NeXT Computers

NeXT Computer, Inc. => Porting New Software => Topic started by: kb7sqi on October 24, 2007, 06:31:49 pm

Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on October 24, 2007, 06:31:49 pm
Hi all,
  In my continuing effort to make my systems more usable, I have successfully setup email w/ GMAIL.  :D   My one laptop is currently fetching email via secure IMAP and sending email via msmtp to google's smtp servers w/ a working ssl connection.  I'm even using the default Mail.app.  Here's a header for proof.

Received: by 10.70.89.5 with SMTP id m5mr1402175wxb.1193249689098;
       Wed, 24 Oct 2007 11:14:49 -0700 (PDT)
Return-Path: <kb7sqi@gmail.com>
Received: from localhost ( [75.183.106.19])
       by mx.google.com with ESMTPS id h8sm1533866wxd.2007.10.24.11.14.46
       (version=TLSv1/SSLv3 cipher=OTHER);
       Wed, 24 Oct 2007 11:14:47 -0700 (PDT)
Content-Type: text/plain
MIME-Version: 1.0 (NeXT Mail 4.2mach_patches v148.2)
Received: by NeXT.Mailer (148.2);
Date: Wed, 24 Oct 2007 14:14:40 -0400
To: kb7sqi@yahoo.com
Subject: Test
Reply-To: kb7sqi@gmail.com
From: "Steven D. Blackford" <kb7sqi@gmail.com>
Message-ID: <471f8b97.0886460a.6006.ffffc458@mx.google.com>
Content-Length: 176

I did a quick port of msmtp that compiles clean w/ the 2.7.2.1 compiler for OPENSTEP, so I need to test it on NEXTSTEP next.  Either way, I'll be making a package for it.  BTW, if you're curious about how to setup gmail w/ your system.  It basically comes down to using my port of fetchmail linked again openssl, procmail & then using msmtp for the mda.  It works great.  8)
Title: GMAIL is possible on NeXT systems!
Post by: helf on October 24, 2007, 07:43:50 pm
wow! awesome :D I'd really been wanting to do this!

You are my new favorite person :P
Title: wow!
Post by: neozeed on October 25, 2007, 01:23:11 am
That sounds FANTASTIC!

I can't wait to see how it's done.. !

Good job btw!
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on October 25, 2007, 04:14:26 am
Thanks guys.
    It's actually just like any other *nix box once you get fetchmail and msmtp working properly.  MSMTP was actually a pretty easy port.  I only had  to make one source code change & add a bunch of stuff to the config.h file.  :wink:   Then, to make it work w/ Mail.app, you simply change the sendmail command in the preferences to /usr/local/bin/msmtp.  Fetchmail runs as a daemon in the background pullilng all the mail to your system.  You have to grab the gmail ssl certificate, one from thawte & one from equifax.  I can post some urls for config information.    I was hoping using fetchmail w/ IMAP would work great, but after watching the system pull mail, it kept pulling the same new email over & over again.  So, I guess I'll either stick w/ POP3 or I'm going to have to look @ updating fetchmail.  The last time I looked @ that  though, they had added a bunch of POSIX stuff to the code, thus breaking it on NEXTSTEP/OPENSTEP.  :(  I'll try to put it on my list of stuff to do this week.  BTW, if you feel froggy, there's a package of msmtp for gecko & openstep x86 in  the packages directory now.  You can quickly google setting up gmail fetchmail msmtp and find all the information for setting it up.  :D   Take care.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on October 25, 2007, 04:22:10 am
BTW, I forgot to mention one thing, GMAIL is just one example that this setup will work for.  You could also use this w/ pretty much any email service/isp that requires secure authentication.  Since most isp are moving in that direction, that's why I was interested in getting it to work.  Take care.
Title: GMAIL is possible on NeXT systems!
Post by: helf on October 25, 2007, 02:14:28 pm
I've actually never set up fetchmail or nextsteps email.app before :] Guess  I will read up on it. heh.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on October 26, 2007, 03:56:30 pm
msmtp is packaged quad fat in my packages directory.  fetchmail will be following shortly.   :D
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on October 26, 2007, 04:13:20 pm
fetchmail is compiled/posted as well.   :lol:
Title: Basic GMAIL/NEXT Howto
Post by: kb7sqi on October 28, 2007, 04:58:42 pm
Here's the Basic instructions on setting up Gmail w/ Mail.app.  I'm providing the info on how you setup fetchmail/msmtp.  You need to setup Mail.app/sendmail/procmail as in explained in several faq's.


1. Enable POP in your Gmail account

2. mkdir ~/.certs

3. get Gmail SSL cert.

# echo bye | openssl s_client -connect pop.gmail.com:995 -showcerts |
sed -n '/BEGIN/,/END/p' > ~/.certs/gmail.pem

4. Get Equifax's cert.

#wget -O ~/certs/equifax.pem https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer

5. Get the Mozilla cacert.pem file from the curl web site, this is updated weekly:
# cd ~/.certs; wget http://curl.haxx.se/ca/cacert.pem

6. Set ownership/permissions on ~/.certs

#chmod 0700 ~/.certs
#chmod 0600 ~/.certs/*.pem

7. Rehash ~/.certs so openssl can read them
#c_rehash ~/.certs/

8. Test Certificates
#openssl s_client -connect pop.gmail.com:995 -CApath ~/.certs/
... ...
---
+OK Gpop h19pf3704794wxd ready.

9. Setup fetchmail

#vi .fetchmailrc

Insert following:

# set polling time (no less than 5 minutes as required by gmail)
set daemon 600

poll pop.gmail.com with proto POP3
user 'user@gmail.com' with password 'password' options ssl
sslcertck sslcertpath ~/.certs/ keep

Insert your username/password in the above example. :-)

10. Set permissions on .fetchmail

# chmod 0600 .fetchmailrc

11. Setup .msmtprc file

# vi .msmtprc

Insert the following:

account default
host smtp.gmail.com
from user@gmail.com
tls on
tls_starttls on
tls_certcheck on
tls_trust_file ~/.certs/cacert.pem
auth on
port 587
user user@gmail.com
password password

12. Secure .mstmprc

#chmod 0600 .msmtprc

13. Now test & make sure you've got msmtp setup correctly & working w/ google's smtp server:

# msmtp --serverinfo --host=smtp.gmail.com --tls=on --port=587 \
      --tls-trust-file=~/.certs/cacert.pem

The output should look similar:
-bash-2.05b$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --port=587 \
>        --tls-trust-file=~/.certs/cacert.pem
SMTP server at smtp.gmail.com, port 587:
   mx.google.com ESMTP p15sm405901ybk.37
TLS certificate information:
   Owner:
       Common Name: smtp.gmail.com
       Organization: Google Inc
       Locality: Mountain View
       State or Province: California
       Country: US
   Issuer:
       Common Name: Google Internet Authority
       Organization: Google Inc
       Country: US
   Validity:
       Activation time: Thu Apr 22 16:02:45 2010
       Expiration time: Fri Apr 22 16:12:45 2011
   Fingerprints:
       SHA1: 1A:6F:48:8F:BE:5B:FD:92:D8:12:30:F9:22:CE:84:49:B3:43:BD:2C
       MD5:  60:39:DE:FB:0A:D9:9E:43:26:E7:75:AC:60:48:A1:B0
Capabilities:
   SIZE 35651584:
       Maximum message size is 35651584 bytes = 34.00 MiB
   STARTTLS:
       Support for TLS encryption via the STARTTLS command
   AUTH:
       Supported authentication methods:
       PLAIN LOGIN

14. Now setup up Mail.app

In the expert preferences of Mail.app change the mailer from /usr/lib/sendmail to
/usr/local/bin/msmtp


You should also add the email_address setting in NetInfo like explained in the Sendmail FAQ.  That way your From Address show's properly.

Now, if you don't have sendmail setup on your system at all, you'll need procmail and the mailapp-utilities packages also.

then in your ~/.fetchmailrc you'll need to add the following

mda="/usr/local/bin/procmail -d %T"
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 08, 2007, 09:11:13 pm
I wanted to let everyone know, I've tested using the standard PopOver.app w/ my port of Stunnel-4.21.  You can set this up instead of using Fetchmail to pop3 your mail from GMAIL or any other system that requires SSL authentication for POP3/IMAP/SMTP.  You still need to use MSMTP for sending email to Google's SMTP servers.  I'll post details later on this evening.  Take care.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 09, 2007, 03:52:05 pm
Ok, here's a quick setup guide for using stunnel w/ gmail.  You need my stunnel package and the prngd package as well.  Here's how I have my /etc/rc.local setup.  You setup stunnel to startup on boot up.

if [ -f /usr/local/sbin/prngd ]; then
       echo -n ' prngd' >/dev/console
       /usr/local/sbin/prngd /etc/egd-pool
fi

if [ -f /usr/local/sbin/stunnel ]; then
       echo -n ' stunnel' >/dev/console
       /usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf
fi

In your /usr/local/etc/stunnel/stunnel.conf you need the following

# GLOBAL OPTIONS
client = yes
debug = 7
output = /usr/adm/stunnel.log

[pop3s]
accept = 127.0.0.1:110
connect = pop.gmail.com:995

before starting stunnel, you need to touch /usr/adm/stunnel.log as root.  That way your logging works correctly.  Then once you fire up stunnel either by rebooting or just running the command above as root, you can startup PopOver.app.  Simply add a new POP3 system.  Put localhost as your server.  Put your gmail user@gmail.com as your username & put in your gmail password as the password.

You can test to see if it works correctly by running the following:
-bash-2.05b$ stunnel -version
stunnel 4.21 on hppa-next-nextstep3 with OpenSSL 0.9.8g 19 Oct 2007
Threading:FORK SSL:ENGINE Sockets:SELECT,IPv4

Global options
debug           = 5
EGD             = /etc/egd-pool
pid             = /usr/local/etc/stunnel/stunnel.pid
RNDbytes        = 64
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /usr/local/etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

-bash-2.05b$ telnet localhost 110
Trying 127.0.0.1... Connected to localhost.
Escape character is '^]'.
+OK Gpop ready for requests from 72.14.241.156 g34pf1208558rob
QUIT

Here's a partial /usr/adm/stunnel.log

2007.11.08 00:07:08 LOG5[23576:0]: stunnel 4.21 on hppa-next-nextstep3 with OpenSSL 0.9.8g 19 Oct 2007
2007.11.08 00:07:08 LOG5[23576:0]: Threading:FORK SSL:ENGINE Sockets:SELECT,IPv42007.11.08 00:07:08 LOG6[23576:0]: file ulimit = 256 (can be changed with 'ulimit -n')
2007.11.08 00:07:08 LOG6[23576:0]: FD_SETSIZE = 256 (some systems allow to increase this value)
2007.11.08 00:07:08 LOG5[23576:0]: 125 clients allowed
2007.11.08 00:07:08 LOG7[23576:0]: FD 4 in non-blocking mode
2007.11.08 00:07:08 LOG7[23576:0]: FD 5 in non-blocking mode
2007.11.08 00:07:08 LOG7[23576:0]: FD 6 in non-blocking mode
2007.11.08 00:07:08 LOG7[23576:0]: SO_REUSEADDR option set on accept socket
2007.11.08 00:07:08 LOG7[23576:0]: pop3s bound to 127.0.0.1:110
2007.11.08 00:07:08 LOG7[23577:0]: Created pid file /usr/local/etc/stunnel/stunnel.pid

You can check out http://www.stunnel.org/ for more information.   Again you'll still need my msmtp package to send email directly to the gmail smtp server.  Setup for that is the same as above.  Take care.
Title: Re: Basic GMAIL/NEXT Howto
Post by: ericj on November 15, 2007, 11:51:37 pm
Quote from: "kb7sqi"
You should also add the email_address setting in NetInfo like explained in the Sendmail FAQ.  That way your From Address show's properly.


Hi, I've been attempting this on NEXTSTEP 3.3 (Intel), and I can't find the Sendmail FAQ (I'd like the From address to work). If you could post a link to it, that'd be great.

Thanks,
Eric
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 16, 2007, 04:35:08 am
There's two ways to go about this, one is update your stock sendmail w/ one of the sendmail packages off one of the archive.  I've put a copy of the latest sendmail packages I had in my archives on my site http://kb7sqi.dyndns.org/files/misc/sendmail/  Also, in the misc directory, is a copy of TjL's cable-modem faq and there's a dhcp directory w/ the last packages made as well. For years, I kept sendmail upto date so, I already had my systems setup according to the sendmail FAQ that comes w/ the sendmail packages & then I started using postfix instead.  It still compiles clean on NEXTSTEP/OPENSTEP w/ out using the -posix flag.  :wink:   I have compiled a quad package for NEXTSTEP, but I haven't had time to archive it & package it up.  I'll try to get to that this weekend.

The other way to set the "From" field in Mail.app is to the following:

 Menu: Info->Preferences,  PopUp: Expert

You should see a box that says "Additional Outgoing Headers"
add a set a Key value pair:

       Key     Value
       From    Your Name <youraddr...@yourhost.yourdomain>

And I would also set the Reply-To as well, just to make sure.

Under 'Compose', you will see a field with 'Reply-To:' next to it.  Type the e-mail address of your POP/IMAP account in that field:

If you're just going to be using PopOver.app & Mail.app w/ stunnel/msmtp, I'd go that route instead of upgrading/setting up sendmail.

Let me know if you have any problems.  I've been using PopOver.app w/ stunnel & using msmtp for outgoing mail w/ my Gecko & it's working great.  8) Take care.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 16, 2007, 04:44:27 am
Just another follow up real quick if you plan on wanting to setup procmail scripts to filter spam/organize mail, you'll definately want to grab the mailapp-utilities package off one of the archives & follow the examples.    Before I started using my gmail account for most of my mailing list stuff, I was using fetchmail/procmail/postfix for all my mail.  I had several procmail scripts to sort mail & get rid of spam.  Someone could write a book on all that though.  :lol: Besides a few problems w/ Mail.app like html email, Mail.app is still a great email client.  Take care.
Title: Cannot send mail
Post by: ericj on November 17, 2007, 05:25:54 pm
I cannot send outgoing mail. I get no error messages, but the tests I send to myself (I'm using Verizon FiOS Webmail) do not arrive.

Please help,
Eric

P.S. Verizon FiOS blocks port 25, this would cause this, right? If so, how do I change the msmtp port?
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 17, 2007, 08:55:42 pm
This part should work fine:

11. Setup .msmtprc file

# vi .msmtprc

Insert the following:

account default
host smtp.gmail.com
from user@gmail.com
tls on
tls_trust_file ~/.certs/thawte.pem
auth on
port 587 <---- Make sure you note the Port 587 & not Port 25.
user user@gmail.com
password password

12. Secure .mstmprc

#chmod 0600 .msmtprc


13. Now setup up Mail.app

In the expert preferences of Mail.app change the mailer from /usr/lib/sendmail to /usr/local/bin/msmtp

Post your files or shoot me an email w/ them minus your passwords of course.   I'll make sure they look ok.

:wink:
Title: GMAIL is possible on NeXT systems!
Post by: ericj on November 17, 2007, 09:29:55 pm
Quote from: "kb7sqi"This part should work fine:

11. Setup .msmtprc file

# vi .msmtprc

Insert the following:

account default
host smtp.gmail.com
from user@gmail.com
tls on
tls_trust_file ~/.certs/thawte.pem
auth on
port 587 <---- Make sure you note the Port 587 & not Port 25.
user user@gmail.com
password password

12. Secure .mstmprc

#chmod 0600 .msmtprc


13. Now setup up Mail.app

In the expert preferences of Mail.app change the mailer from /usr/lib/sendmail to /usr/local/bin/msmtp

Post your files or shoot me an email w/ them minus your passwords of course.   I'll make sure they look ok.

:wink:


Oh, but 587 is Gmail's port. Or is this also the port for msmtp? I'm using this with my Verizon email, since I didn't feel like setting SSL certs up.

If you need the file, I can post it after I boot OPENSTEP up (I've upgraded) and retrieve it (it's in VMware, and I'm trying to get GNUstepWeb to work ATM).

Thanks,
Eric

P.S. I've got everything set up for the Verizon servers, fetchmail works fine (if a bit manual for me). msmtp is the only issue for me. Oh, and Verizon email doesn't use SSL by default, so that's not the problem.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 17, 2007, 09:50:51 pm
Oh ok, I understand now.  :wink: When you get a chance, just post your .msmtprc file & I'll glance over it.  I'm sure I can help figure something  :lol: I can help you setup postfix if needed.  I have it compiled also quad fat, but need to archive it properly/package it up.  It's a painless replacement for sendmail as well.

Also, if you're working w/ verizon & just pop3'ing your mail, PopOver.app would probably be better choice.  I setup fetchmail initially because I use it for several email accounts & I didn't have stunnel ported yet.  Once I got stunnel ported, I swapped back over to that for getting my gmail.  You only need to get one cert then.  Just the one required for msmtp.   :D
Title: Config
Post by: ericj on November 17, 2007, 10:44:53 pm
OK, this is my config file (not a real password, of course, and the email is removed because I don't need more spam):

account default
host outgoing.verizon.net
from user@verizon.net
auth on
user user@verizon.net
password password


If there is something missing here, please tell me ASAP.

Thanks,
Eric
Title: Re: Config
Post by: kb7sqi on November 18, 2007, 05:37:40 am
Quote from: "ericj"OK, this is my config file (not a real password, of course, and the email is removed because I don't need more spam):

account default
host outgoing.verizon.net
from user@verizon.net
auth on
user user@verizon.net
password password


If there is something missing here, please tell me ASAP.

Thanks,
Eric


Hey Eric,
  Ok, from what I've read about Verizon.net's smtp servers, you do need to make sure your "From" header is set correctly in Mail.app as explained above.  In your .msmtprc file, on the line user, drop the @verizon.net.  Just use user username

If you look @ your console log, you should see some logs from msmtp.  Look in /tmp /usr/adm/messages, etc.  If that don't work, post the output of the errors.  Also, one thing I didn't ask about your .fetchmailrc, did you include the set daemon line also?

Like this:
# set polling time (no less than 5 minutes as required by gmail)
set daemon 600

You shouldn't have to manually run fetchmail to check your email.  It should keep running in the background till you kill it/reboot the system.  Figured I'd ask. Let me know how it works.  Take care.
Title: Re: Config
Post by: ericj on November 18, 2007, 02:48:07 pm
Quote from: "kb7sqi"
Quote from: "ericj"OK, this is my config file (not a real password, of course, and the email is removed because I don't need more spam):

account default
host outgoing.verizon.net
from user@verizon.net
auth on
user user@verizon.net
password password


If there is something missing here, please tell me ASAP.

Thanks,
Eric


Hey Eric,
  Ok, from what I've read about Verizon.net's smtp servers, you do need to make sure your "From" header is set correctly in Mail.app as explained above.  In your .msmtprc file, on the line user, drop the @verizon.net.  Just use user username

If you look @ your console log, you should see some logs from msmtp.  Look in /tmp /usr/adm/messages, etc.  If that don't work, post the output of the errors.  Also, one thing I didn't ask about your .fetchmailrc, did you include the set daemon line also?

Like this:
# set polling time (no less than 5 minutes as required by gmail)
set daemon 600

You shouldn't have to manually run fetchmail to check your email.  It should keep running in the background till you kill it/reboot the system.  Figured I'd ask. Let me know how it works.  Take care.


What I mean by manual is that I have to launch it myself when I log in. Oh, and yes, I do have the set daemon line. Fetchmail is working as I expected it to. Oh, and I had assumed from the Verizon Webmail login screen that POP3 & SMTP required the "@verizon.net" part. Guess not! :D

Thanks,
Eric
Title: Errors
Post by: ericj on November 18, 2007, 04:04:53 pm
OK, these are the two lines that appear in console.log when I try to send mail from Mail.app:

msmtp: cannot use a secure authentication method
msmtp: could not send mail (account default from /Users/ejohns/.msmtprc)


I do not have SSL enabled.

Thanks,
Eric
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 18, 2007, 06:03:42 pm
Ok, it seems since msmtp is compiled against SSL, it tries to authenticate first w/ TLS.  change the auth line in you .msmtprc file to

auth plain or auth login

Here's the output of the server info for outgoing.verizon.net

bash-2.05b$ msmtp --host=outgoing.verizon.net --serverinfo
SMTP server at outgoing.verizon.net (outgoing.verizon.net [206.46.232.12]), port 25:
   vms044pub.verizon.net -- Server ESMTP (Sun Java System Messaging Server 6.2-6.01 (built Apr  3 2006))
Capabilities:
   SIZE 20971520:
       Maximum message size is 20971520 bytes = 20.00 MB
   PIPELINING:
       Support for command grouping for faster transmission
   ETRN:
       Support for RMQS (Remote Message Queue Starting)
   DSN:
       Support for Delivery Status Notifications
   AUTH:
       Supported authentication methods:
       PLAIN LOGIN
-bash-2.05b$


Again make sure you chmod 0600 ~/.msmtprc and your From Field is setup correctly in Mail.app.  I don't see any other reasons why it don't work.  Hit me up on AIM/MSN/Yahoo if you have more problems.   If you want I can compile a version of msmtp w/out SSL for you as well, but the version you have should work fine.

msmtp --version
msmtp version 1.4.13
TLS/SSL library: OpenSSL
Authentication library: built-in
Supported authentication methods:
plain cram-md5 external login
IDN support: disabled
NLS: disabled
System configuration file name: /usr/local/etc/msmtprc
User configuration file name: /Users/kb7sqi/.msmtprc

Copyright (C) 2007 Martin Lambers and others.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.
-bash-2.05b$
Title: Thanks
Post by: ericj on November 18, 2007, 06:18:25 pm
OK, it works now. Thanks for all your help!

