Stealth E-Mail to the Rescue

The e-mail server is running stable Gentoo Linux connected to the Internet via VDSL (very high-speed DSL from Qwest), using DHCP-assigned dynamic-IP address. My DNS domain registrar is No-IP.com. This registrar uses a custom dynamic DNS setup that detects IP address changes on my side. This is done by running a custom client program on my server—noip2 client connects to the No-IP.com registrar DNS server and updates my DNS records in as often as one-minute intervals. This is called Plus Managed DNS.

Because my ISP blocks incoming IP port 25, I use the Mail Reflector No-IP.com service that sets an MX record for my domain to its own server and delivers the mail to a custom port on my server.

My ISP also lists my DHCP addresses with the Internet spam blacklists, so any attempt to deliver e-mail directly from my server is doomed to failure. To overcome this, I use the No-IP.com service called Alternate-Port SMTP, which acts as an outgoing mail relay. I punt all mail to a No-IP.com server using SSL authentication and also a custom port in case my ISP blocks outgoing SMTP.

My MTA is Postfix, which is quite handy for the stealth configuration with alternate incoming and outgoing ports.

I use SpamAssassin to filter spam. It is easy to configure and works very well. In brief, its function is limited to processing mail messages and attaching a custom mail header field—an X-Spam-Level rating to each message as spam candidates. The level of spam likelihood is measured by the number of asterisks this field contains. A single * is usually a good indication of spam.

I could not count on storing e-mail on my smart phone and filtering it there. The phone couldn't handle that much e-mail. So I replaced the client-side Netscape Communicator filter function (to sort incoming mail into IMAP folders) with Procmail. I created a .procmailrc file implementing all spam and mailing-list rules to file messages in the folder hierarchy on the server. This proved to be quite useful and opened the access to my archived e-mail from any location.

The IMAP server was quite a problem for me. I prefer traditional mailboxes where multiple messages are stored in a single file per folder. Most modern IMAP servers, like Courier or Cyrus, use modern maildir or MH formats, which store each message in its own file. This consumes an insane amount of i-nodes. Unfortunately, the only open-source IMAP server I could find that uses traditional folders is the uw-imap. (CommuniGate Pro uses single files, but it's a commercial server.) The uw-imap server has a number of drawbacks, especially when it comes to SSL-protocol implementation. My tests of uw-imap with the SSL IMAP client that I had in mind for this project (PalmOS VersaMail) showed failed connections or flat failures to connect. To get what I want—the single file mail folders and working SSL—I split the function of IMAP and SSL over two separate servers: stunnel and uw-imap. Stunnel proved to be quite sophisticated in the SSL configuration and level of logging and diagnostic messages.

The client side of my e-mail configuration originally included stock PalmOS VersaMail shipped with the Treo 650 and part of a Sprint plan. The key factor in this decision was availability of unlimited use of Internet connectivity for a flat $15 US per month fee. The VersaMail IMAP support is quite good, and integration with the Blazer Web browser made the sale for me. Unfortunately, a more-intense use of the VersaMail uncovered problems with its operation. The whole setup depends on a reliable mail server polling for new mail. Unfortunately, VersaMail has a bug that impacts scheduling of the polling, and this makes it rather ineffective. I ended up using the SnapperMail mail client for PalmOS, which is a good example of how nine guys in New Zealand can outrun a big corporation like Palm Software. SnapperMail is one of the best PalmOS applications I have used so far.