Stealth E-Mail to the Rescue
Since the early days of e-mail, maintaining my own e-mail server was a sort of indication of being in charge and staying technically fit. The technology involved in a project like this usually includes components that can be reused elsewhere and force one to stay abreast with commonly used communications media.
In the beginning, it was a simple task of connecting a modem, finding a community UUCP server, configuring modem dial-up, uucico and Sendmail. This was sort of the Model T of e-mail. And, it usually included configuration of a Usenet feed with C-News to collect the UUCP addresses of all computers on the relatively small Internet at that time.
With the advent of the real Internet, the scenario is becoming more complex. You have to overcome a number of obstacles created by people trying to break in to your server, snoop the transmission of e-mail packets on the wire and deal with those who want to send you tons of unwanted e-mail. As if this were not enough, workplaces have become so secure that it is sometimes impossible to access your personal e-mail server over the Internet from work during the day.
I used to maintain a Linux server with a static IP on a DSL line running DNS, a firewall (netfilter) with my MTA of choice (Postfix) and the addition of SpamAssassin for spam filtering. I read e-mail on my laptop using IMAP with Netscape Communicator. I use Communicator filters to sort all my incoming mail into various IMAP folders.
This simplistic architecture became history this summer after moving out of the San Francisco Bay Area to Denver, Colorado. The luxury of a static-IP DSL vendor disappeared, and a Nazi-style ISP with a monopoly in the area became a reality. Static IP is not available here (at least for me), and the ISP uses aggressive filtering of the commonly used IP ports. My new workplace is so secure that I had forgotten about carrying my laptop with me or using my work Internet connection to get to my e-mail server. All this is understandable, as ISPs protect themselves from spammers and employers need better security. But, I still want to read my e-mail during the day.
I took it as a personal challenge to overcome these obstacles. The direction I went was to use the smart phone Treo 650 as a personal e-mail reader to bypass the workplace security. I configured my home e-mail server to use new stealth-mode ISPs that allow for dynamic DNS and mail relays to ports of choice.
Here is a summary of the configuration components that I cover in step-by-step configuration details below:
The e-mail server is running stable Gentoo Linux connected to the Internet via VDSL (very high-speed DSL from Qwest), using DHCP-assigned dynamic-IP address. My DNS domain registrar is No-IP.com. This registrar uses a custom dynamic DNS setup that detects IP address changes on my side. This is done by running a custom client program on my server—noip2 client connects to the No-IP.com registrar DNS server and updates my DNS records in as often as one-minute intervals. This is called Plus Managed DNS.
Because my ISP blocks incoming IP port 25, I use the Mail Reflector No-IP.com service that sets an MX record for my domain to its own server and delivers the mail to a custom port on my server.
My ISP also lists my DHCP addresses with the Internet spam blacklists, so any attempt to deliver e-mail directly from my server is doomed to failure. To overcome this, I use the No-IP.com service called Alternate-Port SMTP, which acts as an outgoing mail relay. I punt all mail to a No-IP.com server using SSL authentication and also a custom port in case my ISP blocks outgoing SMTP.
My MTA is Postfix, which is quite handy for the stealth configuration with alternate incoming and outgoing ports.
I use SpamAssassin to filter spam. It is easy to configure and works very well. In brief, its function is limited to processing mail messages and attaching a custom mail header field—an X-Spam-Level rating to each message as spam candidates. The level of spam likelihood is measured by the number of asterisks this field contains. A single * is usually a good indication of spam.
I could not count on storing e-mail on my smart phone and filtering it there. The phone couldn't handle that much e-mail. So I replaced the client-side Netscape Communicator filter function (to sort incoming mail into IMAP folders) with Procmail. I created a .procmailrc file implementing all spam and mailing-list rules to file messages in the folder hierarchy on the server. This proved to be quite useful and opened the access to my archived e-mail from any location.
The IMAP server was quite a problem for me. I prefer traditional mailboxes where multiple messages are stored in a single file per folder. Most modern IMAP servers, like Courier or Cyrus, use modern maildir or MH formats, which store each message in its own file. This consumes an insane amount of i-nodes. Unfortunately, the only open-source IMAP server I could find that uses traditional folders is the uw-imap. (CommuniGate Pro uses single files, but it's a commercial server.) The uw-imap server has a number of drawbacks, especially when it comes to SSL-protocol implementation. My tests of uw-imap with the SSL IMAP client that I had in mind for this project (PalmOS VersaMail) showed failed connections or flat failures to connect. To get what I want—the single file mail folders and working SSL—I split the function of IMAP and SSL over two separate servers: stunnel and uw-imap. Stunnel proved to be quite sophisticated in the SSL configuration and level of logging and diagnostic messages.
The client side of my e-mail configuration originally included stock PalmOS VersaMail shipped with the Treo 650 and part of a Sprint plan. The key factor in this decision was availability of unlimited use of Internet connectivity for a flat $15 US per month fee. The VersaMail IMAP support is quite good, and integration with the Blazer Web browser made the sale for me. Unfortunately, a more-intense use of the VersaMail uncovered problems with its operation. The whole setup depends on a reliable mail server polling for new mail. Unfortunately, VersaMail has a bug that impacts scheduling of the polling, and this makes it rather ineffective. I ended up using the SnapperMail mail client for PalmOS, which is a good example of how nine guys in New Zealand can outrun a big corporation like Palm Software. SnapperMail is one of the best PalmOS applications I have used so far.
There are quite a number of moving parts here, and a diagram is in order (Figure 1).
As you can see from Figure 1, there are three main areas of configuration: Linux server, No-IP.com services and the Treo 650 mail client.
|Speed Up Your Web Site with Varnish||Jun 19, 2013|
|Non-Linux FOSS: libnotify, OS X Style||Jun 18, 2013|
|Containers—Not Virtual Machines—Are the Future Cloud||Jun 17, 2013|
|Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer||Jun 12, 2013|
|Weechat, Irssi's Little Brother||Jun 11, 2013|
|One Tail Just Isn't Enough||Jun 07, 2013|
- Speed Up Your Web Site with Varnish
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Linux Systems Administrator
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Android's Limits
- Weechat, Irssi's Little Brother
- Reply to comment | Linux Journal
8 min 34 sec ago
- Yeah, user namespaces are
1 hour 24 min ago
- Cari Uang
4 hours 56 min ago
- user namespaces
7 hours 49 min ago
8 hours 15 min ago
- One advantage with VMs
10 hours 44 min ago
- about info
11 hours 17 min ago
11 hours 18 min ago
11 hours 19 min ago
11 hours 21 min ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?