Linode talking to MS Exchange via SSH tunnel
I've put this in /dev/random because it ultimately comes down to a Windows question although someone else may have a different solution. If you know anything about SSH from Windows NT then its really only my last two paragraphs that matter.
I seem to have become the volunteer IT support person at a private school where a good friend is the manager. They have about ten PC's running a mixture of Win 98 / 2000 / XP Home and XP Pro and an old server running NT 4 and Exchange 5.5. All email clients are Outlook. Its all a bit of a mess, most Outlook data is stored locally and Exchange isn't used for much more than a shared calendar. Backups were non-existent etc …
They have a DSL internet connection with a dynamic IP. Internet mail is done with each workstation doing POP and SMTP directly with the ISP. With Outlooks set to poll every 5 minutes or less, 10 workstations means an average of one hit to the ISP's pop server at least every 30 seconds. I don't know if anyone really cares but that doesn't feel to me like a good way to do things. They have a web site and email was forwarded through the web host but the forwarding was often very slow so now the MX record points to my Linode and I'm forwarding mails to the individual mailboxes at their ISP.
I would much prefer to get internet mail flowing through the Exchange server with its SMTP connector. It would be much more efficient, more "instantaneous" and easier to maintain. Of course, receiving is a bit of a problem with the dynamic IP. An account with a fixed IP costs quite a bit more and money is rather tight. I know many people use a dynamic DNS service but that seems dangerous. There is always some delay when the IP changes and if the sending server tries to send to the wrong machine which just happens to have an SMTP server running which accepts the mail then that's a very bad situation. Also, the ISP is talking about blocking port 25.
From a newsgroup, I got a hint of another idea. If I open an SSH tunnel to the Linode and forward a remote port back to the Exchange server then the dynamic IP issue goes away. I just need to configure Sendmail on the Linode to delivery mail for that domain to something like localhost:1234 and that will be forwarded as port 25 on Exchange.
The only issue I can think of (but its a big one) is reliability. If I use OpenSSH or Putty on the Exchange box to open the tunnel, what happens if there is some sort of dropout somewhere, either on the DSL line, the path to the Linode or the Linode itself? I need it to reconnect. Has anyone come across any Windows software that will do this? My searches for things like "SSH reconnect" have found people asking questions about wanting to reconnect and reestablish the same session and connect to the same still running process which seems impossible but I don't need anything like that. I just need to reestablish a new connection if the old one drops out.
Any thoughts would be appreciated.
The best solution I found was a minimal install of cygwin and a little bash script called from cron. All the script did was check if the tunnel ports were still open and if the tunnel was still viable. If it wasn't, any remaining parts of the tunnel were closed as nicely as possible and the tunnel restarted. Authentication was done with a restricted use passwordless key tied to a very limited user account so I didn't need to worry about having an agent running.
Unfortunately this was some time ago and the script is long gone, but I don't remember it being all that complicated.
/insert random prod about the only way to do anything useful with a windows box is put linux on it (or in this case, emulated linux)
The best solution I found was a minimal install of cygwin and a little bash script called from cron. All the script did was check if the tunnel ports were still open and if the tunnel was still viable. If it wasn't, any remaining parts of the tunnel were closed as nicely as possible and the tunnel restarted.
I would also try to do it this way, with cygwin cron. An alternative is to run it as a Windows service with a restart policy. However, as this only restarts if the process dies, this does not take care of some situations where the connection simply hangs.
Different subject but I've thought about trying to move them to Linux. It would certainly save them money but it seems like it would be an uphill struggle. They rely heavily on PageMaker and a few other Windows only programs. OpenOffice on Windows might be an attractive option to suggest as they anguish over buying another MS Office license.