Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use AppleScript and Mail for remote control and file access Apps
I am unable to connect to my home Mac from work using VNC or SSH because of the company firewall, and I frequently wish I could access files or perform other tasks on my home Mac while still in work.

So I wrote an Applescript and set up an Mail rule which allows me to send an email to my home computer, and, depending on the action requested in the subject, get a file sent to me, launch an application, perform a shell script, save an attachment to a certain location, or get the computer at home to speak (not much use, just fun).

First of all, you need to copy the AppleScript below to Script Editor and save it somewhere safe.

You then need to decide on an identifier that you will include in the subject line of your action emails so that Mail performs the rule on only those emails; we will use [*PERFORM*] for this example.

Now, create a new rule in Mail. The first condition will need to be Subject - Begins With - [*PERFORM*]. It is also a good idea to include another condition that will only perform the action on emails from your email addresses for security reasons.

Under "Perform the following actions", choose Run AppleScript and point it to the AppleScript that you downloaded. (I also have my rule set up to move the email to another mailbox folder to file it away).

Everything should now be set up to run the AppleScript when the properly tagged email message comes in, but you also need to tell it what you want it to do. You can do this by adding another tag in the subject line of your emails. Below I will explain what each tag does and how to format the instructions.
<launch>
Example:
Subject: [*PERFORM*] <launch>
Body: FolderShare
This tag tells the script to launch an application. The application name should be on the first line of the message body with no other characters on the same line. The full path to the application should not be required.
<send>
Subject: [*PERFORM*] <send>
Body: Macintosh HD:Users:joebloggs:Desktop:readme.txt
This tag will reply to the sender of the email, sending the file specified in the message body as an attachment. The full path to the file does not need to be specified in the old classic OS way of specifying paths (with colons and starting with the name of the disk). The path needs to be on the first line of the body. If this fails an email message will be sent to inform the sender.
<put>
Subject: [*PERFORM*] <put>
Body: Macintosh HD:Users:joebloggs:Desktop:
Attachment: readme2.txt
This tag will save the attached file into the location specified on the first line of the body. Again, this needs to be a classic OS path and end in a colon. If this fails an email message will be sent to inform the sender.
<do>
Subject: [*PERFORM*] <do>
Body: defaults write com.apple.loginwindow showInputMenu TRUE
This tag performs the shell script specified on the first line of the message body. Care should be taken with this, especially with quotes.
<script>
Subject: [*PERFORM*] <script>
Body: Set Volume Output Volume 100
This tag runs the AppleScript specified on the first line of the message body.
<say>
Subject: [*PERFORM*] <say>
Body: Hello. Is anyone there?
This tag causes the computer to speak the text on the first line of the body. (I've yet to find a use for this one)

Here is the AppleScript:

using terms from application "Mail"
	on perform mail action with messages actionMail for rule actionRule
		tell application "Mail"
			repeat with i from 1 to count of actionMail
				
				set thisMail to item i of actionMail
				set theSubject to the subject of thisMail
				set theBody to (the content of thisMail) as text
				set theBody to my getFirstLine(theBody)
				
				set theSender to the sender of thisMail
				
				try
					if theSubject contains "<launch>" then
						my launchApp(theBody)
						
					else if theSubject contains "<say>" then
						my sayThis(theBody)
						
					else if theSubject contains "<do>" then
						my doShell(theBody)
						
					else if theSubject contains "<send>" then
						my sendThis(theBody, theSender)
						
					else if theSubject contains "<put>" then
						set attachName to the name of the first mail attachment of thisMail
						try
							save first mail attachment of thisMail in theBody & attachName
						on error
							set newMessage to (make new outgoing message at end of outgoing messages)
							tell newMessage
								set visible to true
								make new to recipient at end of to recipients with properties {address:theSender}
								set subject to "I was not able to put the file you sent in the requested place"
								send
							end tell
						end try
						
					else if theSubject contains "<script>" then
						do shell script "osascript -e '" & theBody & "'"
					end if
					
					
				end try
				
			end repeat
			
		end tell
	end perform mail action with messages
end using terms from


on launchApp(theApp)
	tell application theApp to activate
end launchApp

on sayThis(theText)
	say theText
end sayThis

on doShell(theShell)
	do shell script theShell
end doShell

on sendThis(theFile, theSender)
	try
		set theFile to theFile as alias
		tell application "Mail"
			set newMessage to (make new outgoing message at end of outgoing messages)
			tell newMessage
				set visible to true
				make new to recipient at end of to recipients with properties {address:theSender}
				set subject to "Please find attached the file you requested"
				make new attachment with properties {file name:theFile} at before the last paragraph
				send
			end tell
		end tell
	on error
		tell application "Mail"
			set newMessage to (make new outgoing message at end of outgoing messages)
			tell newMessage
				set visible to true
				make new to recipient at end of to recipients with properties {address:theSender}
				set subject to "I was not able to send you the file you requested"
				send
			end tell
		end tell
	end try
end sendThis

on getFirstLine(theBody)
	set oldTID to AppleScript's text item delimiters
	set AppleScript's text item delimiters to "
"
	set firstLine to text item 1 of theBody
	set AppleScript's text item delimiters to oldTID
	
	return firstLine
end getFirstLine
    •    
  • Currently 2.33 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)
 
[17,179 views]  

Use AppleScript and Mail for remote control and file access | 26 comments | Create New Account
Click here to return to the 'Use AppleScript and Mail for remote control and file access' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use AppleScript and Mail for remote control and file access
Authored by: mbm on May 03, '06 07:55:28AM

Very cool stuff.

