[AktiviX-discuss] using ssl with a mac client ('mail')

mp mp at aktivix.org
Fri Sep 26 18:53:24 UTC 2008 

hello,

ana wrote:
> Yes,
> 
> actually, I now remember that this was my set up with a previous ISP i
> had! they didn't allow secure ssl or tls for smtp so this is exactly
> what i did. i now have a more "standard" set up.
> 
> i wouldn't remember how to set it up again tho ... best thing would be
> to ask on irc :)

It is a simpe set up and the web is full of references on how to set up
an SSH tunnel. I also use it for an X11vnc connection to uni, it is very
useful.

In all its simplicity you run this command from the CLI:

ssh -L XXXX:springnight.burngreave.net:25
username at springnight.burngreave.net

where XXXX is the port number which you can choose more or less
arbitrarily, it could be 9998, and "username" is the same as you the one
you use to log in to Horde or Squirrel via the webinterface.

You then specify the SMTP (or rather: the outgoing server) to be:
localhost:9998 (this might be different in Disney Fruit Machines, I
don't know) and then all your emails go through an encrypted connection
to springnight. You can also use GUIs for these matters, such as:
http://www.macupdate.com/info.php/id/10128 - and here is some more info:
http://www.u.arizona.edu/consult/macx-tunnel.html

The advantage is that it will almost always work, whether you're on wifi
in some cafe or at home or wherever; and I should think it is more secure.


> 
> ana
> 
> mp wrote:
>> Hi,
>>
>> I use an SSH tunnel to springnight and then set my SMTP to be localhost.
>> This works well, since it works from anywhere and all communication is
>> encrypted until it reaches springnight. Thanks to gdm for helping me
>> with that, when I was on a network that didn't allow email sending, but
>> did allow ssh.
>>
>> I am sure this would work well for MAC as well, if only maqui's account
>> allows ssh login.
>>
>> It is really quite simply to set up.
>>
>> mp
>>
>> Ian Gregory wrote:
>>   
>>> On Fri, Sep 26, 2008 at 01:38:07AM +0100, ana wrote:
>>>     
>>>> (including maqui because i'm not sure if he's subscribed to this list)
>>>>
>>>> On Thu, 25 Sep 2008, Ian Gregory wrote:
>>>>
>>>>       
>>>>> On Thu, Sep 25, 2008 at 08:44:50PM +0100, maqui wrote:
>>>>>
>>>>>         
>>>>>> Basically I'm using a mac client for my mails called 'mail'. In the 
>>>>>> preferences i got ssl ticked for incoming mail using port 995 and it 
>>>>>> works to receive mails. But in the outgoing preferences if i select 
>>>>>> 'springnight.burngreave.net' as the outgoing mail server, then it only 
>>>>>> works (i can send and receive mails) if i do it between aktivix 
>>>>>> addresses, but if i send to non aktivix addresses, then it doesn't work 
>>>>>> and it says that an "error occurred".
>>>>>>           
>>>>> And a good thing too, otherwise springnight would soon be blacklisted as 
>>>>> an open relay. Springnight only accepts email to email addresses it is 
>>>>> responsible for, like aktivix ones. It might handle authenticated SMTP, 
>>>>> in which case if you want to use it for your outgoing server you will 
>>>>> need to configure your system to authenticate with an authorised 
>>>>> username and password.
>>>>>
>>>>>         
>>>> Hang on there - maqi has got an authorised username and password!
>>>>       
>>> Well obviously he has one for reading email sent to him at his aktivix 
>>> account. I don't know whether springnight supports authenticated SMTP 
>>> for sending email or (assuming it does) whether aktivix email 
>>> username/password pairs are valid for authenticating, or whether maqi 
>>> has configured Mail to use authenticated SMTP for outgoing mail. These 
>>> could all possibly be reasons why he gets an error when trying to send.
>>> Of course it could be something else entirely that I have not thought 
>>> of.
>>>
>>> I send all my email out through my ISP. That means I don't need to 
>>> authenticate, which means that I transmit no username/password to the 
>>> SMTP server, which means I don't need to use SSL to protect a 
>>> username/password. Admittedly my ISP could be storing/monitoring my 
>>> email, but if anything needs to be secret I use GnuPG for strong 
>>> end-to-end encryption so that does not really concern me.
>>>
>>> Ian
>>>
>>>     
>> _______________________________________________
>> AktiviX-discuss mailing list
>> AktiviX-discuss at lists.aktivix.org
>> https://lists.aktivix.org/mailman/listinfo/aktivix-discuss
>>   
> 
> _______________________________________________
> AktiviX-discuss mailing list
> AktiviX-discuss at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/aktivix-discuss
>

More information about the AktiviX-discuss mailing list