Re: [Nmh-workers] Need some general advice
Hi rfg, I have a SMTP server on the Internet that accepts the email and holds it, ready for fetchmail(1) to run at home and pull it down to hand to a local SMTP server that plonks it in a spool file for nmh's inc(1) to read. You could probably cut out some of those parts with nmh's more recent features, but I also like to send email between home users without it leaving the machine, and use mail(1) occassionally too. Some packages/programs to look out for in your research apart from the normal postfix are https://en.wikipedia.org/wiki/Amavis https://en.wikipedia.org/wiki/Spamassassin https://en.wikipedia.org/wiki/Clam_AntiVirus https://postgrey.schweikert.ch/ They'll mention other things, like Pyzor. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
robert wrote: > That is, I simply use ssh (including ssh IP tunnels) to handle all the > security issues - I assume that anyone who needs can have an account i use ssh tunnels in similar ways, though in my case it's to traverse the bi-directional link between my home server, whose address can change (and which can't serve SMTP directly), and my colo (which is my actual MX host). (i don't really have a "receive mail remotely" solution -- i simply ssh into the home server and read it "locally" there. it serves my purposes.) all of robert's points about the flexibility of running your own server are spot on. for instance, i deliver copies of all my mail to a Maildir on the colo itself, just in case i'm away from home for an extended time and the home server or ISP connection fails. i can still log into the colo and read the last month's worth of mail using mutt. (i could install MH, but it's really just for emergency use.) > The tunnels are maintained by a "while true; do ssh ...; done" script > that simply runs on my laptop from when I start it ... i also wanted to mention that the "while true" loop can be handled by "autossh". i like it because i actually use ssh tunnels for quite a few things, and having a standard one-liner to maintain them is quite convenient. http://www.harding.motd.ca/autossh/ paul =-- paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 78.6 degrees) ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
Date:Tue, 13 Sep 2016 20:29:41 -0700 From:"Ronald F. Guilmette" Message-ID: <69684.1473823...@segfault.tristatelogic.com> | I'll be trying to figure out how I'm gonna handle all this in the | very near future. I may be back soon with more questions. If it helps, and based upon the assumption that the server is under your control, you could also perhaps use a setup more like what I do. That is, I simply use ssh (including ssh IP tunnels) to handle all the security issues - I assume that anyone who needs can have an account on the server that they can use for this purpose. On the client, I have an MTA setup, that delivers all mail to a magic port on localhost. That port connects to a ssh tunnel that connects to the SMTP server at the server. MH (nmh) cimply connects to the localhost (laptop or whatever) MTA as normal. If you look at the Received headers of this message you'll see that in action - andromeda (first hop) is my laptop, which is buried behind an (IPv4 & NAT only unfortunately) ADSL link with an address that changes daily. munnari is the server - you'll see on its Received header that it also receives the mail from "localhost" (IPv6 localhost but that's irrelevant) - that's the effect of the incoming SMTP connection via the ssh tunnel. After that it is SMTP as normal. The server only needs to permit mail submission from localhost, not the whole internet, so there's no possibility of being used as a spam relay, and it needs no SMTP authentication (though you could use it if desired), so works whatever MTA you choose to run with no special config. Multiple users (whatever domain name their email address appears as) should be no problem, each just needs some (server local) unique login name that they can use to ssh as (which doesn't need to be any way similar to their e-mail addresses.) The tunnels are maintained by a "while true; do ssh ...; done" script that simply runs on my laptop from when I start it (more correctly, from when the encrypted filesys that holds the ssh key files becomes available) until it shuts down, the loop handles the connection breakage that occurs when the ISP decides an IP addr change is needed (and other random network outages), and running a local MTA deals with queueing so I can send e-mail any time, and if that happens to be when something is preventing the tunnel from working, I know the mail will get transmitted eventually, when all is good again.) For incoming mail I just scp the mailbox file from the server (a little more complicated than that, as it needs protection against mail arriving while the copy is in progress - so I just move the mailbox file first, in a way that guarantees messages will either be complete in the old mailbox or go into a new one) - after it arrives on my laptop I use procmail to spread it around my MH folders, but inc would work as well (this scheme has the advantage that I keep the mailbox copy files on both my laptop and the server for a while, so if anything goes wrong I can always just unpack one, or more, again.) They could also be unpacked on the server as well, if I needed that - I don't, I have used my laptop (exclusively) for all e-mail for decades now (not the same laptop of course...) which is why I had nothing to contribute on the "Sharing MH files..." thread of earlier in the month. Ths point of this message isn't really to suggest that you should duplicate my setup, rather that if you have the ability at the server end, you can come up with innovative solutions that do exactly what you need, which is a luxury denied to those who are forced to deal with ISP (or corporate) provided servers and can only use the methods that also work on windows... For example, since you are running an HTTP server anyway (you said) you could create a magic https:// URL that would download mail for you (and access it using wget or curl or whatever) and another than would allow you to post mail (would need more work on the local end to make work) - which would have the advantage of keeping e-mail access working even if you get stuck in a location where there's a firewall that allows nothing but http (even intermediate proxy servers should do no harm.) Note I have never tried this (munnari has no HTTP server) so I don't know how easy it would be - particularly dealing with user authentication safely -(or even if it really is possible.) Any of this means that you don't need to deal with the limitations of POP, nor to attempt to dream about how MH and IMAP might one day be integrated, where none of the imagined solutions actually looks very much as if what you would end up with is nearly as nice as MH is supposed to be (and is.) kre ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
I just wanted to thank you guys who responded to my request for advice. I think that I'm going to have to think about this all some more. When I posted, I neglected to mention that getting all my mail to flow the way I want it may perhaps be complicated by the fact that I have multiple domains, and also multiple mail users within each domain. I'll be trying to figure out how I'm gonna handle all this in the very near future. I may be back soon with more questions. Regards, rfg ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
Ron wrote: > Before answering, keep in mind that I will likely need to configure the > SMTP server on the remote VM (postfix) in such a way that my home machine > will be able to authenticate to it, you know, in order to send outbound > mail. (The last time I tried something like this I think I gave up in > the end because it seemed like too much of a pain in the ass to get the > authentication all working. But now I have no choice, and have to make > it work this time.) Support for authentication in nmh 1.6 is better than it used to be. See "credentials" in the mh-profile (5) man page. Support for XOAUTH2 will be in the next release, and is currently on the main trunk. David ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
>1) I can try to arrange things so that mail from the remote VM will >be sent down to either an SMTP server or something else which >runs on my home machine, all via (somehow authenticated) SMTP. >Perhaps I can use the SMTP TURN command for this. I am unsure if modern SMTP servers still support TURN (or ETRN). I think you're going to be on the fringe there, because most people do this: >2) I can set things up so that the remote VM will run a POP3 server >which I can then (periodically) have something on my home machine >authenticate to and then suck pending messages out of in such a way >that the NMH "inc" command will be able to get them. Personally, that's what I do. Works great. Except that I don't run my own POP server; someone else does that. I suppose you could arrange for mail to get delivered to your client box, but personally I don't see the point. But I suppose it's all what you want to do. >Before answering, keep in mind that I will likely need to configure the >SMTP server on the remote VM (postfix) in such a way that my home machine >will be able to authenticate to it, you know, in order to send outbound >mail. (The last time I tried something like this I think I gave up in >the end because it seemed like too much of a pain in the ass to get the >authentication all working. But now I have no choice, and have to make >it work this time.) FWIW, nmh supports the client-side of SMTP authentication; you just need to get it working on the server side. It looks like Joel gave you some hints there. --Ken ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
Re: [Nmh-workers] Need some general advice
Thus spake "Ronald F. Guilmette": > > Before answering, keep in mind that I will likely need to configure the > SMTP server on the remote VM (postfix) in such a way that my home machine > will be able to authenticate to it, you know, in order to send outbound > mail. (The last time I tried something like this I think I gave up in > the end because it seemed like too much of a pain in the ass to get the > authentication all working. But now I have no choice, and have to make > it work this time.) This part isn't too hard if you're using Postfix. Configuration locally, in main.cf: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_mechanism_filter = plain, login smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous Configuration remotely, in main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, ... lots of spam checks here ... permit And you need to set up one of the supported SASL authenticators. I happen to be using dovecot for that. See http://www.postfix.org/SASL_README.html for more details. -- J. ___ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers