#!/bin/blog

January 4, 2010

iPhone IMAP push

Filed under: Internet, Warez — Tags: , , , , — martin @ 10:01 am

Jan-Piet writes about GhettoPush, so I don’t have to. ­čÖé

GhettoPush is a UNIX daemon (written in Perl) that will monitor any IMAP server for new message events and generate a push message. Most of the time, I hear the push message come in on the iPhone before I notice the new message on my workstation. Please give it a try and let me know how you like it.

November 12, 2009

IMAP on the iPhone with SSL client certificates

Filed under: iphone — Tags: , , , — martin @ 11:02 pm

The IMAP server in my office is configured to not simply accept username/password authenticated connections from the internet. As an additional security measure, it requires the client to present a valid SSL client certificate, issued by the internal CA, resulting in mutual SSL authentication.

The Mail client on the iPhone, on the other hand, does not support SSL client certificates. While it is possible to deploy a client certificate using the iPhone configuration utility, this cert will only be presented to web servers, but not to mail servers.

My workaround is to use stunnel, the universal SSL wrapper, on the iPhone. This, of course, requires the iPhone to be jailbroken. I’ll leave the jailbreak and installation of stunnel as an excercise to you. ­čÖé

I’m running stunnel as the “mobile” user, thus all the required files reside in /var/mobile. The files are:

– The stunnel configuration: /var/mobile/stunnel.conf
– The SSL certificate: /var/mobile/cert.pem
– The key matching the SSL certificate: /var/mobile/key.pem

Stunnel is configured as an SSL client. The commented-out lines may be useful for troubleshooting. I have added 10000 to the regular IMAP and SMTP ports so they are beyond the privileged port range that may only be used by root.

cert=/var/mobile/cert.pem
key=/var/mobile/key.pem
pid = /var/mobile/stunnel.pid
sslVersion = TLSv1
# Resolve server hostname at every reconnect,
# not only on startup (for dyndns!):
delay = yes
#foreground = yes
#debug = 7

[imap]
accept=127.0.0.1:10143
connect=example.dyndns.org:993
client=yes

[smtp]
accept=127.0.0.1:10025
connect=example.dyndns.org:465
client=yes

My key is password protected, thus I start stunnel from Mobile Terminal after bootup:

stunnel stunnel.conf

Having a method for starting stunnel automatically with passphrase-less keys would be nice, but has no priority for me. Using a LaunchDaemons entry for this shouldn’t be a problem anyway.

The mail settings on the iPhone are configured to access IMAP and SMTP on localhost, port 10143 and 10025, respectively. SSL encryption is turned off for both.

This setup is surprisingly robust. The current running stunnel daemon has been started 4 days ago and has already survived a few changes of the dynamic IP address of the mail server. I have not had a single hiccup since I figured out that I need the “delay=yes” option in the configuration file to keep up with DynDNS changes. If your mail server isn’t on a dynamic IP address, all the better.

September 15, 2008

Apple-foo

Filed under: Hardware — Tags: , — martin @ 6:09 am

Der Oliver da dr├╝ben kotzt sich mit seinen feige abgeschalteten Kommentaren ja wirklich im Tagesrhythmus ├╝ber die Dinge aus, die ihm an Apple nicht passen wollen.

So richtig “nett” war Apple mit seinem iTunes noch nie. Aber seit dem iPhone ist die Stimmung irgendwie komplett versaut. Die anf├Ąngliche iPhone-Euphorie ist zumindest bei halbwegs informierten Anwendern in Ern├╝chterung umgeschlagen dar├╝ber, da├č Apple die Plattform und die daf├╝r verf├╝gbaren Applikationen derart strikt kontrolliert. Experimentierfreudige Anwender werden praktisch gezwungen, lizenzbr├╝chig zu werden. Das geht so weit, da├č es mich nicht wundern w├╝rde, wenn eines Tages sogar mal ein Gericht f├╝r den Anwender urteilen und ihm zugestehen w├╝rde, das iPhone unter Beibehaltung der Garantie “knacken” zu d├╝rfen, damit es in angemessener Weise benutzbar ist.

Auf das iPhone angesprochen, habe ich neulich sogar mal die folgende Empfehlung abgegeben:

Wenn Du eine offene Plattform willst, nimm Windows Mobile.

Leider lassen die ersten brauchbaren Linux-Mobiltelefone (ich denke hier speziell an OpenMoko) noch immer auf sich warten. Von Massentauglichkeit mal ganz zu schweigen. Apple h├Ątte hier mit einer offenen Plattform f├╝r die n├Ąchsten Jahre ganz gro├č in die Bresche springen k├Ânnen, aber hat sich ausdr├╝cklich dagegen entschieden. Was f├╝r ein Trauerspiel.

April 4, 2008

6 Monate als Techno-Snob

Filed under: Hardware — Tags: , — martin @ 5:44 am

Das iPhone kommt bald f├╝r 99 Euro (Spon) in die L├Ąden. Und, liebe Leute, wie war die kurze, wilde Zeit an der Speerspitze der technischen Revolution? Woher kommt der n├Ąchste Kick? ­čÖé

Blog at WordPress.com.