Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

« Newer Snippets
Older Snippets »
5 total  XML / RSS feed 

Read local Unix mail in Mail.app

The following instructions on how to set up a local POP3 (SSL) server to read local Unix mail in Mail.app require an admin user account and Upgrading Postfix with TLS (SSL) support on Mac OS X (10.4). Use at your own risk!


export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"


# create a SSL certificate
# cf. http://www.npcole.com/usingimaptiger.html
# NOTE: put "localhost" in the "Common Name" field

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -days 3650 -out ipop3d.pem -keyout ipop3d.pem 

# If Mail.app later complains about the newly created certificate, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.

openssl x509 -in /System/Library/OpenSSL/certs/ipop3d.pem -noout -fingerprint -subject -issuer


sudo ln -s /usr/include/pam /usr/include/security
sudo cp -p /private/etc/pam.d/ftpd /private/etc/pam.d/pop
#sudo cp -p /private/etc/pam.d/login /private/etc/pam.d/pop

cd ~/Desktop
curl -L -O http://www.macosxguru.net/downloads/localmail.zip
unzip -qq localmail.zip

sudo mkdir -p /usr/local/libexec
sudo cp ~/Desktop/localmail/ipop3d /usr/local/libexec/

sudo chown root:wheel /usr/local/libexec/ipop3d
sudo chmod 755 /usr/local/libexec/ipop3d

sudo cp ~/Desktop/localmail/edu.washington.pop3s.plist  /Library/LaunchDaemons/edu.washington.pop3s.plist


sudo nano /Library/LaunchDaemons/edu.washington.pop3s.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.
com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Labelkey>
        edu.washington.pop3s</string>
        <key>ProgramArgumentskey>
        
                /usr/local/libexec/ipop3dstring>
        </array>
        <key>Socketskey>
        
                Listeners</key>
                <dict>
                        <key>Bonjourkey>
                        />
                        <key>SockServiceNamekey>
                        pop3s</string>
                        <key>SockTypekey>
                        stream</string>
                dict>
        </dict>
        <key>inetdCompatibilitykey>
        
                Wait</key>
                <false/>
        dict>
</dict>
plist>

sudo chown root:wheel /Library/LaunchDaemons/edu.washington.pop3s.plist
sudo chmod 644 /Library/LaunchDaemons/edu.washington.pop3s.plist


your_logname="$(/usr/bin/logname)"
echo $your_logname


sudo cp -p /private/etc/postfix/canonical /private/etc/postfix/canonical.orig
sudo nano /private/etc/postfix/canonical
<your_logname>: <your_logname>@localhost


sudo nano /private/etc/postfix/smtpd.conf
auxprop_plugin: login
pwcheck_method: auxprop
mech_list: plain login


sudo cp -p /private/etc/postfix/access /private/etc/postfix/access.orig
sudo nano /private/etc/postfix/access
localhost    OK
<your_logname>@localhost  OK
<your_logname>@local.local  OK
# cf. man hostname
<your_logname>@<your_hostname>  OK



# see man 5 postconf
# check with postconf -n
sudo nano /private/etc/postfix/main.cf

biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /private/etc/postfix/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = localdomain
myhostname = localhost.localdomain
mynetworks = 127.0.0.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /private/etc/postfix/readme
relayhost = [127.0.0.1]
#relayhost = [SMTP_server_address_of_your_ISP]
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_cert_file
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/ipop3d.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550



# reload Postfix
function rpf() {
/usr/bin/sudo /usr/sbin/postmap /private/etc/postfix/access
/usr/bin/sudo /usr/sbin/postalias hash:/private/etc/postfix/canonical
/usr/bin/sudo /usr/bin/newaliases
/usr/bin/sudo /usr/sbin/postfix reload

/usr/bin/sudo /bin/launchctl unload -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

/bin/sleep 2

/usr/bin/sudo /bin/launchctl load -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist   2>/dev/null

return 0
}


rpf

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 1  1000     #  Open TCP Port:  25  smtp; Open TCP Port:   995   pop3s


# now create a new mail account in Mail.app
Account Description: POP Account
Full Name: Your Name
Email Address: <your_logname>@localhost
User Name: <your_logname>
Password: <your system user account password>
Incoming Mail Server: localhost
SSL: on
Outgoing Mail Server: localhost
SSL: on
Mail -> Preferences ... -> Accounts -> Account Information -> Server Settings ...: 
- Server port: 25
- Use SSL -> [yes]
- Authentication -> None
Mail -> Preferences ... -> Accounts -> Advanced:
- Port: 995
- Use SSL -> [yes]
- Authentication -> Password



# curl -L -O http://www.unflyingobject.com/tarkvara/files/ssldump.zip
open /bin/bash
sudo ssldump -i lo0 port 995

open /bin/bash
sudo tcpdump -i lo0 port 995 and host localhost

# test 
echo 'hello world' | mail -s 'test mail' $(logname)@localhost
open -a Mail


Further information:

- How to read local Unix mail in Mail.app under Tiger?
- Enable postfix without inducing insomnia
- What is the difference between POP and IMAP?
- Setting up a local IMAP archive of your mail on Tiger
- Setting up IMAP in Apple Mail

