sshlitzMail!: Creating and Using a Secure, Encrypted Tunnel to Access the Dartmouth BlitzMail System

by Marion Bates <mbates at whoopis.com>
with much help from William Stearns <wstearns at pobox.com>
Latest revision: September 23, 2002


Requirements:
• Mac OS X version 10.1 or higher (this should also work fine with OS X Server, but I have not tested it)
• A user account on an SSH-capable server, preferably as close to the BlitzMail servers as possible (to maximize the distance of the encrypted session, versus the brief portion of cleartext travel. Example: nimbus.dartmouth.edu, the general-purpose Unix server for the Dartmouth community)
• Mac OS X version of BlitzMail (official release is 2.6b7 as of this writing) OR BlitzMail 2.5.3 running in the Classic environment
• Administrator privileges on OS X

Introduction:

Dartmouth’s BlitzMail system provides a simple, easy-to-use, yet powerful interface for electronic mail. Its simplicity and uniqueness also add to its security; BlitzMail is immune to all the Outlook email viruses, since it does not arbitrarily download or execute code of any sort. It also does not have HTML mail capability, which thwarts a great deal of spam email containing JavaScripts and other “spyware” elements. Macintosh BlitzMail versions since 2.0.5 will even detect a keystroke logger running on the user’s machine, and will not only alert the user to this fact, but will also scramble the keystrokes as they are written to the keystroke logger’s result file, so the malicious user cannot see what was typed.

BlitzMail has only one major security flaw: Like standard POP/POP3 mail, the BlitzMail session (except for the password) is sent cleartext across the network. If a malicious user ran a sniffer near a BlitzMail user’s computer, he/she would be able to read the content of that user’s email as the user downloaded or sent his messages. Fortunately, users’ passwords ARE encoded with a challenge-response mechanism before they are sent across the network, so a malicious user would have to decode that string in order to determine the user’s password. In this regard, BlitzMail is still inherently more secure than normal POP mail. However, message content is still vulnerable.

This paper outlines a method for encrypting the entire BlitzMail session for most of its journey across the network. In theory, this could be extended to cover the entire trip, but this would require running the SSH daemon on the BlitzMail servers themselves (or placing the BlitzMail servers behind a dedicated, transparent SSH gateway server). But the methods used here would protect the session from prying eyes on the user’s local network (dormitory, home LAN, etc.) without any additional configuration on the server end.

Preparation:

Make sure you can ssh successfully to nimbus or equivalent, using ssh from OS X’s command line interface. Install BlitzMail for OS X or Classic and make sure it works normally. In the Terminal in OS X, make sure you can login as, or su (switch user) to, the all-powerful root account, or (preferably) use sudo. One test for root access is to open a Terminal session and type “sudo less /etc/hosts” and, when it asks, type in your normal user password. If it works (you are able to view the hosts file), then you are all set. If not, you will need to log in as Administrator first, or get yourself added to the sudoers list by another Administrator.

Find out which of the reindeer-named servers has your BlitzMail account. You can do this by opening any message in your inbox and selecting “verbose header” from the message window’s Options menu. At the beginning of the headers section (above the message itself) you will see something like the following:


X-Disclaimer: This message was received from outside Dartmouth's BlitzMail system.
Return-path: someone@somedomain.net
Received: by dasher.Dartmouth.EDU (Mac) via SMTP from mailhub [129.170.16.6] for Marion_Bates@dasher.Dartmouth.EDU id <57362643> 26 Feb 2002 13:19:58 EST

The “Received: by” line is the one we care about. From this we can see that my server is dasher.Dartmouth.EDU; yours may be dancer or prancer or another reindeer. Remember this, you’ll need it later.

NOTE: In the following examples, we assume that the IP address of my Macintosh is 192.168.1.2 and that my BlitzMail account is on dasher. You will need to substitute your IP and BlitzMail server name where appropriate.

Step 1:

Edit the /etc/hosts file. Skip to the bottom and add lines such that it looks like the following:

127.0.0.1 localhost
255.255.255.255 broadcasthost
192.168.1.2 dasher.dartmouth.edu dasher.dartmouth.edu. dasher dasher.Dartmouth.EDU dasher.Dartmouth.EDU.
192.168.1.2 dnd.dartmouth.edu dnd.dartmouth.edu. dnd dnd.Dartmouth.EDU dnd.Dartmouth.EDU.

Note that all the dasher.blahblah entries are space-separated and continue on the same line (no carriage returns). Since this is hard to follow, here are the individual entries, separated:


dasher.dartmouth.edu
dasher.dartmouth.edu.
dasher
dasher.Dartmouth.EDU
dasher.Dartmouth.EDU.

dnd.dartmouth.edu
dnd.dartmouth.edu.
dnd
dnd.Dartmouth.EDU
dnd.Dartmouth.EDU.


Note that there are entries with and without a trailing period, and note the capitalization differences -- in my testing, this mattered for name resolution purposes. Also, make sure there is a new linefeed at the end of the last line in the file.

Step 2:

In /etc, create a new directory called lookupd, if it does not already exist (cd /etc ; mkdir lookupd) and change directory into it (cd lookupd). Create a new file called hosts (I used vi, but any editor that does not mangle linebreaks should be fine; vi hosts, hit i for insert mode) and add the following line, exactly as it appears here (copy and paste if possible):

LookupOrder CacheAgent FFAgent NIAgent DNSAgent YPAgent NILAgent

Basically, this line tells lookupd (the all-purpose MacOS X host lookup daemon) to first consult its memory cache, then try the flatfile (FF) agent, then NetInfo agent, then DNS, then YP and NIL, in that order. This is important, because by default, lookupd’s lookup order does not try the flatfile agent (i.e., the /etc/hosts file) until after DNS, which would mean that BlitzMail would ignore the changes you just made in /etc/hosts and instead, it would dutifully ask your local nameservers to supply the (real) IP address for dasher.dartmouth.edu. This would thwart the use of the SSH tunnel we are about to create. Moving the FFAgent option up closer to the beginning will make lookupd check the /etc/hosts file before doing a DNS lookup. We do not put FFAgent in the very first spot for performance reasons (letting lookupd use its cache is faster than making it pick through the hosts file every time, and most of the time, the cache will already have the correct host information from earlier lookups).

Next, you need to restart lookupd. Run ps ax and find the “lookupd” process; note its process ID (PID), which is the number in the first column. For this example, assume its PID is 203. Type (as root):

kill -HUP 203 (and hit return)

This will kill and restart lookupd. Do another ps ax and make sure it shows up in the process list (if it did not, type /usr/sbin/lookupd and hit return).

Now test this configuration by typing:

ping dasher

The results should be like the following (hit ctrl-c to stop pinging):

PING dasher.dartmouth.edu (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=0.215 ms

The boldface number should be YOUR Mac’s IP address, NOT the actual IP of dasher.dartmouth.edu (which, fyi, is 129.170.208.6 at the time of this writing). Ping the other aliases as well (dasher.dartmouth.edu, dasher.Dartmouth.EDU, etc.) and do the same for dnd and all its naming permutations. You should only see replies coming from your own IP.

The effect of all this is that you are fooling OS X into thinking that your machine is both the BlitzMail DND server and the BlitzMail server hosting your account (e.g. dasher). This will break BlitzMail for now, until we get the SSH tunnel up and running.

You only have to do Step 2 one time.

Step 3:

Now for the SSH tunnel. For this example we will assume that your BlitzMail account is on dasher, that your Mac’s IP address is 192.168.1.2, and that you have a user account on nimbus.dartmouth.edu with username jsmith. Open a Terminal on your machine and type the following (as root), all on one line, and hit return:

ssh -g -L 2151:dasher.dartmouth.edu:2151 -L 902:dnd.dartmouth.edu:902 jsmith@nimbus.dartmouth.edu

Or use sudo:

sudo ssh -g -L 2151:dasher.dartmouth.edu:2151 -L 902:dnd.dartmouth.edu:902 jsmith@nimbus.dartmouth.edu

In the second case, it will ask for your local password, and then you will see the normal SSH authentication process. If this is the first time you are connecting to nimbus from your Mac, you will be asked if you want to accept the new host key (type yes) and then you will be asked to enter your password (or passphrase, if you use public-key authentication -- SSH newbies need not worry ;) and then your tunnel should be connected. Do NOT exit or close the Terminal window or you will have to re-create the tunnel! Double-click the title bar to hide that window on the Dock if you want it out of your way.

