The “-L” is a shorthand for listen for connections on Local (on this client computer) port (in this example 5110), and when you hear one, send all its packets to the remote machine (mailserver) and feed them into port 110 on mailserver.
The above example would be a great way to encrypt the pop email download from a remote mail server. Before pressing “Get New Mail”, one starts up the above ssh command. The ssh terminal will sit at a prompt, waiting for a command – let it sit. In the mail software, tell it that your pop mail server is on the machine “localhost” and is listening on port 5110. When you press “Get New Mail”, the mail server will talk to port 5110 on the local box. The ssh software, told to listen there, will take all the pop mail requests, encrypt them, and carry them to port 110 on the real mail server. Likewise, it will bring back all the pop responses – your mail messages -, encrypt them, and carry them back to your local mail software. Your mail server doesn’t need to know anything about encryption at all.
You can have multiple port forwards on one command line, such as:
ssh –L 5110:mailserver:110 –L 5143:mailserver:143 –L 5025:mailserver:25 mailserver
, allowing you to transparently encrypt any and all traffic heading to the pop, imap, or smtp mail services on mailserver.
As soon as you close the ssh session, the port forwarding stops and you need to connect to the mail server directly as you’ve done in the past.