I am (as many others out there) a bit paranoid about having multiple ports opened on my computer, because then level of vulnerability of your system increases with each opened port - none software is perfect and 100% secure. So I prefer to rely on a single software I consider secure enough - in my case it is openSSH with protocol 2 and using RSA keys.

So I wanted to use ssh as an authenticator and as a transport for my smtp traffic from the laptop through the mail server I'm running on onerussian.com. I asked uncle Google about that and he sent me to Section 2: SSH-tunnelling by Johannes Franken which looks almost like what I need.

The only problem for me was that that solution requires (as I understand) either of the next two ways. Either you setup your .bashrc (or any other script) to use ssh-agent which is already running on the system and which has your private keys in it, or you need a private key with no passphrase which is insecure. So I've decided to adjust configuration to make exim attach to running ssh-agent and then connect to my smarthost. Here is the configuration for exim I've got.

# Adopted by yoh@onerussian.com from
#  http://www.jfranken.de/homepages/johannes/vortraege/ssh2.en.html

# at bottom of TRANSPORT CONFIGURATION : ###########################
#    Transport, which tunnels mails over ssh to my smarthost
ssh:
  driver = pipe

  # talk regular smtp to the pipe (qmail approved :-) )
  bsmtp = all
  bsmtp_helo = true
  use_crlf = true
  prefix = ""
  suffix = ""

  # connect to my mail server's smtp port.
  # must authenticate without password
  command = /bin/sh -c 'SSH_AGENT_PID=`/bin/ps h -C ssh-agent -o pid|head -1` SSH_AUTH_SOCK=`/bin/ls /tmp/ssh*/agent*|head -1` ssh onerussian.com netcat -w 1 localhost smtp'
  user = yarik

  # ssh failure handling: kill hanging sessions,
  # retry and tell me on failures
  timeout = 300s
  temp_errors = 1
  return_fail_output = true
end

# at top of ROUTERS CONFIGURATION: ###########################
# Send all mail to a smarthost
smarthost:
  driver = domainlist
  transport = remote_smtp
  route_list = "* onerussian.com bydns_a"
end

If you have any comments - I would really appreciate them