You have now created a two-way SSH tunnel between your Mac and nimbus. Launch BlitzMail (quit and re-launch it if it was already open) and try logging on. If it works, then great. But if the lookupd reconfiguration did not work, it is difficult to tell whether or not you are just connecting normally (i.e., bypassing the tunnel). To find out, run the following command:


netstat -an

And look for these lines (comments are in parentheses):

tcp 0 0 *.902 *.* LISTEN

(this is the local “mouth” of our tunnel for DND queries)

tcp 0 0 *.2151 *.* LISTEN

(and this is the tunnel mouth for actual message transfers)

tcp 0 0 dasher.dartmouth.49158 nimbus.dartmouth.e.ssh ESTABLISHED

(and THIS shows an established (working) connection between dasher (which is your Mac, remember!) and nimbus (the other end of the tunnel). Yay! Some letters are not displayed because of the column width, but don’t worry about that.

The absolute for-sure way to tell that nothing is bypassing the tunnel is to run a sniffer from another machine on the same network (i.e., on the same same hub as your Mac, because sniffing will not work through a switch) and watch the data transfer back and forth from your Mac when you sign on and check email. If you have that capability (in my case, a laptop on the same hub as my Mac, running Linux with tcpdump installed), then log in to that machine and type:


sudo tcpdump -i eth0 -a -s 1500 ‘host 192.168.1.2’

If that only gives you packet headers, you may have a different version of tcpdump installed. Try:

sudo tcpdump -i eth0 -X -s 1500 ‘host 192.168.1.2’


This means: Run tcpdump on ethernet 0 (name of the ethernet interface, if you have more than one network card then you may need to specify eth1 -- run ifconfig -a to see your interfaces), print the output in ascii format (second example asks for both ascii and hex), grab 1500 bytes at a time (otherwise we would only see part of each packet), and match on any data going to or from your Mac’s IP address. Hit ctrl-c to stop the tcpdump process when you have seen enough traffic.

You can also run tcpdump on your Mac itself (though I always feel more confident if I run it from another machine, thus realistically taking on the role of the evil email snooper). In that case, use example 2, but change “eth0” to “en0”.

Here is some sample output from tcpdump, sniffing my encrypted BlitzMail session:

13:02:25.994729 P mymacintosh.dartmouth.edu.49156 > nimbus.dartmouth.edu.ssh: P 3819078120:3819078232(112) ack 3272090189 win 33304 <nop,nop,timestamp 4864 467784960> (DF) [tos 0x10]

E^P ^@.. ^E - @^@ @^F (^Y .... .. j
.... ^P ? ..^D ^@^V .... .... ..^H " M
..^X ..^X b s ^@^@ ^A^A ^H^J ^@^@ ^S^@
^[.. ..^@ .... .... ^X.. .. S .. s J !
.. ` 6.. ..^A .... k.. .. z S k .. _
w P \ B .. o E.. .... ..^X .... ^E^M
..^^ .... #.. ^G.. i > ^^.. | * L A
_^O ^] $ K.. .... ,.. .... .. s .. f
> _ ..^ø .... D.. ..^E .. m i W ....
..^P .... n.. ^.. .. \ .. _ { c S..
^X.. .. A

13:02:26.019560 P nimbus.dartmouth.edu.ssh > mymacintosh.dartmouth.edu.49156: P 1:49(48) ack 112 win 10744 <nop,nop,timestamp 467813760 4864> (DF) [tos 0x10]

E^P ^@ d .. w @^@ <^F c^N .... ^P ?
.... .. j ^@^V ..^D ..^H " M .... .. X
..^X ).. F s ^@^@ ^A^A ^H^J ^[.. E..
^@^@ ^S^@ .. y > p ".. y } .... ,..
f w F^U ^W.. | t [ " .... ..^M ....
T.. u.. ^V ( .. < .... ^@.. y U ^G..
"^@ ....


Notice that the packet content (the middle “paragraphs”) is all meaningless gobbledygook to the human eye. Compare that to the following, which is tcpdump’s output from a normal (unencrypted) BlitzMail session:

13:03:12.530994 P kringle.dartmouth.edu.902 > mymacintosh.dartmouth.edu.49169: P 1:23(22) ack 1 win 24820 (DF)
E^@ ^@ > .. < @^@ <^F .... .... ..^I
.... .. j ^C.. ..^Q .... +^V x } ^D `
P^X `.. _ w ^@^@ 2 2 0 D N D
s e r v e r h e r e . ^M^J

13:03:12.532318 P mymacintosh.dartmouth.edu.49169 > kringle.dartmouth.edu.902: P 1:47(46) ack 23 win 32768 (DF)
E^@ ^@ V ..^I @^@ ..^F .... .... .. j
.... ..^I ..^Q ^C.. x } ^D ` .... + ,
P^X ..^@ ^K.. ^@^@ L O O K U P w
o z , N A M E E M A I L U I
D B L I T Z S E R V B U L L
S E R V ^M^J

13:03:12.551547 P kringle.dartmouth.edu.902 > mymacintosh.dartmouth.edu.49169: . 23:23(0) ack 47 win 24820 (DF)
E^@ ^@ ( .. = @^@ <^F .... .... ..^I
.... .. j ^C.. ..^Q .... + , x } ^D..
P^P `.. .. s ^@^@ ^C 1 0 6 ^C 2

13:03:12.563646 P kringle.dartmouth.edu.902 > mymacintosh.dartmouth.edu.49169: P 23:175(152) ack 47 win 24820 (DF)
E^@ ^@.. .. > @^@ <^F .. 0 .... ..^I
.... .. j ^C.. ..^Q .... + , x } ^D..
P^X `.. .... ^@^@ 1 0 1 1 5^M
^J 1 1 0 M a r i o n B a t e
s^M ^J 1 1 0 M a r i o n . B a
t e s @ D a r t m o u t h . E D
U^M ^J 1 1 0 6 0 5 9 1 ^M^J 1 1
0 d a s h e r . D a r t m o u
t h . E D U @ B l i t z S e r v
^M^J 1 1 0 n e w s h o s t . d
a r t m o u t h . e d u @ i n t
e r n e t^M ^J 2 0 0 O k . ^M^J

Notice that we can see the English words used in the session communication, such as my username and the names of the news and email servers. Also, in the header info, we can see that the communication is taking place between my Mac and kringle.dartmouth.edu (kringle is the canonical name of the server known as dnd.dartmouth.edu), so if I were trying to use my SSH tunnel, this information alone would tell me that it was being bypassed.

If you can see your username or the content of your messages or folder names (not counting the Bulletin stuff, since that is still going cleartext), then something is wrong and BlitzMail is not using the tunnel (try rebooting and setting up the tunnel again, there may be some remnant of old DNS information in the memory cache). But if all you see is “garbage” then you have succeeded -- you are seeing the SSH-encrypted session. Welcome to SSHlitzMail. :)

Keep in mind, you will need to start up the tunnel every time before you use BlitzMail. If you forget and BlitzMail fails to work, remember to quit BlitzMail before you start the tunnel, or it may remain confused about where the DND server is.

If you do not want to type the long SSH line over and over, do the following:

cd ~

echo ‘sudo ssh -g -L 2151:dasher.dartmouth.edu:2151 -L 902:dnd.dartmouth.edu:902 jsmith@nimbus.dartmouth.edu’ > start-tunnel


chmod 755 start-tunnel

The echo command should be typed all on one line, then hit return. The chmod command will make the file executable. You will now have a file called “start-tunnel” which you can later run by typing:


./start-tunnel

Summary:

You launch BlitzMail and log in, requiring authentication from the DND. BlitzMail consults the /etc/hosts file and sees that the IP for dnd.dartmouth.edu is <your-mac’s-ip> so it routes the request accordingly. Your SSH tunnel, listening on the DND port (902), will catch the login request and forward it, encrypted, to nimbus. Nimbus will un-encrypt the data and connect to dnd.dartmouth.edu normally (this part is still clear-text, which is why it is ideal for the other end of your tunnel to be as close to the BlitzMail servers as possible). It will take DND’s replies, encrypt them, and send them back to your Mac via the tunnel. The same process is followed for your actual messages, folders, etc. except that those use the other “lane” of our tunnel, port 2151, and the connection is made to dasher (or whichever reindeer server is hosting your account).

