The following instructions on how to set up a local POP3 (SSL) server to read local Unix mail in Mail.app require an admin user account and Upgrading Postfix with TLS (SSL) support on Mac OS X (10.4). Use at your own risk!

export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"


# create a SSL certificate
# cf. http://www.npcole.com/usingimaptiger.html
# NOTE: put "localhost" in the "Common Name" field

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -days 3650 -out ipop3d.pem -keyout ipop3d.pem 

# If Mail.app later complains about the newly created certificate, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.

openssl x509 -in /System/Library/OpenSSL/certs/ipop3d.pem -noout -fingerprint -subject -issuer


sudo ln -s /usr/include/pam /usr/include/security
sudo cp -p /private/etc/pam.d/ftpd /private/etc/pam.d/pop
#sudo cp -p /private/etc/pam.d/login /private/etc/pam.d/pop

cd ~/Desktop
curl -L -O http://www.macosxguru.net/downloads/localmail.zip
unzip -qq localmail.zip

sudo mkdir -p /usr/local/libexec
sudo cp ~/Desktop/localmail/ipop3d /usr/local/libexec/

sudo chown root:wheel /usr/local/libexec/ipop3d
sudo chmod 755 /usr/local/libexec/ipop3d

sudo cp ~/Desktop/localmail/edu.washington.pop3s.plist  /Library/LaunchDaemons/edu.washington.pop3s.plist


sudo nano /Library/LaunchDaemons/edu.washington.pop3s.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.
com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>edu.washington.pop3s</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/libexec/ipop3d</string>
        </array>
        <key>Sockets</key>
        <dict>
                <key>Listeners</key>
                <dict>
                        <key>Bonjour</key>
                        <false/>
                        <key>SockServiceName</key>
                        <string>pop3s</string>
                        <key>SockType</key>
                        <string>stream</string>
                </dict>
        </dict>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <false/>
        </dict>
</dict>
</plist>

sudo chown root:wheel /Library/LaunchDaemons/edu.washington.pop3s.plist
sudo chmod 644 /Library/LaunchDaemons/edu.washington.pop3s.plist


your_logname="$(/usr/bin/logname)"
echo $your_logname


sudo cp -p /private/etc/postfix/canonical /private/etc/postfix/canonical.orig
sudo nano /private/etc/postfix/canonical
<your_logname>: <your_logname>@localhost


sudo nano /private/etc/postfix/smtpd.conf
auxprop_plugin: login
pwcheck_method: auxprop
mech_list: plain login


sudo cp -p /private/etc/postfix/access /private/etc/postfix/access.orig
sudo nano /private/etc/postfix/access
localhost    OK
<your_logname>@localhost  OK
<your_logname>@local.local  OK
# cf. man hostname
<your_logname>@<your_hostname>  OK



# see man 5 postconf
# check with postconf -n
sudo nano /private/etc/postfix/main.cf

biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /private/etc/postfix/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = localdomain
myhostname = localhost.localdomain
mynetworks = 127.0.0.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /private/etc/postfix/readme
relayhost = [127.0.0.1]
#relayhost = [SMTP_server_address_of_your_ISP]
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_cert_file
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/ipop3d.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550



# reload Postfix
function rpf() {
/usr/bin/sudo /usr/sbin/postmap /private/etc/postfix/access
/usr/bin/sudo /usr/sbin/postalias hash:/private/etc/postfix/canonical
/usr/bin/sudo /usr/bin/newaliases
/usr/bin/sudo /usr/sbin/postfix reload

/usr/bin/sudo /bin/launchctl unload -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

/bin/sleep 2

/usr/bin/sudo /bin/launchctl load -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist   2>/dev/null

return 0
}


rpf

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 1  1000     #  Open TCP Port:  25  smtp; Open TCP Port:   995   pop3s


# now create a new mail account in Mail.app
Account Description: POP Account
Full Name: Your Name
Email Address: <your_logname>@localhost
User Name: <your_logname>
Password: <your system user account password>
Incoming Mail Server: localhost
SSL: on
Outgoing Mail Server: localhost
SSL: on
Mail -> Preferences ... -> Accounts -> POP Account -> Account Information -> Server Settings ...: 
- Server port: 25
- Use SSL -> [yes]
- Authentication -> None
Mail -> Preferences ... -> Accounts -> POP Account -> Advanced:
- Port: 995
- Use SSL -> [yes]
- Authentication -> Password


# ignore error message ...
The POP server "localhost" is not responding. Check your network connection and that you entered 
the correct information in the "Incoming Mail Server" field. If it still doesn't respond, the 
server might be temporarily unavailable.

If you continue, you may not be able to receive any email.

# ... but make sure SSL is actually being used in:
- Mail -> Preferences ... -> Accounts -> POP Account -> Account Information -> Server Settings ...
- Mail -> Preferences ... -> Accounts -> POP Account -> Advanced

# now quit Mail.app and save the changes made in Mail -> Preferences ... -> Accounts -> POP Account ... if necessary


open -a Mail


# dialog box 1:
- Enter Password for Account "POP Account"
- Please enter the password for user <logname> on POP server "localhost"
- <system user account password>
- [yes] Remember this password in my keychain


# dialog box 2:
- Unable to verify SSL server localhost
- Mail was unable to verify the identity of this server, which has a certificate issued to "localhost". The error was:

- The root certificate for this server could not be verified.
- ...

# Once again: if Mail.app complains about the newly created SSL certificate in the above way, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.
- enter your system user account password if prompted

killall Mail


# check Keychain Access items
open -a 'Keychain Access'

# cf. dialog box 1 above
Keychains -> login -> localhost -> click [i] -> Attributes
Name: localhost
Kind: Internet password
Account: <logname>
Where: pop://localhost
Modified: <date>

Keychains -> login -> localhost -> click [i] -> Access Control
- [yes] Confirm before allowing access
#- [yes] Ask for Keychain password
- Always allow access by these applications: Name: Mail, Location: /Applications, Version: ...


# cf. dialog box 2 above
Keychains -> X509Anchors -> [Click to unlock the X509Anchors keychain] -> select "localhost - certificate -- X509Anchors" 
-> click [i] -> Trust Settings -> select Use System Settings or Always Trust 


#-------------------


# test

# curl -L -O http://www.unflyingobject.com/tarkvara/files/ssldump.zip
open /bin/bash
sudo ssldump -i lo0 port 995

open /bin/bash
sudo tcpdump -i lo0 port 995 and host localhost

# test 
echo 'hello world' | mail -s 'test mail' $(logname)@localhost
open -a Mail

Further information:

- How to read local Unix mail in Mail.app under Tiger?
- Enable postfix without inducing insomnia
- What is the difference between POP and IMAP?
- Setting up a local IMAP archive of your mail on Tiger
- Setting up IMAP in Apple Mail

1. fix the command search path

echo '
export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"
' >> $HOME/.bash_login

source $HOME/.bash_login

2. upgrade Postfix

# first make a backup of the entire /private/etc/postfix directory
sudo /usr/bin/ditto -rsrc -c -k /private/etc/postfix "/private/etc/postfixdir-$(/bin/date "+%Y-%m-%d-%H.%M.%S").zip"

cd ~/Desktop
curl -L -O http://mirrors.isc.org/pub/postfix/official/postfix-2.5.0.tar.gz
tar -xzf postfix-2.5.0.tar.gz
cd postfix-2.5.0

# make -h


# cf. http://www.postfix.org/TLS_README.html
# requires Xcode, http://developer.apple.com/tools/download/

find /usr -type f \( -name "libcrypto*" -or -name "libssl*" \) -print0 2>/dev/null | xargs -0 ls -l

make makefiles \
   CFLAGS='-arch $(/usr/bin/arch) -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
   CCARGS="-DUSE_TLS" \
   AUXLIBS="-lssl.0.9.7 -lcrypto.0.9.7"


make

# sudo make install
# or
sudo make upgrade

3. remove comments & empty lines from /private/etc/postfix/main.cf

sudo cp -p /private/etc/postfix/main.cf /private/etc/postfix/main.cf.orig   # backup
sudo sed -i "" -e 's/^[[:space:]]*#.*$//g' -e '/^[[:space:]]*$/d' /private/etc/postfix/main.cf
sudo nano /etc/postfix/main.cf

