Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

« Newer Snippets
Older Snippets »
7 total  XML / RSS feed 

Read local Unix mail in

The following instructions on how to set up a local POP3 (SSL) server to read local Unix mail in require an admin user account and Upgrading Postfix with TLS (SSL) support on Mac OS X (10.4). Use at your own risk!

export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"

# create a SSL certificate
# cf.
# NOTE: put "localhost" in the "Common Name" field

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -days 3650 -out ipop3d.pem -keyout ipop3d.pem 

# If later complains about the newly created certificate, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.

openssl x509 -in /System/Library/OpenSSL/certs/ipop3d.pem -noout -fingerprint -subject -issuer

sudo ln -s /usr/include/pam /usr/include/security
sudo cp -p /private/etc/pam.d/ftpd /private/etc/pam.d/pop
#sudo cp -p /private/etc/pam.d/login /private/etc/pam.d/pop

cd ~/Desktop
curl -L -O
unzip -qq

sudo mkdir -p /usr/local/libexec
sudo cp ~/Desktop/localmail/ipop3d /usr/local/libexec/

sudo chown root:wheel /usr/local/libexec/ipop3d
sudo chmod 755 /usr/local/libexec/ipop3d

sudo cp ~/Desktop/localmail/edu.washington.pop3s.plist  /Library/LaunchDaemons/edu.washington.pop3s.plist

sudo nano /Library/LaunchDaemons/edu.washington.pop3s.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "
<plist version="1.0">

sudo chown root:wheel /Library/LaunchDaemons/edu.washington.pop3s.plist
sudo chmod 644 /Library/LaunchDaemons/edu.washington.pop3s.plist

echo $your_logname

sudo cp -p /private/etc/postfix/canonical /private/etc/postfix/canonical.orig
sudo nano /private/etc/postfix/canonical
<your_logname>: <your_logname>@localhost

sudo nano /private/etc/postfix/smtpd.conf
auxprop_plugin: login
pwcheck_method: auxprop
mech_list: plain login

sudo cp -p /private/etc/postfix/access /private/etc/postfix/access.orig
sudo nano /private/etc/postfix/access
localhost    OK
<your_logname>@localhost  OK
<your_logname>@local.local  OK
# cf. man hostname
<your_logname>@<your_hostname>  OK

# see man 5 postconf
# check with postconf -n
sudo nano /private/etc/postfix/

biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /private/etc/postfix/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = localdomain
myhostname = localhost.localdomain
mynetworks =
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /private/etc/postfix/readme
relayhost = []
#relayhost = [SMTP_server_address_of_your_ISP]
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_cert_file
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/ipop3d.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

# reload Postfix
function rpf() {
/usr/bin/sudo /usr/sbin/postmap /private/etc/postfix/access
/usr/bin/sudo /usr/sbin/postalias hash:/private/etc/postfix/canonical
/usr/bin/sudo /usr/bin/newaliases
/usr/bin/sudo /usr/sbin/postfix reload

/usr/bin/sudo /bin/launchctl unload -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

/bin/sleep 2

/usr/bin/sudo /bin/launchctl load -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist   2>/dev/null

return 0


sudo ln -s "/Applications/Utilities/Network" /bin/portscan
portscan localhost 1  1000     #  Open TCP Port:  25  smtp; Open TCP Port:   995   pop3s

# now create a new mail account in
Account Description: POP Account
Full Name: Your Name
Email Address: <your_logname>@localhost
User Name: <your_logname>
Password: <your system user account password>
Incoming Mail Server: localhost
SSL: on
Outgoing Mail Server: localhost
SSL: on
Mail -> Preferences ... -> Accounts -> Account Information -> Server Settings ...: 
- Server port: 25
- Use SSL -> [yes]
- Authentication -> None
Mail -> Preferences ... -> Accounts -> Advanced:
- Port: 995
- Use SSL -> [yes]
- Authentication -> Password

# curl -L -O
open /bin/bash
sudo ssldump -i lo0 port 995

open /bin/bash
sudo tcpdump -i lo0 port 995 and host localhost

# test 
echo 'hello world' | mail -s 'test mail' $(logname)@localhost
open -a Mail

Further information:

- How to read local Unix mail in under Tiger?
- Enable postfix without inducing insomnia
- What is the difference between POP and IMAP?
- Setting up a local IMAP archive of your mail on Tiger
- Setting up IMAP in Apple Mail

Upgrading Postfix with TLS (SSL) support on Mac OS X

1. fix the command search path

echo '
export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"
' >> $HOME/.bash_login

source $HOME/.bash_login

2. upgrade Postfix

# first make a backup of the entire /private/etc/postfix directory
sudo /usr/bin/ditto -rsrc -c -k /private/etc/postfix "/private/etc/postfixdir-$(/bin/date "+%Y-%m-%d-%H.%M.%S").zip"

cd ~/Desktop
curl -L -O
tar -xzf postfix-2.5.0.tar.gz
cd postfix-2.5.0

# make -h

# cf.
# requires Xcode,

find /usr -type f \( -name "libcrypto*" -or -name "libssl*" \) -print0 2>/dev/null | xargs -0 ls -l

make makefiles \
   CFLAGS='-arch $(/usr/bin/arch) -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
   AUXLIBS="-lssl.0.9.7 -lcrypto.0.9.7"


# sudo make install
# or
sudo make upgrade

3. remove comments & empty lines from /private/etc/postfix/

sudo cp -p /private/etc/postfix/ /private/etc/postfix/   # backup
sudo sed -i "" -e 's/^[[:space:]]*#.*$//g' -e '/^[[:space:]]*$/d' /private/etc/postfix/
sudo nano /etc/postfix/

4. create a new Postfix launch daemon

# backup
sudo cp -p /System/Library/LaunchDaemons/org.postfix.master.plist /System/Library/LaunchDaemons/org.postfix.master.plist.orig  

sudo nano /System/Library/LaunchDaemons/org.postfix.master.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">

sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null
#sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

5. initialize the configuration

sudo mv /private/etc/postfix/ /private/etc/postfix/
sudo cp -p /private/etc/postfix/ /private/etc/postfix/

sudo nano /private/etc/postfix/
# uncomment the following line if necessary
#smtp      inet  n       -       n       -       -       smtpd     

sudo /usr/sbin/postfix reload

6. test

sudo ln -s "/Applications/Utilities/Network" /bin/portscan
portscan localhost 25  25     #  Open TCP Port:  25  smtp

/usr/sbin/postconf -d | grep 'mail_version ='

sudo postfix check
sudo postfix status
#sudo postfix -vv status

open -a Console   # see /private/var/log/mail.log

dscl . -read /Users/postfix
dscl . -read /Groups/postfix
dscl . -read /Groups/postdrop
dscl . list /Groups GroupMembership

otool -Lv /usr/libexec/postfix/smtp       # libssl & libcrypto
otool -Lv /usr/libexec/postfix/smtpd
otool -Lv $(/usr/sbin/postconf -h daemon_directory)/smtpd

# send a mail 
echo 'hello world' | mail -s 'test mail' $(/usr/bin/logname)@localhost
mail   # quit with "q "

# send a mail via telnet

echo $your_logname

telnet localhost 25
helo localhost
ehlo localhost
mail from:<your_logname>@localhost
rcpt to:<your_lognam>@localhost
subject: something
my message


Further information:

- Postfix Installation From Source Code
- Postfix Basic Configuration
- Postfix TLS Support
- Postfix on Mac OS X
- Troubleshooting Postfix
- DIYMacServer

Force traffic to use SSL (HTTPS://)

// Forces incoming traffic to use SSL connection

 #Force SSL
 RewriteCond %{SERVER_PORT} !443
 RewriteRule ^(.*)$$1 [R=301,L]

Set up apache2+SSL on FreeBSD

A nice commandline walkthrough. Replace 'eyebeam' with your org name

# setting up apache2 + SSL on FreeBSD
# a list of commands you can copy/paste!
# @author Jamie Wilkinson 
# ganked from 

# edit /etc/openssl.conf to set some nice defaults for location, org. name, etc.
# important! change the default dir ./demoCA to /root/sslCA

# setup
cd ~root/
mkdir sslCA
chmod 700 sslCA
cd sslCA
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

# generate certs
openssl req -new -nodes -out eyebeam-req.pem -keyout private/eyebeam-key.pem -config /etc/ssl/openssl.cnf
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf
openssl ca -config /etc/ssl/openssl.cnf -out eyebeam-cert.pem -days 3650 -infiles eyebeam-req.pem 

# keep them somewhere handy
mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp ~root/sslCA/eyebeam-cert.pem /etc/ssl/crt
cp ~root/sslCA/private/eyebeam-key.pem /etc/ssl/key

# add below to an ssl.conf that you include in your httpd.conf
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/crt/eyebeam-cert.pem
        SSLCertificateKeyFile /etc/ssl/key/eyebeam-key.pem
        DocumentRoot /www
        CustomLog /var/log/httpd-ssl-access.log combined
        ErrorLog /var/log/httpd-ssl-error.log

Socket conditional example (SSL) for a lighttpd instance to do another port

#### SSL engine
$SERVER["socket"] == "" {
ssl.engine                  = "enable"
ssl.pemfile                 = "/usr/local/openssl/certs/"

Getting a copy of a x509 certificate

If you need to easily retrieve a x509 certificate from a remote webserver, the easiest method is:

openssl s_client -showcerts -connect

Which you can then go and copy from the line starting with '-----BEGIN CERTIFICATE-----' to '-----END CERTIFICATE-----' into the file.

Chained SSL certs in lighttpd = "/usr/local/openssl/certs/"
ssl.pemfile = "/usr/local/openssl/certs/server.pem"
« Newer Snippets
Older Snippets »
7 total  XML / RSS feed