mirror of
https://github.com/bobbimanners/emailler.git
synced 2024-11-17 15:07:30 +00:00
414 lines
13 KiB
Markdown
414 lines
13 KiB
Markdown
# Gmail Apple II Email Gateway
|
|
|
|
## Motivation
|
|
|
|
To connect an Apple IIGS to Gmail, allowing messages to be sent and received.
|
|
|
|
I used Ewen Wannop (aka Speccie)'s SAM2 email client, running under GSOS 6.0.4.
|
|
This should also work with GSOS 6.0.1.
|
|
|
|
Speccie's website is [here](https://speccie.uk/software/)
|
|
|
|
In order to communicate on today's Internet Transport Layer Security (TLS)
|
|
is necessary. Retro machines such as the Apple II series lack the processor
|
|
power to perform the necessary encryption, so it is necessary to have a proxy
|
|
system in between the Apple II and Gmail's servers. This proxy machine can
|
|
'speak' in today's encrypted TLS protocols to Gmail, and in plaintext to our
|
|
Apple II. I chose to use a Raspberry Pi 4 (2GB version) running the Raspbian
|
|
Linux operating system version 10.
|
|
|
|
## Prerequisites
|
|
|
|
- An Apple IIgs. Mine is a ROM01.
|
|
- Enough memory I have a 4MB RAM card.
|
|
- Enough disk space. I have a MicroDrive/Turbo with 32MB volumes.
|
|
- A compatible ethernet card. I used an Uthernet II.
|
|
- GSOS 6.0.1 or 6.0.4 installed.
|
|
- Marinetti 3.0 installed. I used 3.0b11.
|
|
- A Raspberry Pi running Raspbian 10
|
|
|
|
I don't cover any of the above in this README. You can find information
|
|
[elsewhere](http://www.apple2.org/marinetti/) on how to set up Marinetti.
|
|
|
|
## Software Used
|
|
|
|
I use three separate packages on the Raspberry Pi, as follows:
|
|
|
|
- *Postfix* This is a full-featured mail tranfer agent. We will use it
|
|
to send mail to the Gmail servers over the SMTPS port with TLS, and to
|
|
act as a plaintext SMTP server for the local network.
|
|
- *Fetchmail* Fetchmail is configured to pull down messages from a Gmail
|
|
inbox and store it on the Raspberry Pi in `/var/mail/` using the IMAP
|
|
protocol with TLS.
|
|
- *Dovecot* Dovecot provides a POP3 server to the local network, serving
|
|
the files in `/var/mail`.
|
|
|
|
## Principle of Operation
|
|
|
|
### Incoming Messages
|
|
|
|
- Message is sent to Gmail username@gmail.com
|
|
- Fetchmail runs as a service on the Pi and monitors Gmail using IMAP
|
|
IDLE. As soon as a message shows up in the INBOX it downloads it
|
|
and places it in `/var/mail/pi` (for username `pi`). Fetchmail leaves
|
|
the email on the Gmail server (this can be changed if desired.)
|
|
- SAM2 mail client on the Apple IIgs is configured to use the IP
|
|
of the Raspberry Pi as its POP3 email server. When it asks for new
|
|
messages, Dovecot will serve the request on port 110. When messages are
|
|
downloaded using POP3, they are deleted from `/var/mail/pi` on the
|
|
Raspberry Pi.
|
|
|
|
### Outgoing Messages
|
|
|
|
- The SAM2 mail client on the Apple IIgs is configured to use the IP of the
|
|
Raspberry Pi as its SMTP server. Outgoing emails are sent to port 25
|
|
on the Raspberry Pi.
|
|
- Postfix handles the plaintext SMTP dialog with SAM2 mail and relays the
|
|
message to Gmail's servers using SMTPS with TLS.
|
|
|
|
## Installing the Packages on Rasbian
|
|
|
|
Install the packages with root privs on the Pi:
|
|
```
|
|
sudo apt update
|
|
sudo apt upgrade
|
|
sudo apt install postfix postfix-pcre
|
|
sudo apt install dovecot-common dovecot-pop3d
|
|
sudo apt install fetchmail
|
|
```
|
|
|
|
## Obtaining App Passwords from Google
|
|
|
|
Google provides a mechanism to allow non-Google apps to connect to Gmail
|
|
called *App Passwords*.
|
|
|
|
Google's help page is [here](https://support.google.com/accounts/answer/185833?hl=en)
|
|
|
|
In order to use the App Passwords method of authentication 2-Step Verification
|
|
must be turned on for the account. This is the general approach:
|
|
|
|
- In a web browser log in to the Gmail account and go to
|
|
[Google Account](https://myaccount.google.com/).
|
|
- In the panel on the left, choose *Security*.
|
|
- Enable *2-Step Verification* for the account.
|
|
- The option *App Passwords* will now appear. Select this option.
|
|
- At the bottom, choose *Select app* and enter a descriptive name for
|
|
the app.
|
|
- Choose *Select Device* and choose the device.
|
|
- Click *Generate*.
|
|
- A 16 character App Password will be shown on the screen. Write this value
|
|
down because you will need it later in the configuration.
|
|
|
|
I generated two separate App Passwords - one for SMTPS and one for IMAPS.
|
|
|
|
## Configuring the Packages
|
|
|
|
### Postfix
|
|
|
|
The Postfix MTA configuration files are in `/etc/postfix`. Of the three
|
|
packages, Postfix is the most complex to configure and has many available
|
|
options.
|
|
|
|
[This](https://www.linode.com/docs/email/postfix/postfix-smtp-debian7/)
|
|
page was helpful for configuring Postfix.
|
|
|
|
Be aware that this configuration amounts to an open relay from unsecured
|
|
SMTP to SMTPS, and must never be place on the public internet, or it will be
|
|
abused by spammers! Keep it on your private LAN segment only!
|
|
|
|
We will modify a number of configuration files:
|
|
|
|
- `/etc/postfix/command_filter`
|
|
- `/etc/postfix/main.cf`
|
|
- `/etc/postfix/master.cf`
|
|
- `/etc/postfix/sasl/sasl_passwd`
|
|
- `/etc/postfix/sasl/sasl_passwd.db`
|
|
|
|
Once Dovecot has been configured, the service may be controlled as follows:
|
|
- `systemctl start postfix` - start service.
|
|
- `systemctl stop postfix` - stop service.
|
|
- `systemctl status postfix` - status of service.
|
|
|
|
#### `command_filter`
|
|
|
|
For some reason, SAM2 sends a bunch of mail headers *after* the email message
|
|
has been tranmitted to Postfix's SMTP server. Postfix gets very unhappy about
|
|
this. The solution is to filter them out using Postfix's
|
|
`smtpd_command_filter` function.
|
|
|
|
The `command_filter` files contains the regular expressions to filter out these
|
|
unwanted headers:
|
|
```
|
|
/^Message-ID:.*$/ NOOP
|
|
/^MIME-version:.*$/ NOOP
|
|
/^Content-Type:.*$/ NOOP
|
|
/^Content-transfer-encoding:.*$/ NOOP
|
|
/^From:.*$/ NOOP
|
|
/^To:.*$/ NOOP
|
|
/^In-Reply-To:.*$/ NOOP
|
|
/^Subject:.*$/ NOOP
|
|
/^Date:.*$/ NOOP
|
|
/^X-Mailer:.*$/ NOOP
|
|
```
|
|
|
|
#### `main.cf`
|
|
|
|
This is the main Postfix configuration file.
|
|
|
|
I adjusted `smtpd_use_tls = no` to turn off TLS for the SMTP service offered to
|
|
the Apple II and added `smtpd_command_filter =
|
|
pcre:/etc/postfix/command_filter` to activate the filter discussed above.
|
|
|
|
`relayhost = [smtp.gmail.com]:587` will forward email to Gmail's SMTPS server.
|
|
|
|
I adjusted `smtpd_relay_restrictions = permit_mynetworks
|
|
permit_sasl_authenticated defer_unauth_destination` to allow network hosts
|
|
listed in `mynetworks` to relay messages to the `relayhost`.
|
|
|
|
My home network is 192.168.10.0/24, so I added it here:
|
|
`mynetworks = 192.168.10.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128`.
|
|
You should adjust this line to match your own LAN subnet.
|
|
|
|
Finally I added the following block of settings to enabled SASL authentication
|
|
when talking to Gmail:
|
|
|
|
```
|
|
# Enable SASL authentication
|
|
smtp_sasl_auth_enable = yes
|
|
# Disallow methods that allow anonymous authentication
|
|
smtp_sasl_security_options = noanonymous
|
|
# Location of sasl_passwd
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
|
|
# Enable STARTTLS encryption
|
|
smtp_tls_security_level = encrypt
|
|
# Location of CA certificates
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
```
|
|
|
|
The whole thing looks like this:
|
|
|
|
|
|
```
|
|
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
|
# fresh installs.
|
|
compatibility_level = 2
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
smtpd_use_tls=no
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
relayhost = [smtp.gmail.com]:587
|
|
smtpd_command_filter = pcre:/etc/postfix/command_filter
|
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
|
#smtpd_recipient_restrictions = permit_mynetworks
|
|
myhostname = raspberrypi.home
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|
|
mydestination = $myhostname, raspberrypi, localhost.localdomain, , localhost
|
|
mynetworks = 192.168.10.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
mailbox_size_limit = 0
|
|
recipient_delimiter = +
|
|
inet_interfaces = all
|
|
inet_protocols = all
|
|
|
|
# Enable SASL authentication
|
|
smtp_sasl_auth_enable = yes
|
|
# Disallow methods that allow anonymous authentication
|
|
smtp_sasl_security_options = noanonymous
|
|
# Location of sasl_passwd
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
|
|
# Enable STARTTLS encryption
|
|
smtp_tls_security_level = encrypt
|
|
# Location of CA certificates
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
```
|
|
|
|
#### `master.cf`
|
|
|
|
`master.cf` does not need to be modified other than to enable `smtpd` by
|
|
uncommenting the following line:
|
|
|
|
```
|
|
# ==========================================================================
|
|
# service type private unpriv chroot wakeup maxproc command + args
|
|
# (yes) (yes) (no) (never) (100)
|
|
# ==========================================================================
|
|
smtp inet n - y - - smtpd
|
|
|
|
```
|
|
|
|
If you require verbose debugging information to get the SMTP connection
|
|
working, change the line as follows:
|
|
|
|
```
|
|
smtp inet n - y - - smtpd y
|
|
```
|
|
|
|
#### `sasl/sasl_passwd` and `sasl/sasl_passwd.db`
|
|
|
|
Create the directory `/etc/postfix/sasl`.
|
|
|
|
Create the file `/etc/postfix/sasl_passwd` as follows:
|
|
|
|
```
|
|
[smtp.gmail.com]:587 username@gmail.com:xxxx xxxx xxxx xxxx
|
|
```
|
|
|
|
where `username` is your Gmail account name and `xxxx xxxx xxxx xxxx` is the
|
|
App Password Google gave you.
|
|
|
|
Run: `sudo postmap /etc/postfix/sasl_passwd` to build the hash file
|
|
`sasl_passwd.db`.
|
|
|
|
|
|
|
|
### Dovecot
|
|
|
|
The Dovecot POP3 server configuration files are in `/etc/dovecot`. I had
|
|
to edit the following two files (starting from the default Raspbian package):
|
|
|
|
- `/etc/dovecot/conf.d/10-auth.conf`
|
|
- `/etc/dovecot/conf.d/10-master.conf`
|
|
|
|
Once Dovecot has been configured, the service may be controlled as follows:
|
|
- `systemctl start dovecot` - start service.
|
|
- `systemctl stop dovecot` - stop service.
|
|
- `systemctl status dovecot` - status of service.
|
|
|
|
#### `10-auth.conf`
|
|
|
|
The only non-comment lines are as follows:
|
|
```
|
|
disable_plaintext_auth = no
|
|
auth_mechanisms = plain
|
|
!include auth-system.conf.ext
|
|
```
|
|
|
|
#### `10-master.conf`
|
|
|
|
I enabled the POP3 service on port 110 by uncommenting the `port = 110`
|
|
line as follows:
|
|
|
|
```
|
|
service pop3-login {
|
|
inet_listener pop3 {
|
|
port = 110
|
|
}
|
|
inet_listener pop3s {
|
|
#port = 995
|
|
#ssl = yes
|
|
}
|
|
}
|
|
```
|
|
### Fetchmail
|
|
|
|
Fetchmail's configuration is in the file `/etc/fetchmail`. It should look
|
|
like this:
|
|
|
|
```
|
|
set postmaster "pi"
|
|
set bouncemail
|
|
set no spambounce
|
|
set softbounce
|
|
set properties ""
|
|
poll imap.gmail.com with proto IMAP auth password
|
|
user 'username' is pi here
|
|
password 'xxxx xxxx xxxx xxxx'
|
|
ssl, sslcertck, idle
|
|
|
|
```
|
|
|
|
Replace the `xxxx xxxx xxxx xxxx` with the App Password Google gave you.
|
|
Replace `username` with your email account name.
|
|
|
|
Make sure the permissions on the configuration file are okay:
|
|
|
|
```
|
|
chmod 600 /etc/fetchmailrc
|
|
chown fetchmail.root /etc/fetchmailrc
|
|
```
|
|
|
|
Edit `/etc/default/fetchmail` to enable the Fetchmail service:
|
|
|
|
```
|
|
START_DAEMON=yes
|
|
```
|
|
|
|
Service controls:
|
|
- `systemctl start fetchmail` - start service.
|
|
- `systemctl stop fetchmail` - stop service.
|
|
- `systemctl status fetchmail` - status of service.
|
|
|
|
|
|
## Testing
|
|
|
|
Log messages from all these packages are written to `/var/log/mail.log`.
|
|
|
|
You can test the Postfix SMTP server using `telnet`. Be aware that it may
|
|
not work the same way from the Pi (ie: localhost) than from a different
|
|
machine on your LAN, so it is better to connect from another host.
|
|
|
|
Connect to SMTP like this `telnet raspberrypi 25`. Typing the following
|
|
commands should send an email:
|
|
|
|
```
|
|
HELO myhost.mydomain.com
|
|
MAIL FROM:<myaccount@mydomain.com>
|
|
RCPT TO:<someotheraccount@somedomain.com>
|
|
DATA
|
|
Subject: Test message
|
|
This is just
|
|
a simple test.
|
|
.
|
|
```
|
|
|
|
The final period on its own serves to terminate the message and signal to
|
|
Postfix that it should process the DATA block and enqueue the message.
|
|
|
|
## Configuring SAM2 Email Client on the GS
|
|
|
|
Configuring the client is simple:
|
|
|
|
- Incoming mail via POP3
|
|
- Hostname: hostname or IP address of your Raspberry Pi
|
|
- Port: Default (110)
|
|
- Username and password: Your Raspberry Pi account credentials
|
|
- Outgoing mail via SMTP
|
|
- Hostname: hostname or IP address of your Raspberry Pi
|
|
- Port: Default (25)
|
|
- Username and password: Your Raspberry Pi account credentials
|
|
|
|
|
|
Bobbi
|
|
Jun 17, 2020
|
|
*bobbi.8bit@gmail.com*
|
|
|
|
|