FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: Secure Email
Using PuTTY In Securely Sending and Receiving Email
Posted on 28 October 2003 04:21 AM

The following guide is offered as a convenient method of securing your email traffic. In essence, the objective of port forwarding is that your POP password goes through the SSH tunnel encrypted. Secondary to this, all email messages traveling from the mail server to the client and vice versa do so through a secure, encrypted tunnel. However, to guarantee your mail content privacy other solutions such as PGP should be employed. Another advantage of this is that it allows you to bypass your ISP's mail server and can be a work-around for those who have ISPs that have instituted blocks of port 25 or port 110. In using PuTTY (or another SSH client) and port forwarding via encrypted tunnels, your ISP will only see a SSH connection.

Enabling SSH email tunneling first requires that you:
1. Configure your SSH client
2. Configure your email client

Configuration of your SSH client

Okay, to get started, you will need the SSH program PuTTY.

Once you have downloaded PuTTY, double click PuTTY.exe to start the program. In the "Session" screen under "Host Name" you will need to specify your domain name. For "Protocol", you will need to select SSH. (See image below.)


Next, you will need to click on "Connection" in the Category menu on the left, click "SSH", then click "Tunnels". (See below.)


Now, we're going to set up the tunnel for POP3 (used for receiving email). On this screen, in the "Add new forwarded port:" section, you will need to specify "5110" (without the quotes) for Source Port and pop.example.com:110 (where "example.com" is replaced by your actual domain name) for the Destination, as shown below. Make sure "Local" is selected, then click "Add".  


Next, we need to set up the tunnel for SMTP (used for sending email). On the same screen as above, again under "Add new forwarded port", you will need to enter "5025" (without the quotes) for Source Port and mail.example.com:25 (where "example.com" is replaced by your actual domain name) for the Destination, as shown below. Leave "Local" selected and click "Add".


You should now see something like "L5110 pop.example.com:110" and "L5025 mail.example.com:25" under "Forwarded ports", as illustrated below.


Okay, now go back to the "Session" category in the menu on the left. Under "Saved Sessions" you will need to fill in a name to refer to the configuration options you've just set so that you will be able to easily load them in future sessions. We have chosen to name this default session "SecureEmail". Once you have entered the name, click on "Save". Your settings will be stored and you should now see the name of your session listed in the Default Settings box.

To open the tunnel, you will simply need to double-click the session name (or click once to highlight the session name and choose "Open").


Once you have done so, an SSH window will open up and you will be asked for your account access information. The username and password you enter will need to be that of your FutureQuest account, the same information you use to login to your CNC or use in your FTP client. After entering your username and password, you will not need to do anything else on this screen. However, you do need to keep it OPEN.

Configuration of your email client

To accomplish port forwarding instead of using the standard unencrypted channels to send and receive your email, you will need to make some modifications to the account settings in your email client. The changes you will need to make include:

Incoming mailserver: localhost (instead of the usual pop.example.com)
Port number: 5110 (instead of 110)

Outgoing mailserver: localhost (instead of the usual mail.example.com)
Port number: 5025 (instead of 25)

The locations of these settings and how you go about making these changes will depend on your particular email client, so it is advised to check the application's help section or contact the product support department if you should have questions. Below, we have provided brief and general instructions for two of the most popular email clients. 

To make these adjustments in Outlook Express 6, go to "Tools" and click "Accounts...". Click on the "Mail" tab, select the account you use and click "Properties". Under the "Servers" tab, change the names of the mailservers as documented above. Under the "Advanced" tab, change the port numbers.

To make these adjustments in Eudora, go to "Tools" > "Options", and then under "Getting Started" change the mailservers. To change the port numbers in Eudora, you will first need to move the file 'esoteric.epi' from "\\Eudora\\extrastuff" folder to reside directly in the "Eudora" folder instead. Close Eudora and start it again. Go to "Tools" > "Options", and you should see an entry of "Ports". Change the port numbers accordingly.

That's it.

Important: To send and receive your email, you will need to first connect to the server using the Default Settings in the Saved Session you entered earlier. Once you have connected via SSH, you will be able to send and receive your email using your email client, just as you would normally do. Except in doing so, you will be sending and receiving it securely through the SSH tunnel you have created.