1337 pine

Pine is a very powerful text-based email reader. It has a tendency to be preconfigured on Unix/Linux systems administered by an academic institution, thus, a lot of college students know how to use it. For some time now, I’ve wanted to get it running to my satisfaction on my own workstation, which is a Debian Linux system.

Debian packages can be found here, but the default configuration is entirely unacceptable. The first problem I encountered was a seemingly endless series of password prompts, and even when I entered my password, pine remained grouchy.

First, a word about my network setup. I am in the CMU ECE department, which maintains an IMAP email server that accepts SSL connections. If your mail server is different, then the info below might not work for you.

The repeated password prompt problem, it turns out, was related to the option ‘rsh-open-timeout’ in ~/.pinerc. Apparently, by default, pine will try to establish an rsh or ssh connection to the mail server. Since my mail server accepts no such connections, I set ‘rsh-open-timeout=0’ and ‘ssh-open-timeout=0’ to eliminate any latencies while these connection mechanisms are attempted.

The next problem I encountered was that the SSL certificate used by my mail server is not certified by any “real” (i.e., for money, and thus of questionable value) CA, resulting in a warning to the tune of “self-signed certificate in certificate chain”. Kindly, pine tells you one way to fix this: append ‘/novalidate-cert’ to the end of your mail server’s name (imap.ece.cmu.edu) in my case. While searching for your mail server’s name and appending, do also include ‘/ssl’, resulting in something like ‘imap.ece.cmu.edu/novalidatecert/ssl’. Now, we are not validating the certificate from our mail server, so SSL is providing only limited utility. For the solution to that saga, stay tuned for the next episode…

At this point, I start pine, hit enter to accept my default username, and then type in my password. Still too much trouble. Pine can be compiled with support for a command line option ‘-passfile’, which specifies a file in which to store one’s password, so that the prompt no longer appears. This option is not supported by default, so I ended up compiling pine from source (./build ldb) after editing pine/pine.h to include the line ‘#define PASSFILE “~/.pine.pwd”‘. So much for the .deb package. You can get the source for pine here.

Next, I decided to replicate this installation on my Mac OS X system. I built from source (./build osx) without issue, but then I started getting Kerberos errors when starting pine, something to the tune of “Kerberos error: no credentials cache found.” Edit ~/.pinerc and add GSSAPI to the ‘disable-these-authenticators=’ line.

Security warning I feel obligated to include this since my job description dictates that I should. The password is stored encrypted but the key must be on the system somewhere, so using ‘-passfile’ may not be the best idea. Not validating the SSL cert means anybody can perform a man-in-the-middle attack and learn your username/password, not to mention see all your mail. I intend to figure out how to install my university’s self-signed root CA cert properly to eliminate this, but until then, danger!

This page contains an amazing amount of info on Power Pine; check it out.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s