4. create a new Postfix launch daemon

# backup
sudo cp -p /System/Library/LaunchDaemons/org.postfix.master.plist /System/Library/LaunchDaemons/org.postfix.master.plist.orig  

sudo nano /System/Library/LaunchDaemons/org.postfix.master.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
	<true/>
	<key>Label</key>
	<string>org.postfix.master</string>
	<key>OnDemand</key>
	<false/>
	<key>Program</key>
	<string>/usr/libexec/postfix/master</string>
	<key>ProgramArguments</key>
	<array>
		<string>master</string>
	</array>
	<key>QueueDirectories</key>
	<array>
		<string>/var/spool/postfix/maildrop</string>
	</array>
</dict>
</plist>


sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null
#sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

5. initialize the configuration

sudo mv /private/etc/postfix/master.cf /private/etc/postfix/master.cf.orig
sudo cp -p /private/etc/postfix/master.cf.defaultserver /private/etc/postfix/master.cf

sudo nano /private/etc/postfix/master.cf
# uncomment the following line if necessary
#smtp      inet  n       -       n       -       -       smtpd     

sudo /usr/sbin/postfix reload

6. test

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 25  25     #  Open TCP Port:  25  smtp

/usr/sbin/postconf -d | grep 'mail_version ='

sudo postfix check
sudo postfix status
#sudo postfix -vv status

open -a Console   # see /private/var/log/mail.log

dscl . -read /Users/postfix
dscl . -read /Groups/postfix
dscl . -read /Groups/postdrop
dscl . list /Groups GroupMembership

otool -Lv /usr/libexec/postfix/smtp       # libssl & libcrypto
otool -Lv /usr/libexec/postfix/smtpd
otool -Lv $(/usr/sbin/postconf -h daemon_directory)/smtpd


# send a mail 
echo 'hello world' | mail -s 'test mail' $(/usr/bin/logname)@localhost
mail   # quit with "q <return>"

# send a mail via telnet

your_logname="$(/usr/bin/logname)"
echo $your_logname

telnet localhost 25
<...>
helo localhost
<...>
ehlo localhost
<...>
mail from:<your_logname>@localhost
<...>
rcpt to:<your_lognam>@localhost
<...>
data
<...>
subject: something
my message
.
<...>
quit

mail

Further information:

- Postfix Installation From Source Code
- Postfix Basic Configuration
- Postfix TLS Support
- Postfix on Mac OS X
- Troubleshooting Postfix
- DIYMacServer

To restart postfix and read main.cf and master.cf files from /etc/postfix

postfix reload

vi /etc/postfix/main.cf
virtual_alias_domains = domain1.tld domain2.tld …
virtual_alias_maps = hash:/etc/postfix/virtual
vi /etc/postfix/virtual (ignore quotes)
‘@domain1.tld user1@externaldomain1.tld’
‘@domain2.tld user2@externaldomain2.tld’
newaliases
postmap /etc/postfix/virtual
/etc/init.d/postfix restart

Opened up SMTP port 25 in Shorewall:

vi /etc/shorewall/rules
SMTP/ACCEPT net $FW
/etc/init.d/shorewall reload

We don't really want to delete them all just in case.

cd /usr/local/scratch/
mkdir junk
find /var/spool/postfix -exec grep "somediscernible-feature.com" '{}' \; | awk '{print($3)}' | xargs -J X mv X ./junk/

The "find" produces

Binary file /var/spool/postfix/active/D/D8832E38 matches
Binary file /var/spool/postfix/active/D/D78EC1C72 matches
Binary file /var/spool/postfix/active/D/D593D279D matches
Binary file /var/spool/postfix/active/D/D0EB32833 matches

The awk

/var/spool/postfix/active/D/D8832E38
/var/spool/postfix/active/D/D78EC1C72
/var/spool/postfix/active/D/D593D279D
/var/spool/postfix/active/D/D0EB32833

And then the mv, moves it.