Re: [Nmh-workers] Need some general advice

[Robert Elz]

    Date:        Tue, 13 Sep 2016 20:29:41 -0700
    From:        "Ronald F. Guilmette" <address@hidden>
    Message-ID:  <address@hidden>

  | I'll be trying to figure out how I'm gonna handle all this in the
  | very near future.  I may be back soon with more questions.

If it helps, and based upon the assumption that the server is under
your control, you could also perhaps use a setup more like what I do.

That is, I simply use ssh (including ssh IP tunnels) to handle all the
security issues - I assume that anyone who needs can have an account
on the server that they can use for this purpose.   On the client, I
have an MTA setup, that delivers all mail to a magic port on localhost.
That port connects to a ssh tunnel that connects to the SMTP server at
the server.  MH (nmh) cimply connects to the localhost (laptop or whatever)
MTA as normal.

If you look at the Received headers of this message you'll see that in
action - andromeda (first hop) is my laptop, which is buried behind an
(IPv4 & NAT only unfortunately) ADSL link with an address that changes daily.
munnari is the server - you'll see on its Received header that it also
receives the mail from "localhost" (IPv6 localhost but that's irrelevant) -
that's the effect of the incoming SMTP connection via the ssh tunnel.
After that it is SMTP as normal.   The server only needs to permit mail
submission from localhost, not the whole internet, so there's no possibility
of being used as a spam relay, and it needs no SMTP authentication (though
you could use it if desired), so works whatever MTA you choose to run with
no special config.

Multiple users (whatever domain name their email address appears as)
should be no problem, each just needs some (server local) unique login
name that they can use to ssh as (which doesn't need to be any way
similar to their e-mail addresses.)

The tunnels are maintained by a "while true; do ssh ...; done" script
that simply runs on my laptop from when I start it (more correctly, from
when the encrypted filesys that holds the ssh key files becomes available)
until it shuts down, the loop handles the connection breakage that occurs
when the ISP decides an IP addr change is needed (and other random network
outages), and running a local MTA deals with queueing so I can send e-mail
any time, and if that happens to be when something is preventing the tunnel
from working, I know the mail will get transmitted eventually, when all
is good again.)

For incoming mail I just scp the mailbox file from the server (a little
more complicated than that, as it needs protection against mail arriving
while the copy is in progress - so I just move the mailbox file first,
in a way that guarantees messages will either be complete in the old mailbox
or go into a new one) - after it arrives on my laptop I use procmail to
spread it around my MH folders, but inc would work as well (this scheme has
the advantage that I keep the mailbox copy files on both my laptop and
the server for a while, so if anything goes wrong I can always just unpack
one, or more, again.)   They could also be unpacked on the server as well,
if I needed that - I don't, I have used my laptop (exclusively) for all
e-mail for decades now (not the same laptop of course...) which is why
I had nothing to contribute on the "Sharing MH files..." thread of earlier
in the month.

Ths point of this message isn't really to suggest that you should duplicate
my setup, rather that if you have the ability at the server end, you can
come up with innovative solutions that do exactly what you need, which is
a luxury denied to those who are forced to deal with ISP (or corporate)
provided servers and can only use the methods that also work on windows...

For example, since you are running an HTTP server anyway (you said) you
could create a magic https:// URL that would download mail for you (and
access it using wget or curl or whatever) and another than would allow you
to post mail (would need more work on the local end to make work) - which
would have the advantage of keeping e-mail access working even if you get
stuck in a location where there's a firewall that allows nothing but http
(even intermediate proxy servers should do no harm.)   Note I have never
tried this (munnari has no HTTP server) so I don't know how easy it would
be - particularly dealing with user authentication safely -(or even if it
really is possible.)

Any of this means that you don't need to deal with the limitations of POP,
nor to attempt to dream about how MH and IMAP might one day be integrated,
where none of the imagined solutions actually looks very much as if what
you would end up with is nearly as nice as MH is supposed to be (and is.)

kre