December 18, 2009 7:49 AM   Subscribe

IMAP through an uncooperative proxy?

I'm pretty sure my ideal solution is technically impossible and that simplest workaround is going to be unattractive from a convenience or elegance POV, but:

At work, I can check my personal mail through webmail (i.e. over http(s)). But I would prefer to use Thunderbird. However, the firewall/proxy doesn't allow IMAP. Is there a way I can do this anyway?

My original thought was to tunnel over SSH, but even assuming I can do that on this end, I'm not sure how I'd do it on the server end. (It's a hosted account thing, so I assume I have some latitude, but I don't have full control.)

A coworker ssh's (in a terminal window) to his home machine and runs Mutt or something there, but the whole point here is that I want all my mail to show up inside of Thunderbird.

He also suggested I could do port forwarding on my home machine. It sounds like maybe this old AskMe is the same thing. That seems ugly. Plus I hate to potentially screw up my home network by installing new firmware just to get it working. But maybe that's the only way? And if I do that, is openwrt still the best or is tomato the new hotness?
posted by DU to Computers & Internet (13 answers total)
If you have a *NIX machine (like a Mac) at home (or outside, anyway) that you can SSH to, then the easiest thing to set up is a SOCKS5 proxy. -D is the command line option for SSH, you could do it with Putty, also. Tell Thunderbird to use localhost:8080 (or whatever port you pick with -D) as a SOCKS proxy and away you go. This has the added convenience of allow you to send multiple applications/protocols over it: You can set it in firefox, thunderbird, and pidgin. You may want to enable compression for speed.

You won't need to install new router firmware if you can just forward SSH on your home router to your internal *NIX device.
posted by These Premises Are Alarmed at 7:59 AM on December 18, 2009 [1 favorite]

If they are blocking IMAP then they are probably dont want you installing TB on your desktop and sidestepping their security to get IMAP going. If youre determined to do this then you can do the ssh tunneling or SOCKS as described above. You dont even need a linux box, you can do ssh on windows with cygwin or with this specialized installer. You will need to forward port 22 on your firewall to your PC.

If your PC is running 24/7 then you might just be better off using remote desktop. This solves the issue or installing software on your work PC. You'll need XP/Vista/7 Business/Professional or higher. If you have home you can probably get away with VNC if you have enough bandwidth and patience.
posted by damn dirty ape at 9:21 AM on December 18, 2009

As TPAA says, you don't need to ssh to the machine that has the IMAP server, just to a machine that can reach the IMAP server. You could even ssh to your coworker's home machine, if he's willing to set up an account for you, or somewhere like freeshell. The connection gets forwarded over ssh, and then the remote ssh daemon makes a connection to the real destination (which can be anywhere) and copies data between them.

Also, you could see if the firewall and your mail host allow IMAPS (port 993, imap+ssl, much like https is http+ssl).
posted by hattifattener at 12:09 PM on December 18, 2009

Wait...freeshell would work? Don't you have to run a daemon? Do they let you do that?

Or are you saying I could ssh over there, start the daemon by hand (or script the whole thing), then start up TB?
posted by DU at 5:39 PM on December 18, 2009

Oh I see. There's no daemon per se. I just create an SSH connection and the tunnel piggybacks. My hosting provider lets me connect via SSH, so presumably I could just do this that way. Or are they likely to put the kibosh on that?
posted by DU at 5:56 PM on December 18, 2009

The daemon in question is the one that's running in order to allow you to connect via ssh in the first place. So, yeah, unless they've specifically configured their sshd to disallow port forwarding, you should be able to just do it that way.
posted by hattifattener at 8:52 PM on December 18, 2009

They said they "don't support IMAP over SSH". I don't know if that means they turned off forwarding or just won't help me if I try.
posted by DU at 8:36 AM on December 19, 2009

This should be really easy to test. Just create the SSH tunnel by running this on your local machine:

ssh -D 8080

And then in Thunderbird, it's something like Preferences -> Advanced -> Network -> Connection
Choose Manual proxy configuration
SOCKS Host localhost port 8080

It shouldn't require your hosting provider to "support" anything.

I actually forward all of my non-work traffic (including HTTP and IM) through a tunnel like this to avoid any kind of snooping.
posted by aneel at 1:41 PM on December 19, 2009 [1 favorite]

Or for that matter run the ssh command aneel describes and then in another window "telnet localhost 8080". If the connection gets through and you get a line like "* OK [CAPABILITY IMAP4REV1 LITERAL+ blah blah blah" then go ahead and start configuring Thunderbird.

When they say they don't support "imap over ssh" they may mean they don't support the slightly odd trick that Pine and some other MUAs use, where they'll open an ssh connection and actually run a copy of the imap daemon from the command-line, which only works with some imap daemons. But tunnelling a normal IMAP connection over ssh using port forwarding should work with most setups that aren't actively trying to prevent it.
posted by hattifattener at 9:41 PM on December 19, 2009 [1 favorite]

OK, thanks for the tips everyone. I don't have it working yet, but that's mostly due to laziness coupled with having to commute to/from work to get the different ends of this working...
posted by DU at 6:22 AM on December 21, 2009

It looks like freeshell *doesn't* work for this. I get an "administratively prohibited" message from ssh (on the freeshell end) when I try. I think I'll have to bite the bullet and open a port on my firewall so I can forward it from my home machine.
posted by DU at 4:36 AM on December 22, 2009

Working. I kind of wish I'd known how easy ssh tunneling was before.
posted by DU at 6:51 AM on December 23, 2009

It is pretty cool. I admit I fired up TCPdump the first time I set up a socks proxy because I kinda didn't believe it was all working that easily.
posted by These Premises Are Alarmed at 10:43 AM on December 23, 2009

« Older SBOA (Spinning Beachball of Annoyance)   |   Why did they make me eat fish on Fridays? Newer »
This thread is closed to new comments.