Stealth E-Mail to the Rescue

How to use stealth e-mail with dynamic DNS and a Treo 650 smart phone.
Linux Server Configuration

My selection of the Gentoo Linux distribution for the project was dictated by the very convenient Portage package management. Portage completely frees the user from hunting down required packages. In operation, it resembles Perl CPAN or Debian apt-get. For installation of Gentoo itself, refer to the gentoo.org Web site. The installation of the OS is mostly manual, and it can be a rather lengthy process (some installations even can take days, because you compile everything yourself), but this investment will pay itself back during server management and application configuration.

You also need to get the DNS and SMTP services from No-IP.com, mentioned above. The No-IP.com Web site provides documentation for all services they provide.

The instructions that follow are Gentoo-specific, but it should be fairly easy to adapt this project to a different distribution. You simply need to make sure that the applications you install have the capabilities (like SASL) used for this solution.

Postfix MTA

We begin installation with the core component, Postfix. Standard Gentoo installation comes with a simple MTA ssmtp that needs to be removed before Postfix installation. Also, Postfix needs to be installed (compiled) with SASL support. This is needed for authenticated mail delivery to the No-IP.com relay host (Alternate-Port SMTP service).

The SASL option is turned on with the sasl keyword added to the Gentoo USE configuration variable. In /etc/make.conf, add:

/etc/make.conf:

USE="sasl"

Install SASL libraries:

# emerge dev-libs/cyrus-sasl

Now remove and add MTAs:

# emerge -C ssmtp
# emerge postfix

Add init rc script startup:

# rc-update add postfix default

Postfix configuration is relatively simple—two configuration files in /etc/postfix need attention: main.cf and master.cf.

Change the information describing your gateway host by editing the main.cf file for Postfix. Here, the hostname of your gateway is mygateway, and the domain name is foobar.net. The relay host that you will send all your mail to is relayhost.no-ip.com, receiving SMTP on port 1234. Both will be provided by No-IP.com as part of the Alternate-Port SMTP service:

myhostname = mygateway
mydomain = foobar.net
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain $mydomain
#home_mailbox = .maildir/
relayhost = relayhost.no-ip.com:1234
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =

Add an extra port (4321) beside 25 to the Postfix master.cf file. This will be used to receive SMTP from the Mail Reflector No-IP.com service and also your Treo 650:

4321      inet  n       -       n       -       -       smtpd

Create an SASL password file /etc/postfix/saslpass for host relayhost.no-ip.com and user foobar.net@noip-smtp using password ????—all provided by No-IP.com:

/etc/postfix/saslpass:

relayhost.no-ip.com     foobar.net@noip-smtp:????

Next, generate a dbm map:

# cd /etc/postfix
# postmap saslpass

As a final touch, you need to enable e-mail relaying from your Treo 650. We use Sprint here, and you will have to find out what Sprint switch IP range will be connecting to your server. The Postfix main.cf parameter mynetworks will have to include the network address of the switch. I use 70.0.0.0/8 beside my home network and a local loop network. It is always best to narrow the range of addresses as much as possible, for security reasons:

mynetworks = 192.168.1.0/24 127.0.0.0/8 70.0.0.0/8

Spam Filter

You need to install two packages: spamassassin and procmail. The steps (for Gentoo) are as follows.

Install Procmail:

# emerge procmail

Install SpamAssassin:

# emerge spamassassin

Update the init rc scripts to start the SpamAssassin server (this is probably done for you if you use a different package manager):

# rc-update add spamd default

Adjust your Postfix configuration to deliver all mail using Procmail. Add this to /etc/postfix/main.cf:

mailbox_command = /usr/bin/procmail

Create the main Procmail configuration file /etc/procmailrc, and add this recipe to make e-mail pass through SpamAssassin:


DEFAULT=/var/spool/mail/$LOGNAME
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc

Start the spamd server:

# /etc/init.d/spamd start

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

IMAP Server

slot0k's picture

You may want to take a look at dovecot instead of UW-imap.

http://www.dovecot.org

Re: IMAP Server

pzi123's picture

Looking at the http://www.dovecot.org/...

Looks like quality software. Thanks for the info.

-Peter

--
Peter Ziobrzynski mailto:pzi@pzi.net

Peter Ziobrzynski mailto:pzi@pzi.net

Other ways too

andrewheald's picture

Thanks for some great Treo 650 information. I've just recently acquired one and will be getting it hooked up with Linux soon.

I thought I'd also put in a mention for the excellent combination of Apache, OpenSSL and SquirrelMail. I've worked behind some very security conscious firewall/proxy combos recently. These have always so far at least allowed access to my home webmail directly from the office PC's browser. Owning a domain name and having a fixed IP address also helps with this I'm sure.

Andrew.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix