Stealth E-Mail to the Rescue

How to use stealth e-mail with dynamic DNS and a Treo 650 smart phone.
Mail Filing

Establish an IMAP folder hierarchy and Procmail configuration file to file mail in those folders. If you have multiple users, you have to do this for each user. The following configuration uses ~/.m for the folder root directory. The per-user Procmail configuration file is located in ~/.prcmailrc. I use the following .procmailrc file template that implements the essential functionality of separating spam from mail and filing mailing lists. For details, refer to procmailrc(5):

PATH=/bin:/usr/bin:/usr/sbin
MAILDIR=$HOME/.m
DEFAULT=$MAILDIR/Mbox
LOGFILE=$HOME/.procmail.log
VERBOSE=yes

# File gentoo-user mailing list into ~/.m/lst/gentoo
:O:
* (^To.*|^Cc.*)gentoo-user@lists.gentoo.org
lst/gentoo

# File jobserve mail into ~/.m/lst/jobserve
:O:
* ^From.*jobserve.com
lst/jobserve

# File SPAM into ~/.m/Spam with some exceptions:
:O:
* ^X-Spam-Level:.*\*
 * !^From.*netflix
 * !^From.*vail
 * !^From.*ebay member
 * !^From.*cnet
Spam

# File SPAM that escaped spamassassin:
:O
* ^From.*eversave.com
Spam
:O:
* ^From.*sears.com
Spam

Now that the mail processing facilities are in place, you can start Postfix and let the mail start flowing in; I can almost guarantee that the first folder with mail will be your ~/.m/Spam:

# /etc/init.d/postfix start

IMAP Server

The IMAP configuration includes a stunnel SSL front end and the uw-imap back end. The installation for uw-imap is a bit nonstandard, because the default Gentoo configuration does not allow you to build uw-imap with clear-text authentication over an unencrypted channel. The only default uw-imap configuration that works is the one with SSL support. This is not what we need as a server behind stunnel. Gentoo lets you remedy this with a special USE setting to disable SSL and enable clear-text passwords.

The installation command for Gentoo is:

# USE="-ssl clearpasswd" emerge uw-imap

Next, the stunnel configuration file stunnel.conf needs to include an IMAP section. Edit /etc/stunnel/stunnel.conf:

pid = /var/run/stunnel/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/ssl/certs/foobar.net.pem
[imaps]
accept  = 993
exec = /usr/sbin/imapd
execargs = imapd

You can generate a self-signed SSL certificate for foobar.net.pem with the following commands:

# cd /etc/ssl/certs
# openssl req -new -x509 -nodes -out cacert.pem -keyout cakey.pem -days 5000
        Country Name (2 letter code) [AU]:US
        State or Province Name (full name) [Some-State]:CO
        Locality Name (eg, city) []:Highlands Ranch
        Organization Name (eg, company) [Internet Widgits Pty Ltd]:
        Organizational Unit Name (eg, section) []:home
        Common Name (eg, YOUR name) []:foobar.net
        Email Address []:me@foobar.net

# cat cakey.pem cacert.pem > foobar.net.pem

With Gentoo, you must now configure the init rc scripts to start stunnel:

# rc-update add stunnel default

The Treo 650 Setup

As I mentioned, there are two good IMAP clients available for PalmOS. One is the standard application included with the Treo, VersaMail. The other is a commercial application, SnapperMail. My choice was the latter, even in spite of its relatively high cost (approximately $60 US).

Both applications allow for subscribing to a hierarchy of IMAP folders on the server and handling e-mail attachments. SnapperMail is definitely better tested and has a number of features that justify its additional cost.

To install PalmOS applications and generally manage my Treo 650 using Linux, I use pilot-link software. On Gentoo, install it with:

# emerge pilot-link

I use pilot-link to back up and restore my Treo to a directory on Linux as well as to install applications like SnapperMail.

I use Bluetooth and PPP to connect my Treo to a Linux notebook. You also can use a USB connection. The connection channel for pilot-link tools is conveniently defined with a PILOTPORT environment variable. Use the following for a USB cable:

# export PILOTPORT=/dev/tts/USB1

or for Bluetooth, use:

# export PILOTPORT=net:any

I create a directory named treo in my home directory, and run this command to back up my Treo before installing any software:

# pilot-xfer -b treo

I use the following command to synchronize (incrementally) the Treo with this backup directory:

# pilot-xfer -s treo

To restore a backup, use the following:

# pilot-xfer -r treo

Download SME231.zip from www.snappermail.com to install the SnapperMail application. Unzip the file and run this command:

# pilot-xfer -i SnapperMail-ent.prc

The configuration of the Treo 650 with the Sprint network is best done by ordering the Sprint PCS Vision Professional Pack and letting Sprint support walk you through the setup.

SnapperMail also comes with a good 60-page PDF manual, and its setup is really quite intuitive.

Peter Ziobrzynski is an Independent Consultant based in Toronto, Canada, providing UNIX and Linux consulting services to clients in San Francisco, California, and recently in Denver, Colorado. Peter holds a Master's degree in Engineering from Cracow University of Technology, Poland. He immigrated to Canada in the early 1980s and has been using UNIX since then for work and pleasure. His recent focus is on Linux, and he holds Red Hat RHCE.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

IMAP Server

slot0k's picture

You may want to take a look at dovecot instead of UW-imap.

http://www.dovecot.org

Re: IMAP Server

pzi123's picture

Looking at the http://www.dovecot.org/...

Looks like quality software. Thanks for the info.

-Peter

--
Peter Ziobrzynski mailto:pzi@pzi.net

Peter Ziobrzynski mailto:pzi@pzi.net

Other ways too

andrewheald's picture

Thanks for some great Treo 650 information. I've just recently acquired one and will be getting it hooked up with Linux soon.

I thought I'd also put in a mention for the excellent combination of Apache, OpenSSL and SquirrelMail. I've worked behind some very security conscious firewall/proxy combos recently. These have always so far at least allowed access to my home webmail directly from the office PC's browser. Owning a domain name and having a fixed IP address also helps with this I'm sure.

Andrew.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix