bumbler
November 23rd, 2003, 18:31
Desktop FreeBSD Part 4: Internet Mail Setup
Ed Hurst 22 November 2003

================================================== ======================

The one thing that really fired up the develpment of the Internet as we
know it today was e-mail. The protocols were designed back when the
system itself was highly difficult to access, and security wasn't a
significant issue. Since then, even your average household pet has
heard of Internet security problems.

How many times have we read popular pronouncements not to use a certain
popular e-mail program that is highly vulnerable to attacks hidden in
messages? Those attacks are possible because the program is designed to
make things =so= easy. It does everything for you. It's too easy for
folks to forget the danger, because it's what came with their systems.
That sort of large, do-it-all software takes up lots of resources, too.

There is a better way. It requires changing how you view Internet mail,
going back to the original intent. In this case, it also means using
what came with your system -- your FreeBSD system. I am assuming you
took my earlier advice and installed the packages for Postfix,
Fetchmail and Pine. None of these work directly from the "graphical
user interface" (GUI), so we will spend some more time getting used the
"command line interface" (CLI) environment.

By the way, there is a reason we users of FreeBSD love the CLI. Aside
from all the elitist talk of "pure computing" there is a very practical
issue involved. If there is one thing likely to crash on any computer
system, it is the GUI. GUI hardware is more likely to work poorly than
any other hardware, so the software for it is much more difficult to
write. Since we know that Open Source systems run the GUI on top of the
real heart of the computer, it is important that every computer user be
able to work a little bit without the GUI, because you can still get
all your work done. It just requires knowing some things you haven't
bothered to learn yet. If something in your system breaks, your best
chance of getting by until it's fixed is to be ready to work in the
CLI. Even better, some of the best software that exists works only in
the CLI. And you may be surprised to learn that the mail server
software in FreeBSD takes less power, and works better and more safely,
than those big bloated GUI e-mail programs.


THE E-MAIL SYSTEM

There are three parts to a proper e-mail system:

- the mail handler or "mail transfer agent" (MTA)

- the mail fetcher that gets it from other machines

- the e-mail reader and writer, called the "e-mail client"

Nowadays, you can add to the list a "filtering agent" if you need to
deal with lots of different kinds of messages or have lots of spam.
However, the main three can do that to some degree internally. The
first two in our list above are the backbone of what mail servers all
over the world do. We've already discussed how you can't run Open
Source systems without using the MTA, so it is built into every one of
them. The system depends on it.


THE MTA: POSTFIX

We've already done a few things to make sure Postfix runs for us
internally, but not to make it work with the Internet. Here's where
Postfix shines as being simple to setup: you need to change only one
thing to make it work "out of the box."

It's been my experience that whatever configuration you get when you
install Postfix is ready to go, but it needs only to know the name of
your ISP's mail server. You see, Postfix is a mail server on your
machine, and it speaks the same language as almost every other mail
server out there on the Internet. Unless your ISP does really weird
things, it should quite willingly accept your outgoing mail just like
it came from within their own internal mail system in their office.

Login as root, and navigate to /usr/local/etc/postfix. Open the file
named "main.cf" with your favorite editor. A good editor will allow the
display of a line number for each line of text, either in the right
margin or somewhere in the display. Go down to about line 310, where
you should see this:

#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

These lines are examples that you can copy, but the hashmark (#) at the
front of each one prevents Postfix from reading those lines as
something it needs to use. The second one is your model for most dialup
connections. Your ISP should be able to tell you the specific name of
the computer that handles mail on their system. Most of them use
"mail.something.com" or a similar name. Recall from the installation
tutorial that this is the usual nomencalture for giving a computer an
identifiable name for the Internet. At any rate, whatever your ISP tells
you is what goes here. If they just give you an IP number, you can use
that, too, by using the last line as your model. Just replace the
letters with the digits. For now, all IP addresses are a series of
numbers divided into four sections by periods or dots.

It's probably a good idea for your own sake to simply add a new line
below these four, but =without= the hash mark. Save the file. Then
close it, and at the command line type:

postfix reload

It should tell you that it has reloaded and restarted. If it says
anything else, you'll need to find out why. When there is a problem,
usually you'll get something like "fatal error, postfix not running" or
a similar message. Try typing

postfix start

If that gets you a good response, then you'll need to find out why it
wasn't running already. Since the process of finding out is too
complicated to put in this tutorial here, I'll invite you to google for
keywords in your error message (don't forget that "freebsd" is one of
your search terms), ask questions on a forum, or someone you know who
runs FreeBSD. In the meantime, you can always login as root and start
Postfix manually on those rare occasions when you have to reboot.

At this point, your system should know where to hand off any mail you
address for a recipient outside your system.


MAIL FETCHER: FETCHMAIL

I recall reading an article on the Internet where a technician wrote
something like this: "Fetchmail has retreived my mail under the worst
circumstances, when nothing else could." Dialup connections can be
rather fragile. If anything can get your mail, Fetchmail will do it.

You can set up Fetchmail to work automatically, and for the whole
system. However, that is more complicated than necessary. Since you as
the user control when you are connected, you might as well control when
and how your personal mail is fetched. Rather than change settings for
the whole system, you need only create a single file -- another "dot
file" normally hidden from view -- in your home directory.

First, a word about protocols. I've never dealt much with a mail system
on the Internet that didn't use the standard known as POP3, aside from
webmail. With webmail, you read your e-mail by logging on to the
provider's machine, and you use their software from your web browser.
With POP3, you are pulling that e-mail down to your machine. This
allows you to disconnect after you get it and read it later.

Create a file named ".fetchmailrc" and put three lines in it. We will
format it according to a customary practice that makes it easier to
read. The first line will be the instruction where to call for you
mail. The line has three elements: command, the mail server's name, and
what protocol to use. The command is "poll" -- this tells fetchmail to
go ask for your mail. The server name is the same as above, usually
similar to "mail.something.net". The protocol we've already discussed:
"protocol POP3". If you want to know more about mail protocols, there
are numerous articles on the Internet written at all different levels
of interest. If your ISP doesn't use POP3, they should tell you. Most
of them will understand what you need if you tell them you are running
Fetchmail. That first line should resemble this:

poll mail.someisp.net protocol POP3

Next, you need to tell fetchmail to match your user account name on
your personal machine with the user account name you have on the remote
mail server. Hopefully, you are not in the habit of using the same or a
similar nickname everywhere you go. It's a security risk, though
slight. You don't have to be paranoid to realize the value of being
hard to find unless you =want= to be found. Ordinary people like me
have been harassed more than once. So you start this next line indented
somewhat (about 8 spaces will do) and tell Fetchmail that user
so-and-so on the distant machine is the same as you on this machine. It
will look like this:

user joe is user jeh

In this case, my example says that I am "joe" on the server where my
mail comes in, and "jeh" on my machine at home. This way, Fetchmail will
give my login name to the remote machine, and deliver to me on my
machine. If your identity is something odd, such as all numerals, then
you may need to put double quotation marks around it, so Fetchmail
doesn't confuse it with a command.

I hope your distant mail server requires a password, too. We discussed
in the Install lesson how to devise your passwords, and that they
should be different everywhere you have an account. If like me you have
lots of accounts at places all over the Internet, there's nothing wrong
with keeping a cue-card at hand. You'll have to decide for yourself how
to guard that card from prying eyes physically where you keep your
computer. For sites where it really doesn't matter, where no
significant personal information is kept, I do use the same password
for all of them. For e-mail, don't do that.

Keeping the same indentation as the identity line, type in the command
"password" followed by the password itself. Again, if you use unusual
characters in your password, you may need to put double quotation marks
around it:

password "G,H,P.321"

The whole file together might look like this:

poll mail.someisp.net protocol POP3
user joe is user jeh
password "G,H,P!321"

If you want to grab mail from more than one source, leave one blank
line, the another set of instructions like the first. When you're done,
save the file. Then you must protect it by making sure no one else can
read it. Fetchmail is a little paranoid for you, so using your
Konqueror file browser, right click on the icon for that file, select
"Properties" and click the boxes under the "Permissions" tab until it
matches =only= the "User" line with "Read" and "Write". Click "OK". You
may need to enable viewing "hidden" files in Konqueror by selecting the
"View" menu, then "Show Hidden Files" -- turn it on and off as you see
fit.

Now whenever you are connected to the Internet, you can go to a Konsole
window and type "fetchmail" and watch as it connects to your remote
mail server, gets a message count, the size, then downloads each one by
showing dots running across the screen (each representing roughly 1KB
of data), and erasing it from the other machine. When finished, it will
come back to the prompt, and you will have mail in your system with
your user's name on it. That's because Fetchmail only fetches it; then
it hands mail off to your internal mail server, Postfix. Postfix holds
it until you call for it -- that's what the e-mail client does.


E-MAIL CLIENT: PINE

It's quite possible to setup Kmail to do this, or just about any other
GUI mail software you want to use. However, in keeping with our plan to
be ready to run in the CLI, we'll use Pine. I've already mentioned that
Pine can be setup with all sorts of nice options. For example, you can
tell Pine to display everything in colored text: from the starting menu
type "S" (setup), then "K" (for color) and select the 16-color option.
The rest should be self-explanatory. For example, I have the menu at
the bottom display in magenta with the keystrokes in cyan.

For our purpose here, we will confine ourselves to the minimum setup
options to make it work for us. From the main menu, hit "S", then "C"
for "configure". From the top:

- Set your personal name to what you want to show in the headers or
your out-going mail. Mine says "Ed Hurst".

- user-domain should match what you are going to use as your mail
account -- someisp.net, for example.

