Home / How to tunnel port 25 with SSH

How to tunnel port 25 with SSH

If you’re a web developer like me who needs to test sending emails from a development version of a website, but your ISP blocks port 25 outbound, then it’s possible to set up a "tunnel" via SSH. You then send mail to port 25 on localhost and it actually sends the mail from the server at the other end.


You’ll need a nix based server you can log into via SSH (e.g. Linux, BSD, OSX), and it needs to support sending mail locally at that end on port 25. (It can be a different port, in which case you would change the port number in the tunnel settings shown below to that port).

Creating the tunnel from Linux/Mac

Macs and Linux have a command line SSH client built in, so you would open up the terminal application to run the command below. If your login name is "chris" and the server we want to connect to is then run this command:

sudo ssh chris@ -L 25:localhost:25

You need to use sudo (or run the command as root) because this is a privileged port and a regular user won’t be able to create a tunnel from this end on port 25. See the note below about using sudo.

The above command opens up a tunnel from port 25 on your local machine to port 25 on the localhost at the other end. You could also change "localhost" in the above command to the hostname of the server, or even the ip address or hostname of a different server that will relay mail for the server at in this example.

From your own computer, you would now send mail to localhost on port 25; it really sends the mail to port 25 on the localhost at the other end.

A note about using sudo

If you don’t have sufficient permissions to use sudo (such as on OSX if you are not an administrator) then you won’t be able to create a tunnel on port 25 at your end and will get an error message along the lines of "privileged ports can only be forwarded by root".

You could use a different local port instead, e.g. 2500 like so, and then when you want to send mail connect to port 2500 on localhost.

ssh chris@ -L 2500:localhost:25

Note that it’s the port number before the hostname that specifies the port to open at this end, and the port number after the hostname is the port to connect to at the other end.

Testing it to see if it works

You can use the "telnet" command from you local terminal (i.e. not in the SSH session you’ve established with one of the above commands) to connect to a specific port number like this:

telnet localhost 25

or, in the case of the second example:

telnet localhost 2500

If it’s set up correctly and working, you’ll see the message from the mail server, similar to what’s shown in the example below. You can then quit by entering "quit" and return, or ctrl+], "quit" then enter.

$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Exim 4.80 Tue, 07 Aug 2012 16:15:19 +1200

Creating a tunnel from Windows

I’ve covered how to create a tunnel with the GUI based SSH client Putty. The other post specifically looks at port 1433 for connecting to MS SQL Server; simply substitute the port numbers in that post for port 25 and the instructions are the same.