How to use SSH for secure mail
Oct 18, '01 03:31:12AM
Contributed by: acdha
Mail.app doesn't support SSL or TLS. I don't like sniffable passwords in general and really don't like them when the system has a wireless connection. Here's how to make it easy to use tunnel IMAP or POP3 through SSH. As a bonus, SSH supports compression (-C), which
may improve your transfer speeds.
SSH tunneling requires a remote server with SSH. This does not need to be the same server you're retrieving mail from - you might ssh into a
login server on the same network as your mail server. MAILSERVER and SSHSERVER refer to the IMAP/POP3 and SSH servers respectively.
Read the rest of this article if you'd like a detailed how-to on setting up secure mail transfer.
Here are the step-by-step instructions:
- Setup SSH for password-less connections to your SSH server. The downside to this is that anyone with access to your account on your client will be able to login as you on the SSH server - if this risk is unacceptable, you'll want to skip this item and run the script under the Terminal so you can enter the password instead.
- Generate an SSH version 1 or 2 key pair, using ssh-keygen and ssh-keygen -t rsa, respectively. If you choose not to use a password, you might want to use this key only for connecting to the mail server, in which case you should give it a different name than the default.
- Add the public key (~/.ssh/keyname.pub) to ~/.ssh/authorized_keys (SSH1) or ~/.ssh/authorized_keys2 (SSH2) on SSHSERVER.
- Test using ssh SSHSERVER - you shouldn't need a password to connect
- Install Apple's Script Menu
- this will enable you to launch a mail session from the menubar
- this can also be used to return to Mail if you hide the Dock.
Script Menu is a very useful tool to have in any case.
- Store the script below in your Scripts folder (~/Library/Scripts) with a name such as "Secure Mail". Make sure you replace SSHSERVER with the hostname of your SSH server and MAILSERVER with the hostname of your mail server. POP3 users will need to replace 143 with 110.
#!/bin/tcsh
setenv SSHCMD "ssh -C -f -N -L 1430:SSHSERVER:143 MAILSERVER";
setenv SSHCOUNT `ps ax | grep "$SSHCMD" | grep -v grep | wc -l`;
# Only start a new ssh tunnel if we don't have a previous connection
if ($SSHCOUNT == 0) $SSHCMD;
open /Applications/Mail.app
- Edit your Mail preferences to set the server to localhost and the port to 1430.
- Quit Mail.
- Test by opening "Secure Mail" from the Scripts menu.
[Editor's note: I have not tried this on my machine as of yet.]
Comments (8)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20011018033112543