- smtp-server should be your own machine, but since dialup machines
don't have an IP address, you should use the standard address that
always means "this local computer" -- 127.0.0.1

- inbox-path should be simply the word "inbox"

The rest probably won't matter for now, so skip down to the section
with little boxes for marking with Xs. Here is something very useful
most folks don't know: you can tell Pine to use something besides the
internal Pico editor. I prefer Joe because it's more flexible. It
allows me re-wrap messages to the standard line length for e-mail (72
charcters) while keeping the arrow-head marks to show I'm quoting. So I
check the boxes in front of the lines:

[X] enable-alternate-editor-cmd
[X] enable-alternate-editor-implicitly

Hit PGDN a couple of times and see what I put under "Viewer Preferences"

[X] enable-msg-view-attachments
[X] enable-msg-view-urls
[X] enable-msg-view-web-hostnames
[X] enable-msg-view-addresses
[ ] enable-msg-view-forced-arrows
[X] prefer-plain-text

This allows me to choose other programs to display pictures, web pages
and so forth. It also tries to find a plain text version of every
incoming message. Too many programs prefer the HTML version for sending
and reading, but send plain text, too. Under "Advanced Command
Preferences" I mark these three:

[X] enable-arrow-navigation
...
[X] enable-full-header-cmd
...
[X] enable-tab-completion

This allows me to use the keypad arrow keys, to view full headers with
the "H" command. Also, it allows the use of the tab key to complete
anything I start typing that may be fairly long, but for which the
system can find a match, such as an address. This is one of the best
features of Open Source systems; it works almost everywhere in the CLI.
Type a part of the name of something and hit the TAB key; the system
will try to guess from what's at hand what the rest of it should be.
This works for names of files and for some commands in FreeBSD.

Take a look at these options farther down:

default-composer-hdrs = From:
To:
Attchmnt:
Subject:
customized-hdrs = From: Ed Hurst <xxxxxx@someisp.net>

This allows me to choose exactly what I see when I compose a message.
If you have doubts what you want, don't put anything there. If you have
questions, hit the "?" key and Pine will provide an explanation. I
provide this as an example of what you can do to keep things simple.
The last line is because my ISP's mail server won't pass any mail that
doesn't have a proper local account name in the "From:" line of the
header. This puts a cramp on me, but it's a good practice for the rest
of the world. It keeps the ISP's customers from lying about where the
mail comes from, which discourages most spammers.

Most of the rest of options are not critical here, but page down to the
end of the setup options. FreeBSD, like many Open Source systems, does
one thing that annoys me: the default character set display doesn't
allow for anything outside the basic ASCII character set. That means if
someone with, say a German name with special letters, sends you e-mail,
you won't be able to see those characters. So I set this:

character-set = ISO-8859-15

because it covers most things I'm likely to see. Then, because I have
chosen to use Joe as my editor with Pine,

editor = joe -rmargin 72 -tab 3 -french -spaces

This is the command-line options to start Joe with my personal
preferences, because Joe won't know which of the file types to
associate with Pine mail. You can choose your own options by reading
the .joerc file we edited in a previous tutorial. When you move from
the header blanks in Pine with the down arrow key, it will
automatically open your editor. When you are finished editing the
message, save and exit the editor, and you will be back to Pine's
composer screen. Two more:

image-viewer = display
....
url-viewers = "/usr/local/bin/lynx _URL_"

The first allows me to view images people sometimes attach to their
e-mail messages. The command "display" calls up ImageMagick, my
favorite image software. You can use KDE's Pixie Plus with the command
"pixie", for example. The last line allows me to choose how I want to
view any website if a message includes a link. Notice the format; it
must have the full path to the command, followed by the "_URL_" marker.
You can use just about any browser on your system, and get the path by
typing at the command line:

which lynx

for example.

When you are finished with setting options for Pine, hit "E" (exit
setup) and answer the question with a "Y" -- yes, accept the changes.
Whatever you've done here will apply the next time you start Pine. Pine
also has an address book, which allows you to use nicknames instead of
typing out a long e-mail address. You can start Pine from the command
line with that nickname, or any complete and proper e-mail address:

pine somebody@someisp.net

and when you send it, Pine will close and bring you back to the prompt.
To send mail from Pine, after you have finished composing your message
and have closed the editor, and all the information in the header is
correctly set, hit "^X" and Pine will hand the mail off to Postfix,
which will hold it in the out-going queue.

If you are online at that moment, Postfix should send it right away. If
you are not, it will wait. On some systems, as soon as you connect to
the Internet, your machine will attempt first thing to send all the
mail in the queue. If this doesn't happen, you can go to the command
line and type:

/usr/sbin/sendmail -q

which tells Postfix to pass on your out-going mail.


Congratulations! You are now ready to use e-mail the way it was meant to
be, according to all the best standards. It is virtually impossible for
anyone to send you something that will harm your machine, because this
combination of software isn't likely to react to viruses, worms, etc.