SOCKS, that's why my attempt with SocksCap and Proxifier are not working. Httpstunnelling should be accepted. But as pointed out, the traffic between the proxy and my remote server would then be on the wrong port. My POP or SMTP packets would end up trying to connect on the httpsport, and not be accepted by my email server. So that would not work.

web-based mail: yes indeed that works nicely, with the catch that like having my mail saved onto my PC, so I can keep it all. I can't do that with the web-mail.

Final verdict- web-mail it is !

Re: POP and SMTP through HTTP

ok here goes.

to get out of your network you have to go via a proxy server that is only configured for httpand https. Assumption

You have no control over the firewalls or the ports that are open so cant simply open the required ports.
There is no socks proxy available for either.

Then you would have to use a method that can be proxied such as web mail if available.

Basically a proxy does what it says . It will terminate the connection from the client and then create a connection to the server on the clients behalf and start a new one to the server. All connections through a proxy are done like this. And an httpproxy will only proxy connections for applications that it understands such as http.A socks proxy can handle most applications but requires client side software to direct the packets to the socks proxy.


Now httpstunneling takes advantage of the fact that a proxy server cant look at the data stream for encrypted traffic , it is encrypted from the client to the server all the proxy does is forward the packets. Overly simple but thats the basic affect. Anyway this means that you can effectively tunnel any protocol throught https, security nightmare. Such as exchange 2003 which has rpc over https, thats a full mapi client straight throught the proxy servers.

Some clever people have written software that utilises this and the fact that most if not all corporate networks only allow normal users proxy access to the internet, to write remote control software that allows you to take over your home machines desktop via an httpsstream. That httpstunneling as the underlying protocol is not http.

Re: POP and SMTP through HTTP

Vetran came up with some buzzwords I remember him mentioning.

He certainly had full telnet to his home server and the ISP server. I'm still in occasional contact with him (all my sites run on his server - and most of them were setup on that server during the working day from his desk). He used to have a webcam at his house on his work desktop. Not sure what he was actually supposed to be doing - probably the same as me - filling a seat for the greater glory of a manager.

I know I couldn't get VNC working through the firewall even when I set it to port 80. It's hardly critical to me so I gave up. If it did become important I'd dig deeper.

Re: POP and SMTP through HTTP

You sound like a bloke who knows what he's on about.

I wouldn't bet on that :rollin . I think you are missing a winking smiley on the end there .

I assume you are talking about a Virtual Private Network.

Basically a remote user will dial up directly to a VPN Server and create a link.
All comms will be to and from that VPN Server.
The remote user will package up data into a datagram with some IP header info. All of this datagram (including the IP header) is encrypted in some way (probably using asymmetrical encryption). This encrpyted datagram is then placed as the payload inside another datagram "wrapper" which has it's own header. The wrapper header contains the address of the VPN Server as the destination. The datagram is then sent to the VPN Server which removes the encrpyted payload and decrypts it. The decrpyted payload contains the address of the internal target machine which the remote user is trying to connect to.
Because the entire IP address is encrypted, no-one outside the VPN Server can read the address of the target and therefore the target is effectively invisible to the outside world.

The VPN server MIGHT be either outside the firewall or might allow SMTP access itself.
Either that or he is only able to access WebMail on his ISP.

I'd be surprised if he was able to run MS Outlook through that method.

Re: re

probably using ssh or similar, I use it to access a number of networks, look at openssh & Putty. Basically you just tunnel through from the inside to an outside server or if they allow incoming ssh the other way.

re

Why don't you get your mail server to run on port 80? And have a redirect on port 25 to 80?

Re: POP and SMTP through HTTP

You sound like a bloke who knows what he's on about.

What's all this httpstunnelling stuff. A bloke who I used to work with was able to gain full access to a server he had running on his adsl connection and then out from that to other servers including his mail server on a commercial ISP.

All a bit unclear I'm afraid so you maybe won't know what I'm whittering on about but certainly he could do anything he liked through the company firewall.

Perhaps theres room in the market for a product here for folks to spoof company firewalls

POP and SMTP through HTTP

I thikn you are getting a bit confused here.

POP, SMTP and HTTPare all application layer protocols and use different TCP ports.

They also therefore are architecturally at the same level and you can't route one through the other.

HTTPprotocol describes how 2 entities transfer and show web pages and uses TCP port 80.
POP describes the retrieval of email from a web server mailbox and uses TCP ports 109 or 110 depending on the version.
SMTP describes how to send email to a remote web server's mailbox and uses TCP port 25.

It is very common indeed for firewalls to block SMTP ports and POP ports but allow HTTP.This is what you are seeing. The only way to avoid this is to use webmail as suggested by the other poster.

Hope this helps. TCP/IP is a complex beast

Re: re

do they have a webmail option?

Do they allow outgoing ssh on the site?

Re: re

In Ireland. I think. The company is in ireland, (www.irishdomains.ie) so I'm assuming the servers I too, but who knows these days.
The addresses are pop.strongpoint.ie and smtp.strongpoint.ie

Incidentally, I find 'Irish Domains' service very good.

thanks,
BD

re

Where's your mail server based?

Hello,
Thanks for the response.

Indeed, I should be more clear.
The firewall blocks all diect connections to the outside world, including POP and SMTP connections.
However, web browsers can make httpconnections indirectly, by going through a proxy server. The proxy server is allowed make some connexions to outside world.
So my question is really, do you know any way to tunnel the POP and SMTP traffic through http?

I had hoped to use a SOCKS connection to from email client to proxy, but proxy does not allow that, only http.
Thanks anyway !