Stealth E-Mail to the Rescue
Establish an IMAP folder hierarchy and Procmail configuration file to file mail in those folders. If you have multiple users, you have to do this for each user. The following configuration uses ~/.m for the folder root directory. The per-user Procmail configuration file is located in ~/.prcmailrc. I use the following .procmailrc file template that implements the essential functionality of separating spam from mail and filing mailing lists. For details, refer to procmailrc(5):
PATH=/bin:/usr/bin:/usr/sbin MAILDIR=$HOME/.m DEFAULT=$MAILDIR/Mbox LOGFILE=$HOME/.procmail.log VERBOSE=yes # File gentoo-user mailing list into ~/.m/lst/gentoo :O: * (^To.*|^Cc.*)email@example.com lst/gentoo # File jobserve mail into ~/.m/lst/jobserve :O: * ^From.*jobserve.com lst/jobserve # File SPAM into ~/.m/Spam with some exceptions: :O: * ^X-Spam-Level:.*\* * !^From.*netflix * !^From.*vail * !^From.*ebay member * !^From.*cnet Spam # File SPAM that escaped spamassassin: :O * ^From.*eversave.com Spam :O: * ^From.*sears.com Spam
Now that the mail processing facilities are in place, you can start Postfix and let the mail start flowing in; I can almost guarantee that the first folder with mail will be your ~/.m/Spam:
# /etc/init.d/postfix start
The IMAP configuration includes a stunnel SSL front end and the uw-imap back end. The installation for uw-imap is a bit nonstandard, because the default Gentoo configuration does not allow you to build uw-imap with clear-text authentication over an unencrypted channel. The only default uw-imap configuration that works is the one with SSL support. This is not what we need as a server behind stunnel. Gentoo lets you remedy this with a special USE setting to disable SSL and enable clear-text passwords.
The installation command for Gentoo is:
# USE="-ssl clearpasswd" emerge uw-imap
Next, the stunnel configuration file stunnel.conf needs to include an IMAP section. Edit /etc/stunnel/stunnel.conf:
pid = /var/run/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/ssl/certs/foobar.net.pem [imaps] accept = 993 exec = /usr/sbin/imapd execargs = imapd
You can generate a self-signed SSL certificate for foobar.net.pem with the following commands:
# cd /etc/ssl/certs # openssl req -new -x509 -nodes -out cacert.pem -keyout cakey.pem -days 5000 Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CO Locality Name (eg, city) :Highlands Ranch Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) :home Common Name (eg, YOUR name) :foobar.net Email Address :firstname.lastname@example.org # cat cakey.pem cacert.pem > foobar.net.pem
With Gentoo, you must now configure the init rc scripts to start stunnel:
# rc-update add stunnel default
As I mentioned, there are two good IMAP clients available for PalmOS. One is the standard application included with the Treo, VersaMail. The other is a commercial application, SnapperMail. My choice was the latter, even in spite of its relatively high cost (approximately $60 US).
Both applications allow for subscribing to a hierarchy of IMAP folders on the server and handling e-mail attachments. SnapperMail is definitely better tested and has a number of features that justify its additional cost.
To install PalmOS applications and generally manage my Treo 650 using Linux, I use pilot-link software. On Gentoo, install it with:
# emerge pilot-link
I use pilot-link to back up and restore my Treo to a directory on Linux as well as to install applications like SnapperMail.
I use Bluetooth and PPP to connect my Treo to a Linux notebook. You also can use a USB connection. The connection channel for pilot-link tools is conveniently defined with a PILOTPORT environment variable. Use the following for a USB cable:
# export PILOTPORT=/dev/tts/USB1
or for Bluetooth, use:
# export PILOTPORT=net:any
I create a directory named treo in my home directory, and run this command to back up my Treo before installing any software:
# pilot-xfer -b treo
I use the following command to synchronize (incrementally) the Treo with this backup directory:
# pilot-xfer -s treo
To restore a backup, use the following:
# pilot-xfer -r treo
Download SME231.zip from www.snappermail.com to install the SnapperMail application. Unzip the file and run this command:
# pilot-xfer -i SnapperMail-ent.prc
The configuration of the Treo 650 with the Sprint network is best done by ordering the Sprint PCS Vision Professional Pack and letting Sprint support walk you through the setup.
SnapperMail also comes with a good 60-page PDF manual, and its setup is really quite intuitive.
Peter Ziobrzynski is an Independent Consultant based in Toronto, Canada, providing UNIX and Linux consulting services to clients in San Francisco, California, and recently in Denver, Colorado. Peter holds a Master's degree in Engineering from Cracow University of Technology, Poland. He immigrated to Canada in the early 1980s and has been using UNIX since then for work and pleasure. His recent focus is on Linux, and he holds Red Hat RHCE.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide