Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

« Newer Snippets
Older Snippets »
7 total  XML / RSS feed 

Read local Unix mail in Mail.app

The following instructions on how to set up a local POP3 (SSL) server to read local Unix mail in Mail.app require an admin user account and Upgrading Postfix with TLS (SSL) support on Mac OS X (10.4). Use at your own risk!


export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"


# create a SSL certificate
# cf. http://www.npcole.com/usingimaptiger.html
# NOTE: put "localhost" in the "Common Name" field

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -days 3650 -out ipop3d.pem -keyout ipop3d.pem 

# If Mail.app later complains about the newly created certificate, just:
- Click "Show Certificate"
- Alt-Drag the icon for the certificate onto your desktop.
- Double-click the file.
- In the dialog box that will appear, use the drop down list to add the key to the "X509Anchors" keychain.

openssl x509 -in /System/Library/OpenSSL/certs/ipop3d.pem -noout -fingerprint -subject -issuer


sudo ln -s /usr/include/pam /usr/include/security
sudo cp -p /private/etc/pam.d/ftpd /private/etc/pam.d/pop
#sudo cp -p /private/etc/pam.d/login /private/etc/pam.d/pop

cd ~/Desktop
curl -L -O http://www.macosxguru.net/downloads/localmail.zip
unzip -qq localmail.zip

sudo mkdir -p /usr/local/libexec
sudo cp ~/Desktop/localmail/ipop3d /usr/local/libexec/

sudo chown root:wheel /usr/local/libexec/ipop3d
sudo chmod 755 /usr/local/libexec/ipop3d

sudo cp ~/Desktop/localmail/edu.washington.pop3s.plist  /Library/LaunchDaemons/edu.washington.pop3s.plist


sudo nano /Library/LaunchDaemons/edu.washington.pop3s.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.
com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Labelkey>
        edu.washington.pop3s</string>
        <key>ProgramArgumentskey>
        
                /usr/local/libexec/ipop3dstring>
        </array>
        <key>Socketskey>
        
                Listeners</key>
                <dict>
                        <key>Bonjourkey>
                        />
                        <key>SockServiceNamekey>
                        pop3s</string>
                        <key>SockTypekey>
                        stream</string>
                dict>
        </dict>
        <key>inetdCompatibilitykey>
        
                Wait</key>
                <false/>
        dict>
</dict>
plist>

sudo chown root:wheel /Library/LaunchDaemons/edu.washington.pop3s.plist
sudo chmod 644 /Library/LaunchDaemons/edu.washington.pop3s.plist


your_logname="$(/usr/bin/logname)"
echo $your_logname


sudo cp -p /private/etc/postfix/canonical /private/etc/postfix/canonical.orig
sudo nano /private/etc/postfix/canonical
<your_logname>: <your_logname>@localhost


sudo nano /private/etc/postfix/smtpd.conf
auxprop_plugin: login
pwcheck_method: auxprop
mech_list: plain login


sudo cp -p /private/etc/postfix/access /private/etc/postfix/access.orig
sudo nano /private/etc/postfix/access
localhost    OK
<your_logname>@localhost  OK
<your_logname>@local.local  OK
# cf. man hostname
<your_logname>@<your_hostname>  OK



# see man 5 postconf
# check with postconf -n
sudo nano /private/etc/postfix/main.cf

biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /private/etc/postfix/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = localdomain
myhostname = localhost.localdomain
mynetworks = 127.0.0.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /private/etc/postfix/readme
relayhost = [127.0.0.1]
#relayhost = [SMTP_server_address_of_your_ISP]
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_cert_file
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/ipop3d.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550



# reload Postfix
function rpf() {
/usr/bin/sudo /usr/sbin/postmap /private/etc/postfix/access
/usr/bin/sudo /usr/sbin/postalias hash:/private/etc/postfix/canonical
/usr/bin/sudo /usr/bin/newaliases
/usr/bin/sudo /usr/sbin/postfix reload

/usr/bin/sudo /bin/launchctl unload -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null

/bin/sleep 2

/usr/bin/sudo /bin/launchctl load -w /Library/LaunchDaemons/edu.washington.pop3s.plist  2>/dev/null
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist   2>/dev/null

return 0
}


rpf

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 1  1000     #  Open TCP Port:  25  smtp; Open TCP Port:   995   pop3s


# now create a new mail account in Mail.app
Account Description: POP Account
Full Name: Your Name
Email Address: <your_logname>@localhost
User Name: <your_logname>
Password: <your system user account password>
Incoming Mail Server: localhost
SSL: on
Outgoing Mail Server: localhost
SSL: on
Mail -> Preferences ... -> Accounts -> Account Information -> Server Settings ...: 
- Server port: 25
- Use SSL -> [yes]
- Authentication -> None
Mail -> Preferences ... -> Accounts -> Advanced:
- Port: 995
- Use SSL -> [yes]
- Authentication -> Password



# curl -L -O http://www.unflyingobject.com/tarkvara/files/ssldump.zip
open /bin/bash
sudo ssldump -i lo0 port 995

open /bin/bash
sudo tcpdump -i lo0 port 995 and host localhost

# test 
echo 'hello world' | mail -s 'test mail' $(logname)@localhost
open -a Mail


Further information:

- How to read local Unix mail in Mail.app under Tiger?
- Enable postfix without inducing insomnia
- What is the difference between POP and IMAP?
- Setting up a local IMAP archive of your mail on Tiger
- Setting up IMAP in Apple Mail

to postfix email osx mac ssl unix certificate pop3 pop3s by jv on Feb 06, 2008

Upgrading Postfix with TLS (SSL) support on Mac OS X

1. fix the command search path

echo '
export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin"
' >> $HOME/.bash_login

source $HOME/.bash_login


2. upgrade Postfix

# first make a backup of the entire /private/etc/postfix directory
sudo /usr/bin/ditto -rsrc -c -k /private/etc/postfix "/private/etc/postfixdir-$(/bin/date "+%Y-%m-%d-%H.%M.%S").zip"

cd ~/Desktop
curl -L -O http://mirrors.isc.org/pub/postfix/official/postfix-2.5.0.tar.gz
tar -xzf postfix-2.5.0.tar.gz
cd postfix-2.5.0

# make -h


# cf. http://www.postfix.org/TLS_README.html
# requires Xcode, http://developer.apple.com/tools/download/

find /usr -type f \( -name "libcrypto*" -or -name "libssl*" \) -print0 2>/dev/null | xargs -0 ls -l

make makefiles \
   CFLAGS='-arch $(/usr/bin/arch) -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
   CCARGS="-DUSE_TLS" \
   AUXLIBS="-lssl.0.9.7 -lcrypto.0.9.7"


make

# sudo make install
# or
sudo make upgrade


3. remove comments & empty lines from /private/etc/postfix/main.cf

sudo cp -p /private/etc/postfix/main.cf /private/etc/postfix/main.cf.orig   # backup
sudo sed -i "" -e 's/^[[:space:]]*#.*$//g' -e '/^[[:space:]]*$/d' /private/etc/postfix/main.cf
sudo nano /etc/postfix/main.cf


4. create a new Postfix launch daemon

# backup
sudo cp -p /System/Library/LaunchDaemons/org.postfix.master.plist /System/Library/LaunchDaemons/org.postfix.master.plist.orig  

sudo nano /System/Library/LaunchDaemons/org.postfix.master.plist

<?xml version="1.0" encoding="UTF-8"?>
DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabledkey>
        />
        <key>Labelkey>
        org.postfix.master</string>
        <key>OnDemandkey>
        />
        <key>Programkey>
        /usr/libexec/postfix/masterstring>
        ProgramArguments</key>
        <array>
                <string>masterstring>
        </array>
        <key>QueueDirectorieskey>
        
                /var/spool/postfix/maildropstring>
        </array>
dict>
</plist>


sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null
#sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist 2>/dev/null


5. initialize the configuration

sudo mv /private/etc/postfix/master.cf /private/etc/postfix/master.cf.orig
sudo cp -p /private/etc/postfix/master.cf.defaultserver /private/etc/postfix/master.cf

sudo nano /private/etc/postfix/master.cf
# uncomment the following line if necessary
#smtp      inet  n       -       n       -       -       smtpd     

sudo /usr/sbin/postfix reload


6. test

sudo ln -s "/Applications/Utilities/Network Utility.app/Contents/Resources/stroke" /bin/portscan
portscan localhost 25  25     #  Open TCP Port:  25  smtp

/usr/sbin/postconf -d | grep 'mail_version ='

sudo postfix check
sudo postfix status
#sudo postfix -vv status

open -a Console   # see /private/var/log/mail.log

dscl . -read /Users/postfix
dscl . -read /Groups/postfix
dscl . -read /Groups/postdrop
dscl . list /Groups GroupMembership

otool -Lv /usr/libexec/postfix/smtp       # libssl & libcrypto
otool -Lv /usr/libexec/postfix/smtpd
otool -Lv $(/usr/sbin/postconf -h daemon_directory)/smtpd


# send a mail 
echo 'hello world' | mail -s 'test mail' $(/usr/bin/logname)@localhost
mail   # quit with "q "

# send a mail via telnet

your_logname="$(/usr/bin/logname)"
echo $your_logname

telnet localhost 25
<...>
helo localhost
<...>
ehlo localhost
<...>
mail from:<your_logname>@localhost
<...>
rcpt to:<your_lognam>@localhost
<...>
data
<...>
subject: something
my message
.
<...>
quit

mail


Further information:

- Postfix Installation From Source Code
- Postfix Basic Configuration
- Postfix TLS Support
- Postfix on Mac OS X
- Troubleshooting Postfix
- DIYMacServer

to postfix email osx mac ssl unix upgrade tls by jv on Feb 06, 2008

Force traffic to use SSL (HTTPS://)

// Forces incoming traffic to use SSL connection

 #Force SSL
 RewriteCond %{SERVER_PORT} !443
 RewriteRule ^(.*)$ https://securesiteurl.com/$1 [R=301,L]
to apache ssl by tracyfloyd on Jun 01, 2007

Set up apache2+SSL on FreeBSD

A nice commandline walkthrough. Replace 'eyebeam' with your org name


# setting up apache2 + SSL on FreeBSD
# a list of commands you can copy/paste!
# @author Jamie Wilkinson 
# ganked from 

# edit /etc/openssl.conf to set some nice defaults for location, org. name, etc.
# important! change the default dir ./demoCA to /root/sslCA


# setup
cd ~root/
mkdir sslCA
chmod 700 sslCA
cd sslCA
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

# generate certs
openssl req -new -nodes -out eyebeam-req.pem -keyout private/eyebeam-key.pem -config /etc/ssl/openssl.cnf
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf
openssl ca -config /etc/ssl/openssl.cnf -out eyebeam-cert.pem -days 3650 -infiles eyebeam-req.pem 

# keep them somewhere handy
mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp ~root/sslCA/eyebeam-cert.pem /etc/ssl/crt
cp ~root/sslCA/private/eyebeam-key.pem /etc/ssl/key

# add below to an ssl.conf that you include in your httpd.conf
<VirtualHost *:443>
        ServerName colossus.eyebeam.org:443
        SSLEngine on
        SSLCertificateFile /etc/ssl/crt/eyebeam-cert.pem
        SSLCertificateKeyFile /etc/ssl/key/eyebeam-key.pem
        DocumentRoot /www
        CustomLog /var/log/httpd-ssl-access.log combined
        ErrorLog /var/log/httpd-ssl-error.log
VirtualHost>
to apache freebsd ssl openssl by jamiew on Oct 26, 2006

Socket conditional example (SSL) for a lighttpd instance to do another port

#### SSL engine
$SERVER["socket"] == "207.7.108.166:443" {
ssl.engine                  = "enable"
ssl.pemfile                 = "/usr/local/openssl/certs/wildcard.textdrive.com.pem"
}
to lighttpd conditionals ssl by jason2 on Dec 28, 2005

Getting a copy of a x509 certificate

If you need to easily retrieve a x509 certificate from a remote webserver, the easiest method is:

openssl s_client -showcerts -connect www.example.com:443


Which you can then go and copy from the line starting with '-----BEGIN CERTIFICATE-----' to '-----END CERTIFICATE-----' into the www.example.com.crt file.
to apache ssl openssl certifcates by jacques on Jun 28, 2005

Chained SSL certs in lighttpd

ssl.ca-file = "/usr/local/openssl/certs/chain.ca.crt"
ssl.pemfile = "/usr/local/openssl/certs/server.pem"
to lighttpd ssl chainedcerts by jason on Jun 25, 2005
« Newer Snippets
Older Snippets »
7 total  XML / RSS feed