[Swlug] imap server and smartphone

Ben Tullis tullis at hypothetical.co.uk
Fri Sep 23 01:54:16 UTC 2016 

Hi bascule,

Here are a couple of thoughts for you.

1: You could try Roundcube (https://roundcube.net/) instead of Squirrelmail.
 - They have a custom theme available for small screens:
https://roundcubeinbox.wordpress.com/2016/04/26/roundcube-for-mobile-devices/
 - They also have a native Android App.
https://play.google.com/store/apps/details?id=smalltownboys.rc&hl=en_GB
  (reviews aren't great yet though)

2: You could open your IMAP port to the world, but protect it a bit,
then use an IMAP client on the phone
 - Run the public IMAP service on a non-standard port number, using your
firewall to forward the incoming traffic to the normal port
 - Run fail2ban (http://www.fail2ban.org) to block anyone trying to
brute-force IMAP

3: You could open your IMAP port to the world, but protect it
cryptographically, then use an IMAP client on the phone
 - Use client-authenticating TLS so that you need to provide a valid
digital certificate before you can connect to the port
 - Add your self-signed CA and client certificates to your phone
 - You can generate your own self-signed CA certificate and client
certificate - Something like XCA can help here:
(http://xca.sourceforge.net/)
 - You can use stunnel (https://www.stunnel.org) to be the
authenticating proxy, so that you don't have to modify the Cyrus
configuration much, if at all.
 - If you have an Android phone, sometimes they complain when you add a
self-signed CA certificate. If it's rooted, you can get around this
with: CADroid
(https://play.google.com/store/apps/details?id=at.bitfire.cadroid&hl=en_GB)

4: Use a VPN, e.g. OpenVPN
5: Use SSH port forwarding, with e.g. JuiceSSH for Android

These last two solutions aren't the most convenient, because you
wouldn't be permanently connected, but it might be worth considering them.

Option 2 is probably the easiest and as long as you're monitoring and
responding to failed logins, this should be a sufficiently secure system
for your home email.
You may want to open your SMTP service as well if you're implementing
options 2 or 3, or you might be able to get away with using your
upstream ISP's SMTP service.

Hope that helps.

Kind regards,
Ben

On 23/09/16 01:16, bascule via Swlug wrote:
> at the moment i have a home imap server (cyrus) keeping all my email and 
> squirrelmail to access it from outside the house, using squirrelmail on a 
> small screen smartphone isn't really useful so is there another way to get my 
> email on my phone?
> do i have to open the imap server itself to the outside world for this?
>
> bascule

More information about the Swlug mailing list