Eric
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on November 18, 2007, 07:49:48 pm
Cool!  8) Glad it works now!  I was starting to get worried.  :wink:   Take care.
Title: GMAIL is possible on NeXT systems!
Post by: kb7sqi on June 17, 2010, 04:14:32 am
I've updated the post w/ up to date info on setting up fetchmail/msmtp for working w/ gmail, in case some see's this thread instead of bkmoore's thread requesting help w/ msmtp.

Steve
Title: GMAIL is possible on NeXT systems!
Post by: GCP on February 01, 2014, 05:14:27 pm
Quote from: "kb7sqi"I've updated the post w/ up to date info on setting up fetchmail/msmtp for working w/ gmail, in case some see's this thread instead of bkmoore's thread requesting help w/ msmtp.

Steve


Hi kb7sqi. Thanks for so thoroughly documenting this! One of my major goals with my new Cube is to be able to access/send email on it. Your posts here mention that we should reference certain documents that you've posted. Where are these posted? Thanks again for your help.
Title: Re: GMAIL is possible on NeXT systems!
Post by: rooprob on April 01, 2017, 09:24:40 am
Nothing like reawakening an old thread, but I have followed this stunnel/fetchmail/procmail/msmtp guide and have also enabled a modern mail experience.

Thumbs up.

Few points:
- modern ciphers DHE-RSA-AES256-SHA are really slow, so it's a locked down AES256-SHA from localhost only (the inside of the stunnel)
- stunnel seems to be leaking filehandles, as after an hour it hits max clients, however there's only one hitting it every 60seconds
- fetchmail attempts opportunistic SSL by default, so you end up with SSL inside stunnel
- my smtp server also requires SSL to do Auth, so you end up doubling SSL again.

Stepping down some of the TLS settings in my remote postfix dhparams, as well as the cipher choice has helped the NeXT machine come down from minutes of high CPU to almost 30% and a few seconds for the TLS handshaking.

I chose stunnel as ssh port redirection keeps dropping and I'm not 100% sure why - it could be local router rather than the ancient NeXT box and this version of SSH, but this version of SSH client doesn't know about client keepalives.

Anywho, the old software found in the Google Drive linked to within these threads, on OPENSTEP 4.2 m68k.

fetchmail-5.9.14.pkg.NIHS.tgz
msmtp-1.4.20.pkg.NIHS.tgz
openssh-3.6.1p2.pkg.NIHS.tgz
openssl-0.9.8za_zlib-1.2.8.pkg.NIHS.tgz
procmail-3.22.pkg.NIHS.tgz
stunnel-4.25.pkg.NIHS.tgz

PS  I've tried and failed on my mission to build some oldish opensource on OPENSTEP. I'm not 100% sure my OPENSTEP deploy mirrors  what people have said wrt to OPENSTEP 4.2 having *removed* POSIX support, and yet my stock compiler has -posix option, and  the includes (/usr/include/bsd/sys/types.h etc) contain ifdefs around _POSIX_SOURCE and _KERNEL etc (esp for figuring out BYTE_ORDER.  I have been trying to build MIT Kerberos to for an even better mail pipeline (solves PLAIN auth) but the only ancient version i got to build (1.3.x) doesn't behave writing any credential caches or kdc data files, so I suspect I have some  POSIX file writing hackery to make. The more modern Krb want shared libraries, and I haven't learned how to best handle that on OS.

My next step will be to target building these exact package versions above, then incrementally improve on them, so I have a working model of what to do. kb7sql was so successful on building without -posix enabled, which I'm keen to emulate, however haven't figured out a single clean build yet - and at 33MHz takes a fair amount of time.

Anyways I've said enough words - just wanted to signal that there are still people doing  crypto over traditional internet protocols on a vintage computer.


Quote from: "kb7sqi"Hi all,
  In my continuing effort to make my systems more usable, I have successfully setup email w/ GMAIL.