Further Info and Caveats:


This setup only works for one BlitzMail server (in this example, dasher). So, if your roommate tries to sign on with your BlitzMail client, but his account is on, say, dancer, then this will fail for him because it only tunnels dasher queries. You cannot make more tunnels for the other servers unless you use other gateway machines (i.e., other machines besides nimbus) because the BlitzMail account servers all listen on the same port, and you can only forward sessions for one host per port per SSH server. Also, if your BlitzMail account is moved to another server (which happens rarely, but does happen, without warning) then you will need to replace all the instances of dasher with the new server name, donner or prancer or whichever.

If you want to tunnel BlitzMail Bulletins as well, you will need to add an alias for newshost.dartmouth.edu (and newshost.Dartmouth.EDU, news, etc.) to /etc/hosts, and add to your SSH tunnel-creation line accordingly. This is the list of ports used by BlitzMail (from the Dartmouth FAQ):

DND: 902 (TCP)
Mail server: 2151 (TCP)
Bulletins: 1119 (TCP)
Bulletin posting: 119 (TCP)
Notify: 2154 (UDP)

So the command to make a tunnel for email and Bulletins would be (all on one line):

ssh -g -L 2151:dasher.dartmouth.edu:2151 -L 902:dnd.dartmouth.edu:902 -L 1119:newshost.dartmouth.edu:1119 -L 119:newshost.dartmouth.edu:119 jsmith@nimbus.dartmouth.edu

NOTE: You cannot tunnel Notify at all, because it uses UDP instead of TCP. If you do not want your Notify info sent over the network clear-text, then you must disable your copy of Notify so it does not query the servers for new messages.

If you want to go back to normal (unencrypted) operations: Quit BlitzMail, comment out all the lines you added in the /etc/hosts file, close your SSH tunnel, and relaunch BlitzMail. It should work as before. If not, try restarting lookupd (to clear the lookup cache).

ADDENDUM September 23, 2002

It appears that something changed about networking in the Classic environment, because recent testing shows that this works with Classic BlitzMail as well. First, you will need to create a Hosts file for the Classic system. Open a standard text editor (e.g. BBEdit or SimpleText) and enter the following (remember that your server may be something other than Dasher):

dasher.dartmouth.edu. CNAME dasher.dartmouth.edu
dasher.Dartmouth.EDU CNAME dasher.dartmouth.edu
dasher.Dartmouth.EDU. CNAME dasher.dartmouth.edu
dasher.dartmouth.edu A 192.168.1.2

dnd.dartmouth.edu. CNAME dnd.dartmouth.edu
dnd.Dartmouth.EDU CNAME dnd.dartmouth.edu
dnd.Dartmouth.EDU. CNAME dnd.dartmouth.edu
dnd.dartmouth.edu A 192.168.1.2


Note: Copying and pasting from this document may work, but if you get errors (see below), then make sure that you have one tab between each field.

Save the file somewhere convenient, such as System Folder -> Hosts. Open the TCP/IP control panel and hit the “Select Hosts File...” button. Select the file you just created. If there are no syntax/spacing errors, you’re done -- close the control panel and save changes. If there was an error in the file, you’ll get a message to that effect -- open the Hosts file again and check it carefully and try again.

Now, in the OS X Terminal window, crank up the ssh tunnel exactly as described earlier. Launch Classic BlitzMail and see if it works; run the sniffer as above to check.

If you are running a firewall (BrickHouse, in my case) make sure you create two Allow rules, one for each BlitzMail port, otherwise Classic won’t be able to get through (even though it’s the same machine, sort of). This is a quirk of the strange Siamese-twins-joined-at-the-brainstem nature of OS X and Classic.

References:

Changing the host lookup order configuration:
“Ten Mac OS X Loose Ends” by Damien Gallop.
http://www.macwrite.com/criticalmass/ten-mac-os-x-ends.php

Ports used by BlitzMail:
“The (searchable) Dartmouth Computing FAQ” by the staff of Dartmouth Computing Services.
http://www.dartmouth.edu/~helpdesk/finding/dartfaq.html

SSH tunneling and a wealth of other useful info about SSH:
“Introduction to the Linux secure shell client” by William Stearns. http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-intro.htm
“More on SSH: Features and more advanced techniques” by William Stearns.
http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-techniques.v0.81.htm

Tcpdump:
Open the Terminal and type “man tcpdump” ;-)


References: