These are two different solutions, with different security implications.
1. When you are using an ssh tunnel, you have created an encrypted tunnel between your machine and some other endpoint. I'm guessing you host a server somewhere on an hosting provider that runs an email server and serves as the endpoint for your browsing. This tunnel bypasses your local internet service provider and any filters they might have in place, other than passing your encrypted packets to and fro.
2. The alternative port settings, 993 and 465, are "standard" alternative ports to open up on your remote server firewall and mail server to process mail. These ports would be open to the world, as well as from your machine, so need to be treated as if they are exposed to the internet. It is often the case that the mail server is configured with SSL or TLS to accept encrypted connections on this port, which provide some level of security. Your username/passwords for email are passed over this SSL/TLS so that they are encrypted in transit. However, nothing prevents a hacker from trying their 10,000 favorite passwords.
An SSL/TLS connection (#2) provides some security that communication is not intercepted, but connections are still anonymous. The SSH tunnel (#1) above requires authentication (username/password or preferably public/private key exchange) to ensure only trusted users can access the server. #1 requires more administration if a lot of people are involved.
So #1 is more secure in that only authorized users can access it. #2 provides some security to a publicly accessed resource.
HTH, Ted
On Wed, Dec 7, 2016 at 5:25 AM, AndyHC andy@hawthorncottage.com wrote:
Hi, for some years I have been running a browser (Firefox) through a SSH tunnel (Putty on Windows). I recently had reason to believe that my incoming email might be being blocked because of spam blacklisting of the block of IPs my ISP was using (dynamic IP addr). I therefore set up Thunderbird to use a proxy in the same way as FireFox: Putty SSH connection with a Dynamic tunnel on port 'nmnm' - and Firefox/Thunderbird set to use a 127.0.0.1:nmnm SOCKSv5 proxy (no other proxy settings, and no change to email accounts)
This seemed to work OK (well it certainly works for the browser - confirmed by whatismyip and icanhazip.com) - then I Googled for 'Thunderbird proxy' and most of the posts suggested changing email account servers to 127.0.0.1:993 [imap] + 127.0.0.1:465 [smtp] with ports 993/465 individually forwarded in Putty. I think my method is much neater - if it works - So: # how can I check if my method works for email? # how would you do it?
[excessive quoting removed by server]