The continued growth of free wireless hot spots, and the growth in popularity of wireless-capable devices, unlimited GPRS data plans, and GPRS-capable handsets, all with lots of Bluetooth glue in between, make it easy for an enterprising hacker to keep in touch. (Of course, you still have to get at your data, and in public places, security should be a primary concern.) A recent thread on the Editors List started as a paean to continual connectivity, and then the thread turned practical: Just how do wireless hackers read and write their mail on the road? Here's one ever-more-common scenario.
Included in Rael's signature at the bottom of an email:
Sent (longhand) from my Palm Tungsten 3 over Bluetooth to my Nokia 3650 over T-Mobile GPRS to the Net to your mailbox. Wonders never cease. . . .
. . . through an encrypted SSL tunnel over two wireless hops in SeattleWireless to my laptop, sitting in a free wi-fi cafe.
. . . through my home iBook Panther server's SSL-enabled authenticating SMTP server . . . and back from you to an SSL-enabled IMAP server. . . .
We should stop before someone says "The house that Jack built" or I get dizzy.
Now this is wire(less) fu. . . .
And I love every hop of it.
P.S. Would you order me a latte?
I'd really like to be able to check my work email on my phone, but the phone doesn't have VPN software (although it will do secure IMAP). So, I have to use a Palm or Pocket PC in conjunction with my phone, since either of those will support a VPN.
But I'd really like to be able to do it all from the phone. This may sound sick, but I prefer T9 (Text on 9 keys) to graffiti.
That's the beauty of what [Rael] set up--it isn't complicated. In fact, it's really simple and secure, and he tells me he set it up in a day. SMTP+AUTH+TLS is supported by virtually every platform. But then, even POP-before-SMTP with a good SPOP works, and is supported by literally every platform. And SPOP and IMAPS are trivial to install and configure. (I did it in an evening for oreillynet.com, and that was two years ago.) I used stunnel around an existing imapd and popd on the box at my co/lo, so I didn't even have to recompile anything when I set it up for my own domains.
I think it would be really, really nice to have SSL mail without the need for a PPTP tunnel, since so many people travel and the tunnel seems universally to be a pain to deal with, from all ends.
Good point; my main problem is that I don't have a dedicated server running at home, and my ISP blocks lots of ports. If I had a serving-friendly DSL provider, though, I'd probably go for the static IP and set up something like that.
I'd just like to know what, exactly, Rael did set up. Rael, why not do a little write-up about it?
It's not that complicated, really--only so in that I had to do it myself.
I'm running OS X Panther server on an iBook. After a couple/three hours of flipping switches, checking checkboxes, and checking configs, all was done. I'm using my older iBook since I didn't have much else to use. I'll be throwing an old 35 gig drive into an external FireWire enclosure this weekend, mirroring things across, and then letting the internal drive spin down except for the occasional outside-in backup. I've a low-power-consumption server with a 3+ hour battery life in case the power goes out; my networking equipment's about the only thing on my UPS. About the most difficult thing was some trouble I had with a flaky CD.
I'm running Postfix with CRAM-MD5 authentication (and even that's not necessary) and SSL-encryption, allowing me to send mail from anywhere in the world without needing to tunnel in anywhere. I just set my mail client to use a username and password for sending mail in the same way it does to fetch mail. Some folks would have you believe most mail clients don't support send auth.
I'm running Cyrus imapd with SSL-encryption for remote access to my mail, storing all of it in folders the same way you'd usually do on your own computer. Except that it's on the server and so looks the same no matter what machine I'm on--PowerBook, Palm, Nokia.
I can even have Squirrel Mail running so that I can come in over the web (SSL-secured, of course) and read my mail directly from my server for those times I don't have any devices with me (as if!).
The only thing I've yet to put into place is an ~$100 SSL certificate so that my Nokia doesn't complain that I'm using a self-signed cert.
If I really want to tunnel to my own LAN, a flick of a few switches later, I've my own PPTP and/or L2TP over IPSec for VPN.
Apple's done a remarkable job of pulling all these bits and bobs together for the weary user/admin.
I'm not paying for a static IP. I use dyndns.org, with a dyndns client sending a ping with my IP several times a day.
And all that with nary any work, equipment, or worry on my part. Yes, I'm only supporting a couple of users, but it was all useful enough for me to take the time to handle my own mail. Not to mention fun (assuming an ever-so-slightly off-center definition of "fun").
Return to: From the Editors List
Copyright © 2009 O'Reilly Media, Inc.