I just emailed your mac asking for your keychain file!

;-)

Is this not a fairly serious security threat to your machine?

I still think it's cool though.



[ Reply to This | # ]
not to worrry...
Authored by: j-beda on May 03, '06 08:11:38AM

His keychain is safe, before you sent your email message, I sent one to get his machine to format the drive...



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: mwncimelyn on May 03, '06 08:18:21AM

It would be a big security issue if I was using the tag [*PERFORM*] - which, BTW, no one should use as it has now been published on the internet.

It would make sense to use a nonsense word and change it frequently. Also, like I said in the post, set up the Mail rule to only perform the actions with emails from a specific email address for added security.



[ Reply to This | # ]
This is very, very dangerous
Authored by: stewby on May 03, '06 09:08:04PM

As someone else pointed out, spoofing the sender is trivial. Using some random word really doesn't add much security either, since mail traffic goes through a lot of machines you have no control over, and is completely unencrypted.

The entire "security" model here is basically just hoping no-one happens to sniff any of the emails you send yourself and getting curious, which is an incredibly dangerous thing to assume.



[ Reply to This | # ]
As Secure As You Make It
Authored by: fresler on May 03, '06 08:48:06AM

A few years ago, MacAddict ran an article about this kind of remote access. Their article dealt with mainly Entourage, but people had the same concerns about security. Since you can set up as many conditions as you like for the rule, it's as secure as you make it.



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: syko on May 03, '06 08:11:48AM

Very nice!!

Definitely something I can use!



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: ScottTFrazer on May 03, '06 08:17:58AM

Using the from address in the email isn't secure at all. SMTP doesn't verify or validate that field.

Truthfully, I'm not sure that you can secure this without including a PGP signature on the email validating your identity and the contents of the message.



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: robdew on May 03, '06 08:26:04AM

What this world needs is more Mac users posting hints about how to circumvent their company's IT security policies.

Don't we already have enough strikes against us without giving people more excuses to not buy macs?



[ Reply to This | # ]
There's nothing here to violate policy
Authored by: Angostura on May 03, '06 12:11:39PM

There is absolutely nothing here that is designed to break the spirit or the letter of the company's policy as far as I can see.

Does the company have a policy against incoming e-mails with file attachments? Does the company have policy against asking a person or system to send you a file? If so, then it would presumably be removing attachments from e-mails.

No. Instead the company is blocking ports for very specific security reasons, and none of the company's measures are being circumvented by this approach.



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: hrbrmstr on May 03, '06 08:31:21AM
If yours is like most companies, it provides access to at least *some* outbound ports directly (not via proxy). It might be easier, and would definitely be more secure to run an sshd server on another port.

The file /etc/sshd_config has a line near the top commented out (it's the default) that should read #Port 22. You can sudo vi /etc/sshd_config, remove the "#", change the port to something that you know can be reached through your firewalls and either "HUP sshd" or go to System Preferences->Sharing and disable/re-enable "Remote login".

You may need to modify your own firewall (hardware or Mac OS X) to make this work completely, but it will probably give you the kind of access you really want vs. AppleScript/Mail commands.

(one last thing...if you open up ssh to the whole world and don't limit logins to certificates only, you're just asking to be hacked)

---
Mind the gap...

[ Reply to This | # ]

try port 443
Authored by: mzs on May 03, '06 10:48:55AM

That is the https port. If you are not running an HTTPS server on your mac and it is a simple proxy/firewall at work, that should get you through to your mac at home. If work has a layer-7 firewall or your run an HTTPS server try tunneling ssh over https. Here is a decent explanation:

http://dag.wieers.com/howto/ssh-http-tunneling/

Understand that there is probably a reason your boss or your boss' boss put in the firewall, and doing any of this could put you in violation of the computer user policy at your work.



[ Reply to This | # ]
How?
Authored by: germ on May 03, '06 12:43:45PM

Do you know how to find out which ports are open?



[ Reply to This | # ]
How?
Authored by: hrbrmstr on May 04, '06 08:06:26AM

Well, there are a few port scanners out there for all OSes that would give you an idea, but if your employer has IDS systems in place, you might get a huge slap on the wrist (or worse) for using them.

One of the easiest ways is to run a web server on alternate ports and try to access then via your browser. Try running one on, say, 4155 (arbitrary number, but it won't be WCCPd - if your place does route vectoring - and will not - by default - go through a proxy - unless your systems are SOCKSified.

You could use netcat - http://netcat.sourceforge.net/ - to open up listening ports as well.

