I have an interesting, yet common, problem at work. I like to have the luxury of checking my personal e-mail without the disadvantage of having my incoming and outgoing email sent clearly across my work's network. Here's what I did to work around it.
I made an SSH connection to another machine on the Internet using corkscrew through our proxy servers. With this connection I forwarded an IMAP port and an SMTP port. For most people, that would be enough.
However, I wanted to be able to use mutt to check my email, which doesn't speak SMTP. This meant I could do one of two things. One of those options was to use ssmtp instead of my local mailer on my machine and have it set to use my encrypted connection as its smarthost. The problem with this is that ssmtpisn't smart enough to queue mail in the event that my encrypted connection isn't open. So I opeted to use another method.
I decided to configure my local mailer, exim, to decide which type of mail is being sent and either deliver it normally or via my encrypted connection, based on the from address of the email message being sent.
This was a fairly easy accomplishment, once I understood exim. I don't intend on going into detail regarding how exim works. That is best left to the manual. However, here are my configuration changes and an explanation for them.
I added a transport to handle the new connection on a new port.
smtp2525: driver = smtp service = 2525
This creates a new transport using the SMTP method and connecting on port 2525. This has to be done because on my machine, my encrypted connection is on port 2525 and not on port 25 which houses the local mailer. Setting up a transport like this is the only way to use multiple port numbers for SMTP in exim.
I also had to modify my routers to use this new transport.
lookuphost: driver = lookuphost senders = myworkdomain.com transport = remote_smtp literal: driver = ipliteral senders = myworkdomain.com transport = remote_smtp external: driver = domainlist transport = smtp2525 self = send route_list = "* localhost byname"
In the literal and lookuphost routers, I added the senders configuration option which restricts that router from being activating unless the sender of the email comes from the domain listed. Then I added the external router which, because it is at the end of the list, serves as a catch all. The self = send option tells exim to allow sending mail to the same hostname that it receives mail for. This is required since both connections sit on the same machine. You'll also notice that my external router uses the new smtp2525 transport created in the last step, which effectively alters the port number to 2525. The route_list configuration option is nothing new to anyone who has configured exim before. It tells exim how to decide where to send the mail; in this case, send everything to localhost.
One final option is required. Because mutt doesn't speak SMTP, it calls the sendmail binary directly. When accessing exim this way, it will rewrite the Sender: header to reflect your username on the machine you are sending from. If exim does this, then my senders configuration directives above are useless, because the Sender: header will always be the same. In order to allow the altering of this, the user that runs mutt must be a trusted user.
trusted_users = mail:myusername:root
This allows the "mail" user (which exim runs as), "myusername", and "root" to alter their Sender: headers as they see fit.
I've been watching my mail logs as I send mail, and it hasn't missed a beat yet.
