Wireless Mail on the Road
Edited by chromatic
The continued growth of free wireless hot spots, and the growth in popularity of
wireless-capable devices, unlimited GPRS data plans, and GPRS-capable handsets, all with lots of Bluetooth glue in between, make it easy for an enterprising hacker
to keep in touch. (Of course, you still have to get at your data, and in public places, security should be a primary concern.) A recent thread on the Editors List started as a paean to continual
connectivity, and then the thread turned practical: Just how do wireless hackers read and write their mail on the road? Here's one ever-more-common scenario.
Included in Rael's signature at the bottom of an email:
Sent (longhand) from my Palm Tungsten 3 over Bluetooth to my Nokia 3650 over T-Mobile GPRS to the Net to your mailbox. Wonders never cease. . . .
. . . through an encrypted SSL tunnel over two wireless hops in
SeattleWireless to my laptop, sitting in a free wi-fi cafe.
. . . through my home iBook Panther server's SSL-enabled authenticating SMTP server . . . and back from you to an SSL-enabled IMAP server. . . .
We should stop before someone says "The house that Jack built" or I get
Now this is wire(less) fu. . . .
And I love every hop of it.
P.S. Would you order me a latte?
I'd really like to be able to check my work email on my phone, but the phone doesn't have VPN software (although it will do secure IMAP). So, I have to use a Palm or Pocket PC in conjunction with my phone, since either of those will support a VPN.
But I'd really like to be able to do it all from the phone. This may sound
sick, but I prefer T9 (Text on 9 keys) to graffiti.
That's the beauty of what [Rael] set up--it isn't
complicated. In fact, it's really simple and secure, and he tells me he set
it up in a day. SMTP+AUTH+TLS is supported by virtually every platform. But
then, even POP-before-SMTP with a good SPOP works, and is supported by
literally every platform. And SPOP and IMAPS are trivial to install and
configure. (I did it in an evening for oreillynet.com, and that was two years
ago.) I used stunnel around an existing imapd and popd on the box at my
co/lo, so I didn't even have to recompile anything when I set it up for my own
I think it would be really, really nice to have SSL mail without the need
for a PPTP tunnel, since so many people travel and the tunnel seems universally to be a pain to deal with, from all ends.
Good point; my main problem is that I don't have a dedicated
server running at home, and my ISP blocks lots of ports. If I had a
serving-friendly DSL provider, though, I'd probably go for the static IP and
set up something like that.
I'd just like to know what, exactly, Rael did set up. Rael,
why not do a little write-up about it?
It's not that complicated, really--only so in that I
had to do it myself.
I'm running OS X Panther server on an iBook. After a couple/three hours
of flipping switches, checking checkboxes, and checking configs, all was done.
I'm using my older iBook since I didn't have much else to use. I'll be
throwing an old 35 gig drive into an external FireWire enclosure this weekend,
mirroring things across, and then letting the internal drive spin down except
for the occasional outside-in backup. I've a low-power-consumption server
with a 3+ hour battery life in case the power goes out; my networking
equipment's about the only thing on my UPS. About the most difficult thing
was some trouble I had with a flaky CD.
I'm running Postfix with CRAM-MD5 authentication (and even that's not
necessary) and SSL-encryption, allowing me to send mail from anywhere in the
world without needing to tunnel in anywhere. I just set my mail client to use
a username and password for sending mail in the same way it does to fetch
mail. Some folks would have you believe most mail clients don't support send auth.
I'm running Cyrus imapd with SSL-encryption for remote access to my mail,
storing all of it in folders the same way you'd usually do on your own
computer. Except that it's on the server and so looks the same no matter what
machine I'm on--PowerBook, Palm, Nokia.
I can even have Squirrel Mail running so that I can come in over the web
(SSL-secured, of course) and read my mail directly from my server for those
times I don't have any devices with me (as if!).
The only thing I've yet to put into place is an ~$100 SSL certificate so
that my Nokia doesn't complain that I'm using a self-signed cert.
If I really want to tunnel to my own LAN, a flick of a few switches later, I've my own PPTP and/or L2TP over IPSec for VPN.
Apple's done a remarkable job of pulling all these bits and bobs together for the weary user/admin.
I'm not paying for a static IP. I use dyndns.org, with a dyndns
client sending a ping with my IP several times a day.
And all that with nary any work, equipment, or worry on my part. Yes, I'm
only supporting a couple of users, but it was all useful enough for
me to take the time to handle my own mail. Not to mention fun (assuming an
ever-so-slightly off-center definition of "fun").
Return to: From the Editors List
Comments on this article
1 to 1 of 1
1 to 1 of 1