Toolshed: Email Setup

Posted on 2017-03-14 by inj4n
Send us your comments.

I admit, my setup for sending and receiving emails is both cluttered with historic artefacts and considered as complicated by most people I meet. But, it allows me for maximum control and separation of duty between different programs.

Furthermore, I got accustomed to full-text-indicees and tags for sorting and finding my emails.

Toolchain of the Email Process

Receiving Emails

Sending Emails

Mail Sorting and Filtering


I test every email, whether it is sent by some address I listed in my killfile. Inhabitants of my killfile are informed about the rejection by sending an informative rejection email back to them. Yes, this opens me up to redirection attacks, i.e. someone uses me for relaying his spam email to someone on my killlist, but as far as I know this has not happened yet.

* ? formail -x"From" -x"From:" -x"Sender:" -x"X-Envelope-Sender:" |  fgrep -is -f ~/etc/killfile
 # Avoid email loops
* ! ^X-Loop: 168bf01e5b03cf4575d653305187b2c0
  # Discard whitespaces, insert a leading blank
  | expand | sed -e 's/[ ]*$//g' | sed -e 's/^/ /' > return.tmp
  # Prepare and send the rejection
  # Be sure to customize your sendmail path
  | (formail -r -I"Subject: Rejected mail: Recipient refusal" \
    -A"X-Loop: 168bf01e5b03cf4575d653305187b2c0" ; \
    echo "--- begin rejected mail ---" ; \
    cat return.tmp ; \
    echo "--- end rejected mail ---" ; \
    rm -f return.tmp) \
    | sendmail -t -X /tmp/esmtp

The number of people that I refuse to communicate with is below ten.


The second line of defense against spam is spamassassin. Emails that are probable spam get tagged “spam”. Emails that are definitely spam are deleted.

The remainder is forwarded into one of my directories for email and tagged automatically.

| /usr/bin/spamassassin
:0 fw
| /usr/bin/spamc

# multilevel-spam-sorting (got the idea from lexi)
# score >= 12 deadly sure this is spam
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*

# maybe take a look at it before giving it to sa-learn
* ^X-Spam-Level: \*\*\*\*\*
| notmuch insert --create-folder --folder=spam -inbox +spam

Mail Sending

Tunneling out of restrictive networks

Many organisations block their users from directly sending emails. This should protect them from the hazzles by virus-ridden computers that students, workers and guests introduce to their network. Many of those end-user-devices are part of some bot net that is used to distribute spam. If a university, or other organisation, is caught with distributing too much spam, it is put on one of the anti-spam lists which are used by spam filters to block everyone on this list. Getting off of these lists takes some time and a few emails to the owners of these lists. Until then no one from your organisation is able to send emails. Thus you want to avoid this, and the easiest way is to simply block all outgoing emails except those relayed through your local SMTP-Relay.

Whoa! But I am using multiple email relays to separate my different identities, which means I have to be able to connect to these SMTP relays. Plus, I actually can connect via SSH to a server on the internet, which then is able to port-relay me to the SMTP-servers. Other than SMTP (Destination Port 25) outbound SSH (Destination Port 22) commonly is not filtered by corporate firewalls.

Thus I establish the tunnel everytime I send an email and close it when I am done. Using the preconnect and postconnect directive in my esmtp-configuration, I can utilise a simple chain of shell commands. This magically opens up a local-host-only SMTP port on my local host which is forwarded, by SSH-port-forwarding, to the SMTP-relay of my chosen sender-address.

preconnect "ssh -M -S /tmp/ctrl-socket -NxfnL"
postconnect "ssh -M -S /tmp/ctrl-socket -O exit -q"

Update 2017-03-19: added esmtp-wrapper

Update 2017-04-03: added pre- and postconnect-rules to esmtp