View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Linode talking to MS Exchange via SSH tunnel
Log in to Ask a Question

Linode talking to MS Exchange via SSH tunnel

random

Hi all

I've put this in /dev/random because it ultimately comes down to a Windows question although someone else may have a different solution. If you know anything about SSH from Windows NT then its really only my last two paragraphs that matter.

I seem to have become the volunteer IT support person at a private school where a good friend is the manager. They have about ten PC's running a mixture of Win 98 / 2000 / XP Home and XP Pro and an old server running NT 4 and Exchange 5.5. All email clients are Outlook. Its all a bit of a mess, most Outlook data is stored locally and Exchange isn't used for much more than a shared calendar. Backups were non-existent etc … :roll: I'm slowly cleaning things up and trying to get some consistency into it all.

They have a DSL internet connection with a dynamic IP. Internet mail is done with each workstation doing POP and SMTP directly with the ISP. With Outlooks set to poll every 5 minutes or less, 10 workstations means an average of one hit to the ISP's pop server at least every 30 seconds. I don't know if anyone really cares but that doesn't feel to me like a good way to do things. They have a web site and email was forwarded through the web host but the forwarding was often very slow so now the MX record points to my Linode and I'm forwarding mails to the individual mailboxes at their ISP.

I would much prefer to get internet mail flowing through the Exchange server with its SMTP connector. It would be much more efficient, more "instantaneous" and easier to maintain. Of course, receiving is a bit of a problem with the dynamic IP. An account with a fixed IP costs quite a bit more and money is rather tight. I know many people use a dynamic DNS service but that seems dangerous. There is always some delay when the IP changes and if the sending server tries to send to the wrong machine which just happens to have an SMTP server running which accepts the mail then that's a very bad situation. Also, the ISP is talking about blocking port 25.

From a newsgroup, I got a hint of another idea. If I open an SSH tunnel to the Linode and forward a remote port back to the Exchange server then the dynamic IP issue goes away. I just need to configure Sendmail on the Linode to delivery mail for that domain to something like localhost:1234 and that will be forwarded as port 25 on Exchange.

The only issue I can think of (but its a big one) is reliability. If I use OpenSSH or Putty on the Exchange box to open the tunnel, what happens if there is some sort of dropout somewhere, either on the DSL line, the path to the Linode or the Linode itself? I need it to reconnect. Has anyone come across any Windows software that will do this? My searches for things like "SSH reconnect" have found people asking questions about wanting to reconnect and reestablish the same session and connect to the same still running process which seems impossible but I don't need anything like that. I just need to reestablish a new connection if the old one drops out.

Any thoughts would be appreciated.

Cheers

Ross

4 Replies

While I have not been in your exact situation I have set up a persistent ssh tunnel from windows before.

The best solution I found was a minimal install of cygwin and a little bash script called from cron. All the script did was check if the tunnel ports were still open and if the tunnel was still viable. If it wasn't, any remaining parts of the tunnel were closed as nicely as possible and the tunnel restarted. Authentication was done with a restricted use passwordless key tied to a very limited user account so I didn't need to worry about having an agent running.

Unfortunately this was some time ago and the script is long gone, but I don't remember it being all that complicated.

/insert random prod about the only way to do anything useful with a windows box is put linux on it (or in this case, emulated linux) ;)

@filoseta:

The best solution I found was a minimal install of cygwin and a little bash script called from cron. All the script did was check if the tunnel ports were still open and if the tunnel was still viable. If it wasn't, any remaining parts of the tunnel were closed as nicely as possible and the tunnel restarted.

I would also try to do it this way, with cygwin cron. An alternative is to run it as a Windows service with a restart policy. However, as this only restarts if the process dies, this does not take care of some situations where the connection simply hangs.

Thanks guys. That's given me some food for thought. In my real job I'm a dot NET programmer so if I can't find anything off the shelf I might look at doing something in C# which starts Putty or OpenSSH in cygwin and then checks with a ping every few minutes. The .NET framework has a class with pretty good process control so I could kill a dead connection and restart. It sort of comes down to how wierd I really want to get with the thought of what would happen if I'm not around if it goes wrong.

Different subject but I've thought about trying to move them to Linux. It would certainly save them money but it seems like it would be an uphill struggle. They rely heavily on PageMaker and a few other Windows only programs. OpenOffice on Windows might be an attractive option to suggest as they anguish over buying another MS Office license.

Cheers

Ross

Or, as an alternative, try to move them off the Exchange server and onto a Linux server and keep the Windows the same (with OpenOffice on Windows as an option over time)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct