Mail out from GPRS or from... anywhere

19 April 2007

Mail out from GPRS or from... anywhere

Complicated but recommended mails setup

Since I still haven't got ADSL at the new appartment [1], I rely again (as in old times on Limnos) on a GPRS connection through my mobile phone to receive and send mail. Hmm, that "send mail" part is actually the interesting bit. Nowadays it can be hard to actually send mail when you're not in any "normal" Internet situation. For example: spam blocks on dynamic ranges of IPs let many mail servers not accept mail from my GPRS connection, while other mailservers do greylisting and that is inconvenient when you're relying on short timed and expensive connections [2]. But there is one setup that is almost guaranteeing that you get your mail out...

It's complicated and voluminous though: I went and set up STARTTLS and SMTP AUTH on my server (running sendmail), then went and set up the same on my MacBook (with postfix). That way I'm sending out mail exclusively through my own mail server, so I can control access and let the betabug.ch server handle the heavy lifting to talk to other servers. Here are a few notes.

For sendmail on openbsd: To set up STARTTLS, the starttls(8) manpage will take you by the hand and walk you through the necessary steps. It's easy enough. Setting up SMTP AUTH involves two steps, first installing and configuring the cyrus-sasl port, then recompiling sendmail given the WANT_SMTPAUTH=Yes environment variable and reconfiguring that. I'm not going to write another howto on this. I'd like to mention though that I enjoyed the option to have SASL authenticate against my IMAP server -- like that I don't have to set up yet another set of logins, or use system passwords (I don't like to mix ssh logins with mail logins).

Postfix on Mac OS X wasn't too hard either. Again howto's abound on the web. Whenever I have to configure postfix I think how funny it is that postfix users claim the configuration is easier than sendmail's, when in the end you have config files with tons and tons of almost similar options -- so you have to look everything up anyway. Never mind, it worked with minimal fuss.

Last step was -- of course -- to check that my server config is still locked tight and no relay was opened by mistake.

So in the end postfix and sendmail encrypt their SMTP connection, postfix authenticates at sendmails end, where SASL hands over the password to uw-imap for authentication. All that in order to simply send a couple of mails now and then.

1: Hey Vivodi, don't you think it's about time to get your act together? This game starts to get boring.
2: Yahoo... I had tried for almost an hour to send a mail to a yahoo customer. They do greylisting nowadays. But they have a ton of MX servers, so my laptop's mail server tried to contact another one for each retry and never got around the greylisting.

Posted by betabug at 16:13 | Comments (1) | Trackbacks (0)

ch athens

Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page

Recent Entries

New PGP Key (11/14 12:50)
Saturday Ride Report: Dervenohoria (11/12 12:15)
Morgens in der Stadt (11/10 11:33)
Riding the Apollona Round with Wu (10/15 10:16)

Best of

Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:

Security & Privacy:

Misc technical:

Athens for tourists and visitors:

Athens to Patras by Train (updated version 2013
Internet for Visitors in Greece and update:Mobile Internet for Visitors in Greece 2009
Greek and Athens Public Transport and Its Mysteries
Athens Public Transport Maps (Detailed)
Schweizer Kreuze in ganz Athen
Karagiosis - Greek Shadow Theater in the Plaka
Afternoon in Athens
Ferry Schedules to Greek Islands
Glyfada Panorama Picture (find other montage/panorama pictures in the montage category

Life in general:

<< Underground | Main | Preparations and Adaptors >>

Comments

Re: Mail out from GPRS or from... anywhere

I use SMTP-TLS too with a Postfix "client" on my MacBook Pro and a Postfix MTA that relays my mail after checking that my MacBook Pro's X509 v3 certificate is valid and that is listed in the authorized client certificates map.
I also force the allowed algorithms like this:
---
smtp_tls_cipherlist = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
---

But sometimes, I have to use a workaround that involves setting up an SSH tunnel to the MTA because some of the ISPs redirect automatically your mail and without any prior notice through a "transparent" MTA on their network. When this happens, you can see it very quickly when you realize that mail is stuck in the queue of the client and checking your MTA's logs which will tell you that either the client (the ISP's MTA that pretends to be the real client) didn't offer SMTP-TLS or didn't show a valid certificate.

Posted by: Saad Kadhi at April 21,2007 21:23

Trackbacks

You can trackback to: http://betabug.ch/blogs/ch-athens/590/tbping

There are no trackbacks.