Oct 13 2006

Mail.app, SSH tunnels and SOCKS proxies

Tags: , , , Filed under: Written in Englishhugo @ 21:49

After having fought for several days with Mail.app trying to make it do whatever I wanted and failing to do so, I reached the following conclusions:

  • IMAP over SSL does not work if used through an SSH tunnel
  • SMTP over SSL does not work if a SOCKS proxy is in use
  • When a SOCKS proxy is set, excluding a hostname or domain does not work: it just makes any connection to a matching host fail
  • Using an PAC file does not give satisfactory results (I don’t remember the details of this one, but basically I bumped into a number of issues)

This is with Mail.app 2.1.1 (752.3). I thought that might be useful to others, and would love to be proven wrong.

4 Responses to “Mail.app, SSH tunnels and SOCKS proxies”

  1. Hawk Wings » Blog Archive » Four things that Mail.app can’t do says:
    October 14th, 2006 at 11:28

    [...] Hugo Hass has been wrestling with Mail.app. Frustrating for him but interesting for us, he’s found four things that Mail.app can’t do: [...]

  2. Nick says:
    January 3rd, 2007 at 15:28

    I can refute the first two of your claims:

    First, IMAP with SSL works over an SSH tunnel in one of two ways:
    1) Disable all proxies in System Prefs, forward a local port (using “ssh -L :: …”) to the IMAP server’s SSL port, and point Mail.app to the local address and port. (It may be the case that disabling the SOCKS proxy alone is also sufficient for this.) Alternatively…
    2) Establish a tunneled SOCKS proxy (using “ssh -D …”) and then set that as your System Prefs SOCKS proxy, leaving all Mail.app settings as if you were directly connecting to the internet.

    Second, SMTP over SSL works with a tunneled SOCKS proxy by using method #2 above.

    However, I conquer with the third — that is, excluding hosts in System Prefs doesn’t do any good (which is idiotic) — and I haven’t tried the fourth.

    This is with Mail.app Version 2.1.1 (752.3) on a MacBook Pro running Mac OS 10.4.8.

    Nick

  3. Nick says:
    February 1st, 2007 at 23:39

    UPDATE

    It seems you must use “127.0.0.1″ as the hostname for a tunneled SOCKS proxy — using “localhost” seems to make SMTP connections fail. I hope this helps others having this problem.

    Nick

  4. lisa says:
    March 30th, 2007 at 20:32

    I could not get IMAP to work with SSL over my SSH tunnel with local forwarding for the life of me. But #2 worked — yay for dynamic forwarding!

Leave a Reply

Please copy the string aigru9 to the field below: