« August 2003 | Main | October 2003 »

Configuring Sendmail on OS X 10.2 to use an SSH tunneled smarthost

After a couple days of using Mutt to read my mail, thanks to the constant crashing of Mail.app when presented with six years of email, I've recorded the steps I took to get sendmail communicating over an SSH tunnel to my actual host.

  1. Tips:

    • I've added a '\' where each of the long commands is wrapped, to indicate that it's all one line.
    • sendmail.mc and sendmail.cf are two distinct files. If you're not copy-pasting these instructions into your terminal, double-check these filenames before executing the commands.
    • At various points throughout I use the monikers such as relayhost.com to indicate the mail server through which you'll be relaying mail. Please replace these with the public hostname of your relay server.
    • It appears that 10.3 no longer uses sendmail; as such, these instructions are intended only for 10.2.

  2. Open a terminal and become a superuser.
        sudo -s
    
  3. Create a local copy of the generic sendmail.mc file.
        cp \
          /usr/share/sendmail/conf/cf/generic-darwin.mc \
          /etc/mail/sendmail.mc
    
  4. Add the following lines into /etc/mail/sendmail.mc, above the MAILER lines near the end of the file.
        define(`RELAY_MAILER_ARGS', `TCP $h 10025')
        define(`SMART_HOST',`relay:[127.0.0.1]')
        DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA, Family=inet')
        FEATURE(`accept_unresolvable_domains')dnl
    
  5. Backup the system-installed sendmail.cf.
        mv \
          /etc/mail/sendmail.cf \
          /etc/mail/sendmail.cf.dist
    
  6. Regenerate sendmail.cf from the modified sendmail.mc.
        m4 \
          /usr/share/sendmail/conf/m4/cf.m4 \
          /etc/mail/sendmail.mc \
        > /etc/mail/sendmail.cf
    
  7. Create a local copy of the generic submit.mc file.
        cp \
          /usr/share/sendmail/conf/cf/submit.mc \
          /etc/mail/submit.mc
    
  8. Add the following lines into /etc/mail/submit.mc, above the last two dnl lines near the end of the file.
        FEATURE(`masquerade_envelope')
        FEATURE(`allmasquerade')
        MASQUERADE_AS(`mail.relayhost.com')
        FEATURE(`accept_unresolvable_domains')dnl
    
  9. Backup the system-installed submit.cf.
        mv \
          /etc/mail/submit.cf \
          /etc/mail/submit.cf.dist
    
  10. Regenerate submit.cf from the modified submit.mc.
        m4 \
          /usr/share/sendmail/conf/m4/cf.m4 \
          /etc/mail/submit.mc \
        > /etc/mail/submit.cf
    
  11. Modify /System/Library/StartupItems/Sendmail/Sendmail, adding an "&" character after each of the two occurences of /usr/sbin/sendmail.
        /usr/sbin/sendmail -bd -q1h &
        /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h &
    
  12. Strip group writability from certain system directories, to satisfy security checks.
  13.     chmod g-w /etc/mail /etc /
    
  14. Start sendmail; issues will be logged to /var/log/mail.log.
        /System/Library/StartupItems/Sendmail/Sendmail start
    
  15. Optionally, modify /etc/hostconfig to start sendmail on boot.
        MAILSERVER=-YES-
    
If everything worked out properly, you now have sendmail listening at 127.0.0.1, port 25. Messages received for delivery will be queued until an SSH tunnel is available on port 10025. Follow these steps to send the queued mail:
  1. Open the SSH tunnel to your smarthost.
        ssh \
          -f -N -L 10025:mail.relayhost.com:25 \
          username@relayhost.com &
    
  2. Instruct sendmail to send the queued mail, if any.
        sudo sendmail -q
    

Continue reading "Configuring Sendmail on OS X 10.2 to use an SSH tunneled smarthost" »

Can the paparazzi survive in a world of DRM?

Recent discussion has shown that there are a few who think they can identify certain places -- movie theatres, for instance -- and ask devices within that place to, say, not ring audibly. Some have built Faraday wood, isolating the outside electronic world from within.

I propose a device that allows individuals to state their preference regarding their public "image", so to speak; those who don't mind being filmed without permission (potential actors, for instance) could purchase a small radio-responsive device indicating their willingness. Introduce a forced blurring function into the camera for the likeness of those not indicating otherwise, and now Digital Rights Management serves the purpose of protecting my likeness from media attention, if the manufacturers were to comply.

This aspect of DRM provides a mechanism for controlling the "spotlight" effect of public fame -- where one's life becomes public for all who care to see. Requiring media organizations to honor this DRM (industry-wide Macrovision, so to speak) protects the concerned citizen from media exposure without their explicit consent, provided in person or electronically.

Combined with a modified Creative Commons "attribution" license, I can indicate that I prefer to receive a copy of any media in which I participate, unwitting or not. Sometimes it's not feasible, but if I was worth taping, I'd like to see too -- currently there's no way to indicate that.

With limits stated by individuals and the cameras required by law to run DRM, privacy is honored in a way that it cannot be guaranteed today. At what cost? The crowd may have a few blurred faces in the family's Disneyland vacation videos.

The technological possibility to do this seems within reason, given the presence of face-identifying cameras -- and sometimes I just want to control distribution. The benefit to individuals seems a remarkable gain for such a cost.

Continue reading "Can the paparazzi survive in a world of DRM?" »

Add this SMTP server to your contact list?

Instant messenger has proven relatively immune to the scourge of spam that affects email today. Tagging messages from those on your buddy list, you can implement a system similar (in theory) to SPF, prioritizing mail from your buddies.

For an extra layer of authentication, write a plugin for the instant messenger that communicates "i've sent you message-id foo", to confirm that the email is indeed from a known contact. At this point anything with a From: address that matches a contact, but a Message-ID: for which no notification was received, is automatically trapped as questionable and held for review (unless, at some point, the Message-ID: is received from the sender in question).

Cooperative, distributed reporting

Tonight's bout of insomnia gave me the opportunity to participate in something very cool. People from SpyMac, MacRumors, MacNN, MacTeens, MacCentral, and Mac-TV came together on IRC in just a few minutes before the Apple Expo keynote, with the intent to share information with the entire community. As information came in from various sources, it was redistributed through four different IRC channels and three websites (four, if you count the KevTV hoax) to a waiting community of listeners.

The immediacy of the flow of information was eerie to watch, even as a blogger; something would be posted in one channel, a few seconds later it'd be in three, then both websites and all the channels would have it. In the span of sixty seconds every unique droplet of relevant information was spread to every listener by just a few speakers.

One of the major channels I was a part of was directed for the duration by someone not accustomed to using IRC, that had never done this before or seen it happen; two hours of unplanned effort behind me, I feel that I've made a valuable contribution to something unseen but valuable: community.

I counted over sixty people in the channel I moderated; apparently on IRC across the four channels I watched there were more than a thousand people, and I can't even begin to wonder how many people watched on the websites. I guess next time I'll have to plan to be here; I don't want to miss the opportunity.

My Photo

Recent Posts

Powered by TypePad

Locals

Legal

Metadata

  • Antispam
  • Cloudmark
  • Shadows
  • Styles
  • You were here
  • floating atoll

Google

  • Search


    Google

  • Ads