site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com ssh -L 1200:localhost:25 ... My plist looks like this: Based on my tests, I can make a few remarks: Nicola _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Hi, I have finally been able to make it work! I post my solution because I think it may be interesting for others - there are a couple of points about which I have found no discussion on the web (I am using Mac OS X Tiger). First of all, as it has already pointed out, a workaround is needed to make ssh and launchd interoperate: a tunnel established with -L, e.g. does not work properly within launchd. The workaround consists in connecting the std in/out of the processes and adding a command (I have used nc) in the public key on the server, which forwards the connection to the mail server. Since this topic is easily found by Google I will step forward. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http:// www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>my.smtp.mail.service</string> <key>OnDemand</key> <true/> <key>Program</key> <string>/usr/bin/ssh</string> <key>ProgramArguments</key> <array> <string>ssh</string> <string>-T</string> <string>-i</string> <string>/Users/myself/.ssh/my-ssh-key</string> <string>myself@ my.mail.server</string> </array> <key>RunAtLoad</key> <false/> <key>ServiceDescription</key> <string>SSH tunnel from localhost:1200 to my.mail.server:25</string> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockServiceName</key> <string>1200</string> <key>SockType</key> <string>stream</string> </dict> </dict> <key>inetdCompatibility</key> <dict> <key>Wait</key> <false/> </dict> <!-- <key>InitGroups</key> <true/> --> <key>StandardErrorPath</key> <string>/dev/null</string> </dict> </plist> 1) the inetdCompatibility is mandatory, and Wait must be false; 2) the InitGroups key may be either true or false (in my tests it does not make any difference). 3) IMPORTANT: the StandardErrorPath key is mandatory (that's what I was missing!). As soon as I have redirected the standard error elsewhere, things have started to work flawlessly. The plist can be put in a user's ~/Library/LaunchAgents folder, of course, and loaded with the user's permissions. This email sent to site_archiver@lists.apple.com