#!/bin/blog

January 4, 2010

iPhone IMAP push

Filed under: Internet, Warez — Tags: , , , , — martin @ 10:01 am

Jan-Piet writes about GhettoPush, so I don’t have to. ­čÖé

GhettoPush is a UNIX daemon (written in Perl) that will monitor any IMAP server for new message events and generate a push message. Most of the time, I hear the push message come in on the iPhone before I notice the new message on my workstation. Please give it a try and let me know how you like it.

November 12, 2009

IMAP on the iPhone with SSL client certificates

Filed under: iphone — Tags: , , , — martin @ 11:02 pm

The IMAP server in my office is configured to not simply accept username/password authenticated connections from the internet. As an additional security measure, it requires the client to present a valid SSL client certificate, issued by the internal CA, resulting in mutual SSL authentication.

The Mail client on the iPhone, on the other hand, does not support SSL client certificates. While it is possible to deploy a client certificate using the iPhone configuration utility, this cert will only be presented to web servers, but not to mail servers.

My workaround is to use stunnel, the universal SSL wrapper, on the iPhone. This, of course, requires the iPhone to be jailbroken. I’ll leave the jailbreak and installation of stunnel as an excercise to you. ­čÖé

I’m running stunnel as the “mobile” user, thus all the required files reside in /var/mobile. The files are:

– The stunnel configuration: /var/mobile/stunnel.conf
– The SSL certificate: /var/mobile/cert.pem
– The key matching the SSL certificate: /var/mobile/key.pem

Stunnel is configured as an SSL client. The commented-out lines may be useful for troubleshooting. I have added 10000 to the regular IMAP and SMTP ports so they are beyond the privileged port range that may only be used by root.

cert=/var/mobile/cert.pem
key=/var/mobile/key.pem
pid = /var/mobile/stunnel.pid
sslVersion = TLSv1
# Resolve server hostname at every reconnect,
# not only on startup (for dyndns!):
delay = yes
#foreground = yes
#debug = 7

[imap]
accept=127.0.0.1:10143
connect=example.dyndns.org:993
client=yes

[smtp]
accept=127.0.0.1:10025
connect=example.dyndns.org:465
client=yes

My key is password protected, thus I start stunnel from Mobile Terminal after bootup:

stunnel stunnel.conf

Having a method for starting stunnel automatically with passphrase-less keys would be nice, but has no priority for me. Using a LaunchDaemons entry for this shouldn’t be a problem anyway.

The mail settings on the iPhone are configured to access IMAP and SMTP on localhost, port 10143 and 10025, respectively. SSL encryption is turned off for both.

This setup is surprisingly robust. The current running stunnel daemon has been started 4 days ago and has already survived a few changes of the dynamic IP address of the mail server. I have not had a single hiccup since I figured out that I need the “delay=yes” option in the configuration file to keep up with DynDNS changes. If your mail server isn’t on a dynamic IP address, all the better.

May 6, 2007

IMAP Essentials

Filed under: Internet — Tags: — martin @ 9:41 am

Peer Heinleins Artikel “Wie IMAP wirklich funktioniert” aus dem Linux-Magazin 06/07 ist zwar nicht zu 100% nach meinem Geschmack, aber mit RFC 3501 in der anderen Hand hat’s dann doch geklappt.

Also hier die wichtigsten IMAP-Kommandos f├╝r Troubleshooting & Co.:

1. Verbindung zum IMAP-Server aufbauen.
1a. Unverschl├╝sselt:
telnet imapserver 143
1b. Verschl├╝sselt per SSL (mit Client-Zertifikat):
openssl s_client (-key key.pem -cert cert.pem) -connect imapserver:993
1c. Verschl├╝sselt per STARTTLS (mit Client-Zertifikat):
openssl s_client (-key key.pem -cert cert.pem) -starttls imap -connect imapserver:143

Ab hier mu├č beachtet werden, da├č jedem IMAP-Kommando eine Session-ID vorangestellt werden mu├č. Wir nehmen hier mal ein blankes “x”:

2. Einloggen
x login username password

3. Alle vorhandenen Ordner anzeigen
x list "" "*"

4. In einen Ordner wechseln
x select INBOX

5a. IDs der (un)gelesenen Mails auflisten:
x search seen
x search unseen

5b. IDs aller Mails auflisten:
x search all

6a. (Un)gelesene Mails nach einem bestimmten Text durchsuchen
x search seen text nigeria
x search unseen text nigeria

6b. Alle Mails nach einem bestimmten Text durchsuchen
x search all text nigeria

7. Mailbody einer Mail holen, ohne sie als ‘seen’ zu markieren
x fetch 147 body.peek[]

8. Header einer Mail holen, ohne sie als ‘seen’ zu markieren
x fetch 1612 body.peek[header]

9. Und tsch├╝ss
x logout

Blog at WordPress.com.