Greetings, I am in a situation where I would like to achieve either of these solutions:
Alternative A: - have Postfix's smtp client talk through a command via stdin/stdout (instead of a TCP stream). That command would be ssh -W mailhub:25, with a user-specified password and possibly some sort of credentials cache (like ssh-agent). - Ideally, I would be able to pass relevant environment variables such as SSH_AUTH_SOCK to the SMTP client somehow, and Postfix's smtp client would run under my own unprivileged user ID if possible (else I need to find a proxy for ssh-agent, too, because it checks the peer user ID). - What I can do, but dislike because it's unreliable and consequently insecure, is: set up a regular ssh tunnel (with local listening TCP stream socket) with "-L" local forwarding and redirect Postfix there. The administrative difficulty behind this is that no SMTP AUTH is in place. Alternative B: Is anyone aware of SASL setups to authenticate against .ssh/authorized_keys on the server side and somehow have the client have the ssh-agent sign some server-side request? However Postfix runs on either end, and I'm not too optimistic there's a whole lot of difference in difficulty level on the client-side. I currently expect getting the SSH credentials into the smtp client is somewhat hard, and a shared difficulty between these approaches. Is either of this possible, even partially? Thanks.
