Desktop FreeBSD Part 5: Internet Mail Setup

By Ed Hurst | Posted at 11:45 PM
The one thing that really fired up the develpment of the Internet as we know it today was e-mail. The protocols were designed back when the system itself was highly difficult to access, and security wasn't a significant issue. Since then, even your average household pet has heard of Internet security problems.

How many times have we read popular pronouncements not to use a certain popular e-mail program that is highly vulnerable to attacks hidden in messages? Those attacks are possible because the program is designed to make things so easy. It does everything for you. It's too easy for folks to forget the danger, because that's the software that came with their systems. That sort of large, do-it-all software takes up lots of resources, too.

There is a better way. It requires changing how you view Internet mail, going back to the original intent. In this case, it also means using what came with your system -- your FreeBSD system. I am assuming you took my earlier advice and installed the packages for Postfix, Fetchmail and Pine. None of these work directly from the graphical user interface (GUI), so we will spend some more time getting used the command line interface (CLI) environment.

By the way, there is a reason we users of FreeBSD love the CLI. Aside from all the elitist talk of "pure computing" there is a very practical issue involved. If there is one thing likely to crash on any computer system, it is the GUI. GUI hardware is more likely to work poorly than any other hardware, so the software for it is much more difficult to write. Since we know that Open Source systems run the GUI on top of the real heart of the computer, it is important that every computer user be able to work a little bit without the GUI, because you can still get all your work done. It just requires knowing some things you haven't bothered to learn yet. If something in your system breaks, your best chance of getting by until it's fixed is to be ready to work in the CLI. Even better, some of the best software that exists works only in the CLI. And you may be surprised to learn that the mail server software in FreeBSD takes less power, and works better and more safely, than those big bloated GUI e-mail programs.


There are three parts to a proper e-mail system:

  • the mail handler or mail transfer agent (MTA)
  • the mail fetcher that gets it from other machines
  • the e-mail reader and writer, called the e-mail client

Nowadays, you can add to the list a filtering agent if you need to deal with lots of different kinds of messages or have lots of spam. However, the main three can do that to some degree internally. The first two in our list above are the backbone of what mail servers all over the world do. We've already discussed how you can't run Open Source systems without using the MTA, so it is built into every one of them. The system depends on it.


We've already done a few things to make sure Postfix runs for us internally, but not to make it work with the Internet. Here's where Postfix shines as being simple to setup: you need to change only one thing to make it work "out of the box."

It's been my experience that whatever configuration you get when you install Postfix is ready to go, but it needs only to know the name of your ISP's mail server. You see, Postfix is a mail server on your machine, and it speaks the same language as almost every other mail server out there on the Internet. Unless your ISP does really weird things, it should quite willingly accept your outgoing mail just like it came from within their own internal mail system in their office.

Login as root, and navigate to /usr/local/etc/postfix. Open the file named with your favorite editor. A good editor will allow the display of a line number for each line of text, either in the right margin or somewhere in the display. Go down to about line 310, where you should see this:

#relayhost = $mydomain
#relayhost =
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

These lines are examples that you can copy, but the hashmark (#) at the front of each one prevents Postfix from reading those lines as something it needs to use. The second one is your model for most dialup connections. Your ISP should be able to tell you the specific name of the computer that handles mail on their system. Most of them use "" or a similar name. Recall from the installation tutorial that this is the usual nomencalture for giving a computer an identifiable name for the Internet. At any rate, whatever your ISP tells you is what goes here. If they just give you an IP number, you can use that, too, by using the last line as your model. Just replace the letters with the digits. For now, all IP addresses are a series of numbers divided into four sections by periods or dots.

It's probably a good idea for your own sake to simply add a new line below these four, but without the hash mark. Save the file. Then close it, and at the command line type:

postfix reload

It should tell you that it has reloaded and restarted. If it says anything else, you'll need to find out why. When there is a problem, usually you'll get something like fatal error, postfix not running or a similar message. Try typing

postfix start

If that gets you a good response, then you'll need to find out why it wasn't running already. Since the process of finding out is too complicated to put in this tutorial here, I'll invite you to google for keywords in your error message (don't forget that "freebsd" is one of your search terms), ask questions on a forum, or someone you know who runs FreeBSD. In the meantime, you can always login as root and start Postfix manually on those rare occasions when you have to reboot.

At this point, your system should know where to hand off any mail you address for a recipient outside your system.


I recall reading an article on the Internet where a technician wrote something like this: "Fetchmail has retreived my mail under the worst circumstances, when nothing else could." Dialup connections can be rather fragile. If anything can get your mail, Fetchmail will do it.

You can set up Fetchmail to work automatically, and for the whole system. However, that is more complicated than necessary. Since you as the user control when you are connected, you might as well control when and how your personal mail is fetched. Rather than change settings for the whole system, you need only create a single file -- another dot file normally hidden from view -- in your home directory.

First, a word about protocols. I've never dealt much with a mail system on the Internet that didn't use the standard known as POP3, aside from webmail. With webmail, you read your e-mail by logging on to the provider's machine, and you use their software from your web browser. With POP3, you are pulling that e-mail down to your machine. This allows you to disconnect after you get it and read it later.

Create a file named .fetchmailrc and put three lines in it. We will format it according to a customary practice that makes it easier to read. The first line will be the instruction where to call for you mail. The line has three elements: command, the mail server's name, and what protocol to use. The command is poll -- this tells fetchmail to go ask for your mail. The server name is the same as above, usually similar to The protocol we've already discussed: protocol POP3. If you want to know more about mail protocols, there are numerous articles on the Internet written at all different levels of interest. If your ISP doesn't use POP3, they should tell you. Most of them will understand what you need if you tell them you are running Fetchmail. That first line should resemble this:

poll protocol POP3

Next, you need to tell Fetchmail to match your user account name on your personal machine with the user account name you have on the remote mail server. Hopefully, you are not in the habit of using the same or a similar nickname everywhere you go. It's a security risk, though slight. You don't have to be paranoid to realize the value of being hard to find unless you want to be found. Ordinary people like me have been harassed more than once. So you start this next line indented somewhat (about 8 spaces will do) and tell Fetchmail that user so-and-so on the distant machine is the same as you on this machine. It will look like this:

        user joe is user jeh

In this case, my example says that I am "joe" on the server where my mail comes in, and "jeh" on my machine at home. This way, Fetchmail will give my login name to the remote machine, and deliver to me on my machine. If your identity is something odd, such as all numerals, then you may need to put double quotation marks around it, so Fetchmail doesn't confuse it with a command.

I hope your distant mail server requires a password, too. We discussed in the Install lesson how to devise your passwords, and that they should be different everywhere you have an account. If like me you have lots of accounts at places all over the Internet, there's nothing wrong with keeping a cue-card at hand. You'll have to decide for yourself how to guard that card from prying eyes physically where you keep your computer. For sites where it really doesn't matter, where no significant personal information is kept, I do use the same password for all of them. For e-mail, don't do that.

Keeping the same indentation as the identity line, type in the command password followed by the password itself. Again, if you use unusual characters in your password, you may need to put double quotation marks around it:

        password "G,H,P.321"

The whole file together might look like this:

poll protocol POP3
        user joe is user jeh
        password "G,H,P!321"

If you want to grab mail from more than one source, leave one blank line, the another set of instructions like the first. When you're done, save the file. Then you must protect it by making sure no one else can read it. Fetchmail is a little paranoid for you, so using your Konqueror file browser, right click on the icon for that file, select "Properties" and click the boxes under the "Permissions" tab until it matches only the "User" line with "Read" and "Write". Click "OK". You may need to enable viewing "hidden" files in Konqueror by selecting the "View" menu, then "Show Hidden Files" -- turn it on and off as you see fit.

Now whenever you are connected to the Internet, you can go to a Konsole window and type fetchmail and watch as it connects to your remote mail server, gets a message count, the size, then downloads each one by showing dots running across the screen (each representing roughly 1KB of data), and erasing it from the other machine. When finished, it will come back to the prompt, and you will have mail in your system with your user's name on it. That's because Fetchmail only fetches it; then it hands mail off to your internal mail server, Postfix. Postfix holds it until you call for it -- that's what the e-mail client does.


It's quite possible to setup Kmail to do this, or just about any other GUI mail software you want to use. However, in keeping with our plan to be ready to run in the CLI, we'll use Pine. I've already mentioned that Pine can be setup with all sorts of nice options. For example, you can tell Pine to display everything in colored text: from the starting menu type S (setup), then K (for color) and select the 16-color option. The rest should be self-explanatory. For example, I have the menu at the bottom display in magenta with the keystrokes in cyan.

For our purpose here, we will confine ourselves to the minimum setup options to make it work for us. From the main menu, hit S, then C for "configure." From the top:

  • Set your personal name to what you want to show in the headers or your out-going mail. Mine says "Ed Hurst."
  • user-domain should match what you are going to use as your mail account --, for example.
  • smtp-server should be your own machine, but since dialup machines don't have an IP address, you should use the standard address that always means "this local computer" --
  • inbox-path should be simply the word inbox

The rest probably won't matter for now, so skip down to the section with little boxes for marking with Xs. Here is something very useful most folks don't know: you can tell Pine to use something besides the internal Pico editor. I prefer Joe because it's more flexible. It allows me re-wrap messages to the standard line length for e-mail (72 charcters) while keeping the arrow-head marks to show I'm quoting. So I check the boxes in front of the lines:

   [X]  enable-alternate-editor-cmd
 [X]  enable-alternate-editor-implicitly

Hit PGDN a couple of times and see what I put under "Viewer Preferences"

   [X] enable-msg-view-attachments
   [X]  enable-msg-view-urls
 [X]  enable-msg-view-web-hostnames
   [X] enable-msg-view-addresses
   [ ] enable-msg-view-forced-arrows
   [X] prefer-plain-text

This allows me to choose other programs to display pictures, web pages and so forth. It also tries to find a plain text version of every incoming message. Too many programs prefer the HTML version for sending and reading, but send plain text, too. Under "Advanced Command Preferences" I mark these three:

   [X] enable-arrow-navigation
   [X] enable-full-header-cmd
   [X] enable-tab-completion

This allows me to use the keypad arrow keys, to view full headers with the H command. Also, it allows the use of the tab key to complete anything I start typing that may be fairly long, but for which the system can find a match, such as an address. This is one of the best features of Open Source systems; it works almost everywhere in the CLI. Type a part of the name of something and hit the TAB key; the system will try to guess from what's at hand what the rest of it should be. This works for names of files and for some commands in FreeBSD.

Take a look at these options farther down:

default-composer-hdrs = From:
customized-hdrs       = From: Ed Hurst 

This allows me to choose exactly what I see when I compose a message. If you have doubts what you want, don't put anything there. If you have questions, hit the ? key and Pine will provide an explanation. I provide this as an example of what you can do to keep things simple. The last line is because my ISP's mail server won't pass any mail that doesn't have a proper local account name in the From: line of the header. This puts a cramp on me, but it's a good practice for the rest of the world. It keeps the ISP's customers from lying about where the mail comes from, which discourages most spammers.

Most of the rest of options are not critical here, but page down to the end of the setup options. FreeBSD, like many Open Source systems, does one thing that annoys me: the default character set display doesn't allow for anything outside the basic ASCII character set. That means if someone with, say a German name with special letters, sends you e-mail, you won't be able to see those characters. So I set this:

character-set = ISO-8859-15

because it covers most things I'm likely to see. Then, because I have chosen to use Joe as my editor with Pine,

editor = joe -rmargin 72 -tab 3 -french -spaces

This is the command-line options to start Joe with my personal preferences, because Joe won't know which of the file types to associate with Pine mail. You can choose your own options by reading the .joerc file we edited in a previous tutorial. When you move from the header blanks in Pine with the down arrow key, it will automatically open your editor. When you are finished editing the message, save and exit the editor, and you will be back to Pine's composer screen. Two more:

image-viewer = display
url-viewers = "/usr/local/bin/lynx _URL_"

The first allows me to view images people sometimes attach to their e-mail messages. The command display calls up ImageMagick, my favorite image software. You can use KDE's Pixie Plus with the command pixie, for example. The last line allows me to choose how I want to view any website if a message includes a link. Notice the format; it must have the full path to the command, followed by the _URL_ marker. You can use just about any browser on your system, and get the path by typing at the command line:

which lynx

for example.

When you are finished with setting options for Pine, hit E (exit setup) and answer the question with a Y -- yes, accept the changes. Whatever you've done here will apply the next time you start Pine. Pine also has an address book, which allows you to use nicknames instead of typing out a long e-mail address. You can start Pine from the command line with that nickname, or any complete and proper e-mail address:


and when you send it, Pine will close and bring you back to the prompt. To send mail from Pine, after you have finished composing your message and have closed the editor, and all the information in the header is correctly set, hit ^X and Pine will hand the mail off to Postfix, which will hold it in the out-going queue.

If you are online at that moment, Postfix should send it right away. If you are not, it will wait. On some systems, as soon as you connect to the Internet, your machine will attempt first thing to send all the mail in the queue. If this doesn't happen, you can go to the command line and type:

/usr/sbin/sendmail -q

which tells Postfix to pass on your out-going mail.

Congratulations! You are now ready to use e-mail the way it was meant to be, according to all the best standards. It is virtually impossible for anyone to send you something that will harm your machine, because this combination of software isn't likely to react to viruses, worms, etc.

Ed Hurst is Associate Editor of Open for Business. Ed is also the Music Director for Grace Baptist Church of Kickapoo Creek, Texas. He loves computers, runs FreeBSD and GNU/Linux and reads all sorts of things. You can reach Ed at