How many times have we read popular pronouncements not to use a certain popular e-mail program that is highly vulnerable to attacks hidden in messages? Those attacks are possible because the program is designed to make things so easy. It does everything for you. It's too easy for folks to forget the danger, because that's the software that came with their systems. That sort of large, do-it-all software takes up lots of resources, too.
There is a better way. It requires changing how you view Internet mail, going back to the original intent. In this case, it also means using what came with your system -- your FreeBSD system. I am assuming you took my earlier advice and installed the packages for Postfix, Fetchmail and Pine. None of these work directly from the graphical user interface (GUI), so we will spend some more time getting used the command line interface (CLI) environment.
By the way, there is a reason we users of FreeBSD love the CLI. Aside from all the elitist talk of "pure computing" there is a very practical issue involved. If there is one thing likely to crash on any computer system, it is the GUI. GUI hardware is more likely to work poorly than any other hardware, so the software for it is much more difficult to write. Since we know that Open Source systems run the GUI on top of the real heart of the computer, it is important that every computer user be able to work a little bit without the GUI, because you can still get all your work done. It just requires knowing some things you haven't bothered to learn yet. If something in your system breaks, your best chance of getting by until it's fixed is to be ready to work in the CLI. Even better, some of the best software that exists works only in the CLI. And you may be surprised to learn that the mail server software in FreeBSD takes less power, and works better and more safely, than those big bloated GUI e-mail programs.
There are three parts to a proper e-mail system:
Nowadays, you can add to the list a filtering agent if you need to deal with lots of different kinds of messages or have lots of spam. However, the main three can do that to some degree internally. The first two in our list above are the backbone of what mail servers all over the world do. We've already discussed how you can't run Open Source systems without using the MTA, so it is built into every one of them. The system depends on it.
We've already done a few things to make sure Postfix runs for us internally, but not to make it work with the Internet. Here's where Postfix shines as being simple to setup: you need to change only one thing to make it work "out of the box."
It's been my experience that whatever configuration you get when you install Postfix is ready to go, but it needs only to know the name of your ISP's mail server. You see, Postfix is a mail server on your machine, and it speaks the same language as almost every other mail server out there on the Internet. Unless your ISP does really weird things, it should quite willingly accept your outgoing mail just like it came from within their own internal mail system in their office.
Login as root, and navigate to /usr/local/etc/postfix.
Open the file named main.cf with your favorite editor. A
good editor will allow the display of a line number for each line of
text, either in the right margin or somewhere in the display. Go down
to about line 310, where you should see this:
#relayhost = $mydomain #relayhost = gateway.my.domain #relayhost = uucphost #relayhost = [an.ip.add.ress]
These lines are examples that you can copy, but the hashmark (#) at the front of each one prevents Postfix from reading those lines as something it needs to use. The second one is your model for most dialup connections. Your ISP should be able to tell you the specific name of the computer that handles mail on their system. Most of them use "mail.something.com" or a similar name. Recall from the installation tutorial that this is the usual nomencalture for giving a computer an identifiable name for the Internet. At any rate, whatever your ISP tells you is what goes here. If they just give you an IP number, you can use that, too, by using the last line as your model. Just replace the letters with the digits. For now, all IP addresses are a series of numbers divided into four sections by periods or dots.
It's probably a good idea for your own sake to simply add a new line below these four, but without the hash mark. Save the file. Then close it, and at the command line type:
postfix reload
It should tell you that it has reloaded and restarted. If it says
anything else, you'll need to find out why. When there is a problem,
usually you'll get something like fatal error, postfix not
running or a similar message. Try typing
postfix start
If that gets you a good response, then you'll need to find out why it wasn't running already. Since the process of finding out is too complicated to put in this tutorial here, I'll invite you to google for keywords in your error message (don't forget that "freebsd" is one of your search terms), ask questions on a forum, or someone you know who runs FreeBSD. In the meantime, you can always login as root and start Postfix manually on those rare occasions when you have to reboot.
At this point, your system should know where to hand off any mail you address for a recipient outside your system.
I recall reading an article on the Internet where a technician wrote something like this: "Fetchmail has retreived my mail under the worst circumstances, when nothing else could." Dialup connections can be rather fragile. If anything can get your mail, Fetchmail will do it.
You can set up Fetchmail to work automatically, and for the whole system. However, that is more complicated than necessary. Since you as the user control when you are connected, you might as well control when and how your personal mail is fetched. Rather than change settings for the whole system, you need only create a single file -- another dot file normally hidden from view -- in your home directory.
