Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

« Newer Snippets
Older Snippets »
5 total  XML / RSS feed 

Read local Unix mail in

The following instructions on how to set up a local POP3 (SSL) server to read local Unix mail in require an admin user account and Upgrading Postfix with TLS (SSL) support on Mac OS X (10.4). Use at your own risk!

export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"

# create a SSL certificate
# cf.
# NOTE: put "localhost" in the "Common Name" field

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -days 3650 -out ipop3d.pem -keyout ipop3d.pem 

# If later complains about the newly created certificate, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.

openssl x509 -in /System/Library/OpenSSL/certs/ipop3d.pem -noout -fingerprint -subject -issuer

sudo ln -s /usr/include/pam /usr/include/security
sudo cp -p /private/etc/pam.d/ftpd /private/etc/pam.d/pop
#sudo cp -p /private/etc/pam.d/login /private/etc/pam.d/pop

cd ~/Desktop
curl -L -O
unzip -qq

sudo mkdir -p /usr/local/libexec
sudo cp ~/Desktop/localmail/ipop3d /usr/local/libexec/

sudo chown root:wheel /usr/local/libexec/ipop3d
sudo chmod 755 /usr/local/libexec/ipop3d

sudo cp ~/Desktop/localmail/edu.washington.pop3s.plist  /Library/LaunchDaemons/edu.washington.pop3s.plist

sudo nano /Library/LaunchDaemons/edu.washington.pop3s.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "
<plist version="1.0">

sudo chown root:wheel /Library/LaunchDaemons/edu.washington.pop3s.plist
sudo chmod 644 /Library/LaunchDaemons/edu.washington.pop3s.plist

echo $your_logname

sudo cp -p /private/etc/postfix/canonical /private/etc/postfix/canonical.orig
sudo nano /private/etc/postfix/canonical
<your_logname>: <your_logname>@localhost

sudo nano /private/etc/postfix/smtpd.conf
auxprop_plugin: login
pwcheck_method: auxprop
mech_list: plain login

sudo cp -p /private/etc/postfix/access /private/etc/postfix/access.orig
sudo nano /private/etc/postfix/access
localhost    OK
<your_logname>@localhost  OK
<your_logname>@local.local  OK
# cf. man hostname
<your_logname>@<your_hostname>  OK

# see man 5 postconf
# check with postconf -n
sudo nano /private/etc/postfix/

biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /private/etc/postfix/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = localdomain
myhostname = localhost.localdomain
mynetworks =
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /private/etc/postfix/readme
relayhost = []
#relayhost = [SMTP_server_address_of_your_ISP]
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_cert_file
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/ipop3d.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

# reload Postfix
function rpf() {
/usr/bin/sudo /usr/sbin/postmap /private/etc/postfix/access
/usr/bin/sudo /usr/sbin/postalias hash:/private/etc/postfix/canonical
/usr/bin/sudo /usr/bin/newaliases
/usr/bin/sudo /usr/sbin/postfix reload

/usr/bin/sudo /bin/launchctl unload -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

/bin/sleep 2

/usr/bin/sudo /bin/launchctl load -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist   2>/dev/null

return 0


sudo ln -s "/Applications/Utilities/Network" /bin/portscan
portscan localhost 1  1000     #  Open TCP Port:  25  smtp; Open TCP Port:   995   pop3s

# now create a new mail account in
Account Description: POP Account
Full Name: Your Name
Email Address: <your_logname>@localhost
User Name: <your_logname>
Password: <your system user account password>
Incoming Mail Server: localhost
SSL: on
Outgoing Mail Server: localhost
SSL: on
Mail -> Preferences ... -> Accounts -> Account Information -> Server Settings ...: 
- Server port: 25
- Use SSL -> [yes]
- Authentication -> None
Mail -> Preferences ... -> Accounts -> Advanced:
- Port: 995
- Use SSL -> [yes]
- Authentication -> Password

# curl -L -O
open /bin/bash
sudo ssldump -i lo0 port 995

open /bin/bash
sudo tcpdump -i lo0 port 995 and host localhost

# test 
echo 'hello world' | mail -s 'test mail' $(logname)@localhost
open -a Mail

Further information:

- How to read local Unix mail in under Tiger?
- Enable postfix without inducing insomnia
- What is the difference between POP and IMAP?
- Setting up a local IMAP archive of your mail on Tiger
- Setting up IMAP in Apple Mail

Upgrading Postfix with TLS (SSL) support on Mac OS X

1. fix the command search path

echo '
export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"
' >> $HOME/.bash_login

source $HOME/.bash_login

2. upgrade Postfix

# first make a backup of the entire /private/etc/postfix directory
sudo /usr/bin/ditto -rsrc -c -k /private/etc/postfix "/private/etc/postfixdir-$(/bin/date "+%Y-%m-%d-%H.%M.%S").zip"

cd ~/Desktop
curl -L -O
tar -xzf postfix-2.5.0.tar.gz
cd postfix-2.5.0

# make -h

# cf.
# requires Xcode,

find /usr -type f \( -name "libcrypto*" -or -name "libssl*" \) -print0 2>/dev/null | xargs -0 ls -l

make makefiles \
   CFLAGS='-arch $(/usr/bin/arch) -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
   AUXLIBS="-lssl.0.9.7 -lcrypto.0.9.7"


# sudo make install
# or
sudo make upgrade

3. remove comments & empty lines from /private/etc/postfix/

sudo cp -p /private/etc/postfix/ /private/etc/postfix/   # backup
sudo sed -i "" -e 's/^[[:space:]]*#.*$//g' -e '/^[[:space:]]*$/d' /private/etc/postfix/
sudo nano /etc/postfix/

4. create a new Postfix launch daemon

# backup
sudo cp -p /System/Library/LaunchDaemons/org.postfix.master.plist /System/Library/LaunchDaemons/org.postfix.master.plist.orig  

sudo nano /System/Library/LaunchDaemons/org.postfix.master.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">

sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null
#sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

5. initialize the configuration

sudo mv /private/etc/postfix/ /private/etc/postfix/
sudo cp -p /private/etc/postfix/ /private/etc/postfix/

sudo nano /private/etc/postfix/
# uncomment the following line if necessary
#smtp      inet  n       -       n       -       -       smtpd     

sudo /usr/sbin/postfix reload

6. test

sudo ln -s "/Applications/Utilities/Network" /bin/portscan
portscan localhost 25  25     #  Open TCP Port:  25  smtp

/usr/sbin/postconf -d | grep 'mail_version ='

sudo postfix check
sudo postfix status
#sudo postfix -vv status

open -a Console   # see /private/var/log/mail.log

dscl . -read /Users/postfix
dscl . -read /Groups/postfix
dscl . -read /Groups/postdrop
dscl . list /Groups GroupMembership

otool -Lv /usr/libexec/postfix/smtp       # libssl & libcrypto
otool -Lv /usr/libexec/postfix/smtpd
otool -Lv $(/usr/sbin/postconf -h daemon_directory)/smtpd

# send a mail 
echo 'hello world' | mail -s 'test mail' $(/usr/bin/logname)@localhost
mail   # quit with "q "

# send a mail via telnet

echo $your_logname

telnet localhost 25
helo localhost
ehlo localhost
mail from:<your_logname>@localhost
rcpt to:<your_lognam>@localhost
subject: something
my message


Further information:

- Postfix Installation From Source Code
- Postfix Basic Configuration
- Postfix TLS Support
- Postfix on Mac OS X
- Troubleshooting Postfix
- DIYMacServer

postfix reload

To restart postfix and read and files from /etc/postfix

postfix reload

Postfix virtual email

vi /etc/postfix/
virtual_alias_domains = domain1.tld domain2.tldvirtual_alias_maps = hash:/etc/postfix/virtual
vi /etc/postfix/virtual (ignore quotes)@domain1.tld user1@externaldomain1.tld’@domain2.tld user2@externaldomain2.tld’
postmap /etc/postfix/virtual
/etc/init.d/postfix restart

Opened up SMTP port 25 in Shorewall:
vi /etc/shorewall/rules
/etc/init.d/shorewall reload

Clearing out a bunch of spam with spoofed emails that were bounced back to some poor guy with a catchall email

We don't really want to delete them all just in case.

cd /usr/local/scratch/
mkdir junk
find /var/spool/postfix -exec grep "" '{}' \; | awk '{print($3)}' | xargs -J X mv X ./junk/

The "find" produces

Binary file /var/spool/postfix/active/D/D8832E38 matches
Binary file /var/spool/postfix/active/D/D78EC1C72 matches
Binary file /var/spool/postfix/active/D/D593D279D matches
Binary file /var/spool/postfix/active/D/D0EB32833 matches

The awk


And then the mv, moves it.
« Newer Snippets
Older Snippets »
5 total  XML / RSS feed