惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
S
SegmentFault 最新的问题
D
DataBreaches.Net
博客园_首页
罗磊的独立博客
B
Blog
T
Threat Research - Cisco Blogs
C
Cisco Blogs
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
G
GRAHAM CLULEY
H
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
SecWiki News
SecWiki News
T
Threatpost
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
Google Online Security Blog
Google Online Security Blog
T
Tor Project blog
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Y
Y Combinator Blog
H
Hacker News: Front Page
V
V2EX
Security Latest
Security Latest
Cloudbric
Cloudbric
Simon Willison's Weblog
Simon Willison's Weblog
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
NISL@THU
NISL@THU
S
Secure Thoughts
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
P
Palo Alto Networks Blog
IT之家
IT之家
MyScale Blog
MyScale Blog
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
D
Docker
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog

Morten Linderud

ACME device attestation, smallstep and pkcs11: attezt Personal infrastructure setup 2026 Self-hosting DNS for no fun, but a little profit! Easter hack: terraform-provider-openwrt SSH CA with device and identity attestation: ssh-tpm-ca-authority NixOS is not reproducible Stream to chromecast with resolved, vlc and bash Store ssh keys inside the TPM: ssh-tpm-agent Store age identities inside the TPM: age-plugin-tpm Golang crypto/ecdh and the TPM My FOSS work update coredumpctl, delve and debug packages for Go Monitoring the kernel.org Transparency Log for a year Streaming the Steam Deck to OBS mkinitcpio v31 and UEFI stubs FOSS Activities in April 2021 FOSS Activities in March 2021 Simplifying and securing the boot process FOSS Activities in February 2021 FOSS Activities in January 2021 FOSS Activities in December 2020 Kubernetes in Arch Linux FOSS Activities in November 2020 PAM Bypass: when null(is not)ok FOSS Activities in October 2020 Improving the Secure Boot user experience Packaging LXD for Arch Linux Reproducible Arch Linux Packages The State of Hy Morten Linderud
Mailpile, sendmail and procmail
Morten Linderud · 2014-07-09 · via Morten Linderud

What is Mailpile?

[Mailpile] (https://www.mailpile.is) is mail client with a rather unusual goal in todays world. It wants to be free, open-source, privacy oriented and easy to use with encryption. This all comes with the goal of being self-hosted.

This is a contrast to Protonmail who still keeps all your information on their servers, making people with a slight trust issue look at you in a rather funny way. However, Protonmail and Mailpile is among several email providers in the wake of the NSA scandal to try and give you secure options to gmail, outlook and yahoo. Which is in my opinion, Awesome!

This does not solve the fundamental problem in todays world of emails. People can use PGP to communicate securely, but most doesn’t even know how it works (its hard, remember?). Every email you send will get in the hands of gmail, outlook or yahoo. Which makes NSA happy in the end. But this is all in the right step to solve this problem.

Now, Mailpile is supposed to be used with a local mail server or an existing one. You could host it on a local server only you got access to, with full disk encryption. Or worse, host is on a VPS and let have your private encryption keys. For the latter there are other possible solutions, which I might take in another blog post.

Installation

You will need 3 things:

  1. sendmail
  2. procmail
  3. mailpile

This setup assumes you know how to portforward port 25, which needs to be open to receive mail, along with how to setup a domains DNS records. I will also assume basic knowledge on any Linux distro. Even if the configurations are slightly different, there should be no major issue.

Sendmail will work as the Message Transfer Agent (MTA), it will control outgoing mail and incoming mail. Procmail works as a Mail Delivery Agent (MDA), whose job is to deliver the mail correctly. Mailpile works on top of this stack as a Mail User Agent (MUA).

This setup is meant to work for one user. If you need several users, I recommend looking into postfix as its more flexible and better suited for this task.

You will find sendmails configuration in /etc/mail. The first file to look at as sendmails main config file, sendmail.mc. If it doesn’t exist, create a new one.

The base configuration should look something like this:

This config makes a few assumptions. The confAUTH_OPTIONS tells sendmail that it won’t relay mail unless the user authenticates. There won’t be any plaintext authentication on non-TLS connections. A good idea here is to read up on how to properly generate the correct OpenSSL certs. Remember to adjust the confDOMAIN_NAME to the correct value, assuming you got a domain. Generating the final config should be done with the following command:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

The next file is /etc/mail/local-host-names, it should contain all domains to the server. They should also resolve in your file /etc/hosts

localhost
<domain>
mail.<domain>
localhost.localdomain

/ect/mail/access contains the list of addresses we want to relay mail from. Since we are using mailpile, we assume we will only relay mail from our local IP.

127.0.0.1       RELAY

Generate the config file again as follow: makemap hash /etc/mail/access.db < /etc/mail/access

The last file for sendmail will be /ect/mail/aliases. This file contains the user aliases for our system. So for instance, we only set the required mail handles to root, and set our user to be root. Thus we can receive all the mails to postmaster and abuse without having to care about separate users. Thus the only line you should change would be:

...
root:           <your user>
...

You can at this point add other aliases or other users for better management. Generate the file for sendmail with the command newaliases

Launch the sendmail daemon with your service manager and you should be set! Systemd user can do systemctl start sendmail.

Procmail

Procmail will make sure the mails are put in the correct folder. Lets create .procmailrc in the home directory of the user who will receive mail!

PATH=/bin:/usr/bin
MAILDIR=$HOME/Mail
DEFAULT=$HOME/Mail/inbox
LOGFILE=$HOME/Mail/logfil2
SHELL=/bin/sh

:0:
* ^To:.*domain\.tld
/home/<user>/Mail/

This configuration should be simple enough. We define the variables on the top to tell where the log file should be along with the default mail directories. :0: denotes possible flags, and the last colon tells procmail we will use a lockfile. The next is a regex which will be matched with the mail. If it matches we forward the mail to our users Mail directory. In this case a simple check for any mail sent to our domain should be enough.

This should seamlessly work with sendmail and put any received mail to your inbox.

Mailpile

NOTE: Mailpile is currently in alpha. Anything after this point is subject to changes. I will try my best to keep it up dated.

Start the mailpile console with mp and type the following lines. Remember to change the lines for your needs.

# Basic setup
setup
set profiles.0.email = <user>@<domain>
set profiles.0.name = <Your Name>

# Add mailbox and scan for mails
add /home/<user>/Mail
rescan full


# Sendmail route setup
set routes.default = {}
set routes.default.command = /usr/bin/sendmail -i %(rcpt)s

# Add route to profile
set profiles.0.messageroute = default

Visit http://127.0.0.1:33411 and enjoy Mailpile!

Questions can be sent on [Twitter] (https://twitter.com/MortenLinderud) or mail at fox@velox.pw.

Additional Reading Material

http://weldon.whipple.org/sendmail/starttlstut.html https://wiki.archlinux.org/index.php/GnuPG https://wiki.archlinux.org/index.php/OpenSSL https://wiki.archlinux.org/index.php/OpenDKIM https://en.wikipedia.org/wiki/Sender_Policy_Framework

Sources

https://wiki.archlinux.org/index.php/sendmail https://wiki.archlinux.org/index.php/Procmail

Back to posts