Upgrading Postfix with TLS (SSL) support on Mac OS X

1. fix the command search path

echo '
export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"
' >> $HOME/.bash_login

source $HOME/.bash_login


2. upgrade Postfix

# first make a backup of the entire /private/etc/postfix directory
sudo /usr/bin/ditto -rsrc -c -k /private/etc/postfix "/private/etc/postfixdir-$(/bin/date "+%Y-%m-%d-%H.%M.%S").zip"

cd ~/Desktop
curl -L -O http://mirrors.isc.org/pub/postfix/official/postfix-2.5.0.tar.gz
tar -xzf postfix-2.5.0.tar.gz
cd postfix-2.5.0

# make -h


# cf. http://www.postfix.org/TLS_README.html
# requires Xcode, http://developer.apple.com/tools/download/

find /usr -type f \( -name "libcrypto*" -or -name "libssl*" \) -print0 2>/dev/null | xargs -0 ls -l

make makefiles \
   CFLAGS='-arch $(/usr/bin/arch) -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
   CCARGS="-DUSE_TLS" \
   AUXLIBS="-lssl.0.9.7 -lcrypto.0.9.7"


make

# sudo make install
# or
sudo make upgrade


3. remove comments & empty lines from /private/etc/postfix/main.cf

sudo cp -p /private/etc/postfix/main.cf /private/etc/postfix/main.cf.orig   # backup
sudo sed -i "" -e 's/^[[:space:]]*#.*$//g' -e '/^[[:space:]]*$/d' /private/etc/postfix/main.cf
sudo nano /etc/postfix/main.cf


4. create a new Postfix launch daemon

# backup
sudo cp -p /System/Library/LaunchDaemons/org.postfix.master.plist /System/Library/LaunchDaemons/org.postfix.master.plist.orig  

sudo nano /System/Library/LaunchDaemons/org.postfix.master.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabledkey>
        />
        <key>Labelkey>
        org.postfix.master</string>
        <key>OnDemandkey>
        />
        <key>Programkey>
        /usr/libexec/postfix/masterstring>
        ProgramArguments</key>
        <array>
                <string>masterstring>
        </array>
        <key>QueueDirectorieskey>
        
                /var/spool/postfix/maildropstring>
        </array>
dict>
</plist>


sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null
#sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null


5. initialize the configuration

sudo mv /private/etc/postfix/master.cf /private/etc/postfix/master.cf.orig
sudo cp -p /private/etc/postfix/master.cf.defaultserver /private/etc/postfix/master.cf

sudo nano /private/etc/postfix/master.cf
# uncomment the following line if necessary
#smtp      inet  n       -       n       -       -       smtpd     

sudo /usr/sbin/postfix reload


6. test

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 25  25     #  Open TCP Port:  25  smtp

/usr/sbin/postconf -d | grep 'mail_version ='

sudo postfix check
sudo postfix status
#sudo postfix -vv status

open -a Console   # see /private/var/log/mail.log

dscl . -read /Users/postfix
dscl . -read /Groups/postfix
dscl . -read /Groups/postdrop
dscl . list /Groups GroupMembership

otool -Lv /usr/libexec/postfix/smtp       # libssl & libcrypto
otool -Lv /usr/libexec/postfix/smtpd
otool -Lv $(/usr/sbin/postconf -h daemon_directory)/smtpd


# send a mail 
echo 'hello world' | mail -s 'test mail' $(/usr/bin/logname)@localhost
mail   # quit with "q "

# send a mail via telnet

your_logname="$(/usr/bin/logname)"
echo $your_logname

telnet localhost 25
<...>
helo localhost
<...>
ehlo localhost
<...>
mail from:<your_logname>@localhost
<...>
rcpt to:<your_lognam>@localhost
<...>
data
<...>
subject: something
my message
.
<...>
quit

mail


Further information:

- Postfix Installation From Source Code
- Postfix Basic Configuration
- Postfix TLS Support
- Postfix on Mac OS X
- Troubleshooting Postfix
- DIYMacServer

postfix reload

To restart postfix and read main.cf and master.cf files from /etc/postfix

postfix reload

Postfix virtual email

vi /etc/postfix/main.cf
virtual_alias_domains = domain1.tld domain2.tldvirtual_alias_maps = hash:/etc/postfix/virtual
vi /etc/postfix/virtual (ignore quotes)@domain1.tld user1@externaldomain1.tld’@domain2.tld user2@externaldomain2.tld’
newaliases
postmap /etc/postfix/virtual
/etc/init.d/postfix restart

Opened up SMTP port 25 in Shorewall:
vi /etc/shorewall/rules
SMTP/ACCEPT net $FW
/etc/init.d/shorewall reload

Clearing out a bunch of spam with spoofed emails that were bounced back to some poor guy with a catchall email

We don't really want to delete them all just in case.

cd /usr/local/scratch/
mkdir junk
find /var/spool/postfix -exec grep "somediscernible-feature.com" '{}' \; | awk '{print($3)}' | xargs -J X mv X ./junk/


The "find" produces

Binary file /var/spool/postfix/active/D/D8832E38 matches
Binary file /var/spool/postfix/active/D/D78EC1C72 matches
Binary file /var/spool/postfix/active/D/D593D279D matches
Binary file /var/spool/postfix/active/D/D0EB32833 matches


The awk

/var/spool/postfix/active/D/D8832E38
/var/spool/postfix/active/D/D78EC1C72
/var/spool/postfix/active/D/D593D279D
/var/spool/postfix/active/D/D0EB32833


And then the mv, moves it.
« Newer Snippets
Older Snippets »
5 total  XML / RSS feed