As the previous post stated, however, port 443 is probably a really good choice since it almost has to be allowed (but could be proxied, not just firewalled).

---
Mind the gap...



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: frgough on May 03, '06 10:06:06AM

I just use Wife 1.01 via a modem connection. Make sure you use the butter up protocol to get the best results.

My script is basically as follows.

Modem Connect
Hey, beautiful. Your voice is sounding particularly seductive today.
Can you do me a favor?
(customize the script based on the particular computing task you want done)
Thanks, gorgeous; you're a life saver.
Modem Disconnect



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: osxpounder on May 03, '06 04:36:28PM

Hilarious. As a currently registered user of Fiancee 2.0, I'm curious to know what a dot upgrade means for Wife 1.01. I mean, you started out with version 1.0, so, what changed in version 1.01? Or is 1.01 the first version number? I reckon I better plan ahead before I install Wife 1.x on my system.

---
--
osxpounder



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: pub3abn on May 04, '06 08:04:15AM

Any Wife 1.x version (even a 2.x version) has a tendency to spawn child processes. Be sure you're aware of that before upgrading.



[ Reply to This | # ]
Use AppleScript and Mail for remote control and file access
Authored by: frgough on May 05, '06 07:18:52AM

Every ten years, you get an automatic minor upgrade. It's basically a filter that lets the software tolerate a spreading middle and a balding scalp. It is an essential upgrade, make sure you get it.



[ Reply to This | # ]
I use Webmin/Usermin instead
Authored by: jecwobble on May 03, '06 12:33:17PM

I have the same firewall issues where I work. I setup a secure Webmin server on my home computer instead. I can access any files I need to.



[ Reply to This | # ]
webserver with http auth?
Authored by: joab on May 03, '06 02:04:31PM

why not just use apache that came with your os x? use htdigest to create a password file and you're done.



[ Reply to This | # ]
Possible security addition
Authored by: hmelton on May 03, '06 04:31:18PM

This reminds me of a system I used back when, on a unix system. To add a little security I created a one time password, where each email to be processed had to have the next unique password before it would do anything.

Then I created a list of about 100 random passwords and kept a copy of the list on my laptop. The email processor used the top one from the list and then popped it off, shrinking the list. This was all done in a (long gone) perl script, but the idea is simple, never give a network snooper enough information to fake a valid command email.



[ Reply to This | # ]
A possible Strategy to secure this
Authored by: SOX on May 03, '06 09:21:56PM

need to add the following:

Require that two additional lines in the body:
second line should be anything, but some phase or digit not previously sent.
Third line should be the md5checksum of the first two lines concatenated with a password.

script can then verify two things:
1) the second line is something it has never seen before.
2) the md5 checksum of the first two lines (plus secret password) matches.

applescript should store the second line in a list of previously sent liines. This can be done with a property list in the apple script. (For the paranoid you may want to also include an md5 of any attachment in the second line and check that too.)

Additionally for safety the script ought to line length check the lines or set a max-length. This may help avoid some sort of buffer overflow upon execution





[ Reply to This | # ]
A possible Strategy to secure this
Authored by: ekc on May 12, '06 12:06:38PM

Sounds like a good idea. It would buy you a lot of security for only a few extra lines in the script. You can call openssl to generate the checksums, and the same tool can even encrypt your file attachments to keep eavesdroppers out.

In theory, an alternative would be to recognize certain digital signatures and only respond to those, but unfortunately, I don't think there is any AppleScript support for this in Mail. SOX's home-grown approach is probably the easiest to implement.



[ Reply to This | # ]
script would not compile
Authored by: caesurae on May 04, '06 02:57:57PM
The script would not compile on my system; OS X 10.3.9 build 7W98, AppleScript 1.9.3, Mail 1.3.11, Script Editor 2.0 v43.1

Two different lines stopped the compiler with the error "Syntax Error Expected class name but found identifier."

line #1 set attachName to the name of the first mail attachment of thisMail
line #2 save first mail attachment of thisMail in theBody & attachName

I was able to get the script to compile by changing both instances of "first mail attachment of thisMail" to "first attachment of thisMail".

line #1 set attachName to the name of the first attachment of thisMail
line #2 save first attachment of thisMail in theBody & attachName



[ Reply to This | # ]

text item delimiters unneeded
Authored by: caesurae on May 04, '06 03:09:18PM
also, the getFirstLine() handler's method of setting AppleScript's text item delimiters is unnecessary as it is functionally the same as the following statement:

set theBody to first paragraph of (the content of thisMail) as text



[ Reply to This | # ]

text item delimiters unneeded
Authored by: mwncimelyn on May 08, '06 09:32:48AM

I had planned to include some way of removing an automatic signature that the works mail server adds to all emails, but never got around to this.

I have also removed the function and have included the same line as yours.



[ Reply to This | # ]
script would not compile
Authored by: mwncimelyn on May 08, '06 09:34:35AM

That's interesting. Perhaps it is something to do with the fact that I'm running Tiger.

Thanks for posting your fix.



[ Reply to This | # ]