Secure E-Mail for Travelers and Teleworkers

Travelers who access e-mail from a hotel or conference center and teleworkers accessing e-mail from home over residential broadband need to secure POP and SMTP. Failing to do so, workers can inadvertently disclose sensitive and confidential data, including user names, passwords, message text, and attachments. Legitimate messages can be recorded, modified, and replayed to others, with consequences ranging from embarrassing to disastrous. Tunneling e-mail is an easy way to ensure the privacy and integrity of all mail sent and received by authenticated workers through company POP, IMAP and SMTP servers.

To tunnel e-mail, each worker configures a SecureCRT® or other Secure Shell client with a local port forward; mapping ports on the localhost to the well-known ports listened to by mail servers.

Figure 4 illustrates this, expanding on the local port forwarding configuration described in Figure 2.

Figure 4: Secure E-Mail for Travelers, Teleworkers

Two alternatives are illustrated here. An external SendMail server that is located at this company's ISP is reached through arbitrary local ports 2025 and 2110. An internal Exchange server within the corporate network is reached through local ports 3025 and 3110. In both cases, mail traffic is protected on the public Internet, but forwarded as cleartext to the mail server. This prevents eavesdropping, modification, and session hijacking as e-mail passes through the public Internet. Only authenticated users can gain access to these mail servers (in this example, key pairs stored securely on smart cards). Users should know VShell's host public key in advance to be confident that they are reaching an authentic destination.