First, a word about protocols. I've never dealt much with a mail system on the Internet that didn't use the standard known as POP3, aside from webmail. With webmail, you read your e-mail by logging on to the provider's machine, and you use their software from your web browser. With POP3, you are pulling that e-mail down to your machine. This allows you to disconnect after you get it and read it later.
Create a file named .fetchmailrc and put three lines in
it. We will format it according to a customary practice that makes it
easier to read. The first line will be the instruction where to call
for you mail. The line has three elements: command, the mail server's
name, and what protocol to use. The command is poll --
this tells fetchmail to go ask for your mail. The server name is the
same as above, usually similar to mail.something.net. The
protocol we've already discussed: protocol POP3. If you
want to know more about mail protocols, there are numerous articles on
the Internet written at all different levels of interest. If your ISP
doesn't use POP3, they should tell you. Most of them will understand
what you need if you tell them you are running Fetchmail. That first
line should resemble this:
poll mail.someisp.net protocol POP3
Next, you need to tell Fetchmail to match your user account name on your personal machine with the user account name you have on the remote mail server. Hopefully, you are not in the habit of using the same or a similar nickname everywhere you go. It's a security risk, though slight. You don't have to be paranoid to realize the value of being hard to find unless you want to be found. Ordinary people like me have been harassed more than once. So you start this next line indented somewhat (about 8 spaces will do) and tell Fetchmail that user so-and-so on the distant machine is the same as you on this machine. It will look like this:
user joe is user jeh
In this case, my example says that I am "joe" on the server where my mail comes in, and "jeh" on my machine at home. This way, Fetchmail will give my login name to the remote machine, and deliver to me on my machine. If your identity is something odd, such as all numerals, then you may need to put double quotation marks around it, so Fetchmail doesn't confuse it with a command.
I hope your distant mail server requires a password, too. We discussed in the Install lesson how to devise your passwords, and that they should be different everywhere you have an account. If like me you have lots of accounts at places all over the Internet, there's nothing wrong with keeping a cue-card at hand. You'll have to decide for yourself how to guard that card from prying eyes physically where you keep your computer. For sites where it really doesn't matter, where no significant personal information is kept, I do use the same password for all of them. For e-mail, don't do that.
Keeping the same indentation as the identity line, type in the
command password followed by the password itself. Again,
if you use unusual characters in your password, you may need to put
double quotation marks around it:
password "G,H,P.321"
The whole file together might look like this:
poll mail.someisp.net protocol POP3
user joe is user jeh
password "G,H,P!321"
If you want to grab mail from more than one source, leave one blank line, the another set of instructions like the first. When you're done, save the file. Then you must protect it by making sure no one else can read it. Fetchmail is a little paranoid for you, so using your Konqueror file browser, right click on the icon for that file, select "Properties" and click the boxes under the "Permissions" tab until it matches only the "User" line with "Read" and "Write". Click "OK". You may need to enable viewing "hidden" files in Konqueror by selecting the "View" menu, then "Show Hidden Files" -- turn it on and off as you see fit.
Now whenever you are connected to the Internet, you can go to a
Konsole window and type fetchmail and watch as it connects
to your remote mail server, gets a message count, the size, then
downloads each one by showing dots running across the screen (each
representing roughly 1KB of data), and erasing it from the other
machine. When finished, it will come back to the prompt, and you will
have mail in your system with your user's name on it. That's because
Fetchmail only fetches it; then it hands mail off to your internal mail
server, Postfix. Postfix holds it until you call for it -- that's what
the e-mail client does.
E-MAIL CLIENT: PINE
It's quite possible to setup Kmail to do this, or just about any
other GUI mail software you want to use. However, in keeping with our
plan to be ready to run in the CLI, we'll use Pine. I've already
mentioned that Pine can be setup with all sorts of nice options. For
example, you can tell Pine to display everything in colored text: from
the starting menu type S (setup), then K (for
color) and select the 16-color option. The rest should be
self-explanatory. For example, I have the menu at the bottom display in
magenta with the keystrokes in cyan.
For our purpose here, we will confine ourselves to the minimum setup
options to make it work for us. From the main menu, hit S,
then C for "configure." From the top:
someisp.net, for example.127.0.0.1inboxThe rest probably won't matter for now, so skip down to the section with little boxes for marking with Xs. Here is something very useful most folks don't know: you can tell Pine to use something besides the internal Pico editor. I prefer Joe because it's more flexible. It allows me re-wrap messages to the standard line length for e-mail (72 charcters) while keeping the arrow-head marks to show I'm quoting. So I check the boxes in front of the lines:
[X] enable-alternate-editor-cmd [X] enable-alternate-editor-implicitly
Hit PGDN a couple of times and see what I put under
"Viewer Preferences"
[X] enable-msg-view-attachments [X] enable-msg-view-urls [X] enable-msg-view-web-hostnames [X] enable-msg-view-addresses [ ] enable-msg-view-forced-arrows [X] prefer-plain-text
This allows me to choose other programs to display pictures, web pages and so forth. It also tries to find a plain text version of every incoming message. Too many programs prefer the HTML version for sending and reading, but send plain text, too. Under "Advanced Command Preferences" I mark these three:
[X] enable-arrow-navigation ... [X] enable-full-header-cmd ... [X] enable-tab-completion
This allows me to use the keypad arrow keys, to view full headers
with the H command. Also, it allows the use of the tab key
to complete anything I start typing that may be fairly long, but for
which the system can find a match, such as an address. This is one of
the best features of Open Source systems; it works almost everywhere in
the CLI. Type a part of the name of something and hit the
TAB key; the system will try to guess from what's at hand
what the rest of it should be. This works for names of files and for
some commands in FreeBSD.
Take a look at these options farther down:
default-composer-hdrs = From:
To:
Attchmnt:
Subject:
customized-hdrs = From: Ed Hurst
This allows me to choose exactly what I see when I compose a
message. If you have doubts what you want, don't put anything there. If
you have questions, hit the ? key and Pine will provide an
explanation. I provide this as an example of what you can do to keep
things simple. The last line is because my ISP's mail server won't pass
any mail that doesn't have a proper local account name in the
From: line of the header. This puts a cramp on me, but
it's a good practice for the rest of the world. It keeps the ISP's
customers from lying about where the mail comes from, which discourages
most spammers.
Most of the rest of options are not critical here, but page down to the end of the setup options. FreeBSD, like many Open Source systems, does one thing that annoys me: the default character set display doesn't allow for anything outside the basic ASCII character set. That means if someone with, say a German name with special letters, sends you e-mail, you won't be able to see those characters. So I set this:
character-set = ISO-8859-15
because it covers most things I'm likely to see. Then, because I have chosen to use Joe as my editor with Pine,
editor = joe -rmargin 72 -tab 3 -french -spaces
This is the command-line options to start Joe with my personal preferences, because Joe won't know which of the file types to associate with Pine mail. You can choose your own options by reading the .joerc file we edited in a previous tutorial. When you move from the header blanks in Pine with the down arrow key, it will automatically open your editor. When you are finished editing the message, save and exit the editor, and you will be back to Pine's composer screen. Two more:
image-viewer = display .... url-viewers = "/usr/local/bin/lynx _URL_"
The first allows me to view images people sometimes attach to their
e-mail messages. The command display calls up ImageMagick,
my favorite image software. You can use KDE's Pixie Plus with the
command pixie, for example. The last line allows me to
choose how I want to view any website if a message includes a link.
Notice the format; it must have the full path to the command, followed
by the _URL_ marker. You can use just about any browser on
your system, and get the path by typing at the command line:
which lynx
for example.
When you are finished with setting options for Pine, hit
E (exit setup) and answer the question with a
Y -- yes, accept the changes. Whatever you've done here
will apply the next time you start Pine. Pine also has an address book,
which allows you to use nicknames instead of typing out a long e-mail
address. You can start Pine from the command line with that nickname,
or any complete and proper e-mail address:
pine somebody@someisp.net
and when you send it, Pine will close and bring you back to the
prompt. To send mail from Pine, after you have finished composing your
message and have closed the editor, and all the information in the
header is correctly set, hit ^X and Pine will hand the
mail off to Postfix, which will hold it in the out-going queue.
If you are online at that moment, Postfix should send it right away. If you are not, it will wait. On some systems, as soon as you connect to the Internet, your machine will attempt first thing to send all the mail in the queue. If this doesn't happen, you can go to the command line and type:
/usr/sbin/sendmail -q
which tells Postfix to pass on your out-going mail.
Congratulations! You are now ready to use e-mail the way it was meant to be, according to all the best standards. It is virtually impossible for anyone to send you something that will harm your machine, because this combination of software isn't likely to react to viruses, worms, etc.
Ed Hurst is Associate Editor of Open for Business. Ed is also the Music Director for Grace Baptist Church of Kickapoo Creek, Texas. He loves computers, runs FreeBSD and GNU/Linux and reads all sorts of things. You can reach Ed at ehurst@ofb.biz.