I own a Linksys WRT54GS with Linksys Parental Controls enabled on the router. The Parental Controls "intercept" web, email and IM requests, and validate them against certain acceptable rules (as assigned by the Parent).
This solution offers a uniform control across my Windows PCs and my Mac.
I love my Mac, which is an eMac 1.25Ghz with OSX 10.4.4. I would like to have my whole family start using it as the primary email, web computer at home, and perhaps make a transition to a full Mac house within the year.
However, there is one thing impeding this: Mac Mail.app v2.0 will not play nice and respect the Parental Controls.
Last time I posted this (early Jan) I had only executed a simple 'telnet' exercise from my Windows PC and Mac PC to show the interaction with the Parental Controls via a simple POP conversation. I then 'speculated' that Mac Mail.app was skipping the '-ERR' that was being returned by the Linksys Parental Controls system.
However, I am now armed with concrete evidence that I have gathered utilizing 'tcpflow' (http://www.circlemud.org/~jelson/software/tcpflow/tcpflow.1.html) at the terminal level, to capture the POP conversation of several Mail applications that WORK, and the Mail.app application which doesn't.
Here are the results:
Mail.app v2.0.5
064.202.165.092.00110-192.168.001.103.49955: +OK <23274.1137248072@pop11.prod.mesa1.secureserver.net>
192.168.001.103.49955-064.202.165.092.00110: APOP me@mail.com 1c2b6a9b0539875b663e9ea25aff804b
064.202.165.092.00110-192.168.001.103.49955: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.49955-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.49955: +OK
192.168.001.103.49955-064.202.165.092.00110: PASS mememe
064.202.165.092.00110-192.168.001.103.49955: +OK
192.168.001.103.49955-064.202.165.092.00110: STAT
064.202.165.092.00110-192.168.001.103.49955: +OK 1355 85250174
192.168.001.103.49955-064.202.165.092.00110: UIDL 1
064.202.165.092.00110-192.168.001.103.49955: +OK 1 1108412777.32256.smtp04.prod.mesa1.secureserver.net,S=1970
192.168.001.103.49955-064.202.165.092.00110: UIDL 1355
064.202.165.092.00110-192.168.001.103.49955: +OK 1355 1137013402.537860.smtp04.prod.mesa1.secure.3007060912
192.168.001.103.49955-064.202.165.092.00110: QUIT
064.202.165.092.00110-192.168.001.103.49955: +OK Sayonara
Quick observation: As you can see above, after sending an 'APOP' (Authenticated POP) command as per RFC1939, Mail.app seems to 'perhaps assume' that the error means that APOP is not supported, so drop back to the normal USER/PASS clear text authentication. That's bad.
GyazMail v1.3.4
064.202.165.092.00110-192.168.001.103.50035: +OK <24832.1137249090@pop05.mesa1.secureserver.net>
192.168.001.103.50035-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.50035: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50035-064.202.165.092.00110: QUIT
Quick observation: Notice that GyazMail 'respects' the initial '-ERR' that is returned (as per RFC1939) and subsequently QUITs the connection.
GyazMail v1.3.4 with APOP Enabled (This is a setting that can be turned on and off, unlike MAIL.APP which seems to have it as the default)
064.202.165.092.00110-192.168.001.103.50101: +OK <12562.1137250331@pop06.prod.mesa1.secureserver.net>
192.168.001.103.50101-064.202.165.092.00110: APOP me@mail.com a70ea1a90fb413e0f06a5f344d0a0c20
064.202.165.092.00110-192.168.001.103.50101: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50101-064.202.165.092.00110: QUIT
Quick observation: GyazMail continues to work as it should.
Mozilla Thunderbird v1.0.2
064.202.165.092.00110-192.168.001.103.49964: +OK <26903.1137248764@pop05.mesa1.secureserver.net>
192.168.001.103.49964-064.202.165.092.00110: CAPA
064.202.165.092.00110-192.168.001.103.49964: -ERR authorization first
192.168.001.103.49964-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.49964: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.49964-064.202.165.092.00110: QUIT
Quick observation: Thunderbird apparently tries to check what all of the CAPAbilities are of the mail server, but then when trying to authenticate, still fails and 'respects' the '-ERR' response, as per RFC1939.
Mozilla Thunderbird v1.0.2 with APOP Enabled (This is a setting that can be turned on and off, unlike MAIL.APP which seems to have it as the default)
064.202.165.092.00110-192.168.001.103.50109: +OK <28428.1137250549@pop03.mesa1.secureserver.net>
192.168.001.103.50109-064.202.165.092.00110: AUTH
064.202.165.092.00110-192.168.001.103.50109: -ERR Unrecognized authentication type
192.168.001.103.50109-064.202.165.092.00110: CAPA
064.202.165.092.00110-192.168.001.103.50109: -ERR authorization first
192.168.001.103.50109-064.202.165.092.00110: APOP me@mail.com e8e90f493db724dff1af43f6939766eb
064.202.165.092.00110-192.168.001.103.50109: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50109-064.202.165.092.00110: QUIT
Quick observation: Thunderbird continues to work as it should.
Now, I also downloaded PowerMail and was going to use it for generating a similar capture, but my previous "test trial" period had run out, and the application continued to be expired, even though I uninstalled and reinstalled it. Nonetheless, I know from previous testing (without the packet captures with tcpflow) that PowerMail also stopped the POP3 session with the prescribed '-ERR' listed.
You may say "then why not use one of the apps above?" Well, I like the integration of Mail.app with iPhoto, the cost (FREE) and the integration with the remainder of the OS. I would like to see the above problem, which is now listed in detail, hopefully resolved in a 10.4.5 release (?).
Anyway, thank you all for your review of this posting, and if you have any workarounds, it would be greatly appreciated. (I would like to get a Mac Mini this month for my wife, but I can't unless this works.)
- Clik
This solution offers a uniform control across my Windows PCs and my Mac.
I love my Mac, which is an eMac 1.25Ghz with OSX 10.4.4. I would like to have my whole family start using it as the primary email, web computer at home, and perhaps make a transition to a full Mac house within the year.
However, there is one thing impeding this: Mac Mail.app v2.0 will not play nice and respect the Parental Controls.
Last time I posted this (early Jan) I had only executed a simple 'telnet' exercise from my Windows PC and Mac PC to show the interaction with the Parental Controls via a simple POP conversation. I then 'speculated' that Mac Mail.app was skipping the '-ERR' that was being returned by the Linksys Parental Controls system.
However, I am now armed with concrete evidence that I have gathered utilizing 'tcpflow' (http://www.circlemud.org/~jelson/software/tcpflow/tcpflow.1.html) at the terminal level, to capture the POP conversation of several Mail applications that WORK, and the Mail.app application which doesn't.
Here are the results:
Mail.app v2.0.5
064.202.165.092.00110-192.168.001.103.49955: +OK <23274.1137248072@pop11.prod.mesa1.secureserver.net>
192.168.001.103.49955-064.202.165.092.00110: APOP me@mail.com 1c2b6a9b0539875b663e9ea25aff804b
064.202.165.092.00110-192.168.001.103.49955: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.49955-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.49955: +OK
192.168.001.103.49955-064.202.165.092.00110: PASS mememe
064.202.165.092.00110-192.168.001.103.49955: +OK
192.168.001.103.49955-064.202.165.092.00110: STAT
064.202.165.092.00110-192.168.001.103.49955: +OK 1355 85250174
192.168.001.103.49955-064.202.165.092.00110: UIDL 1
064.202.165.092.00110-192.168.001.103.49955: +OK 1 1108412777.32256.smtp04.prod.mesa1.secureserver.net,S=1970
192.168.001.103.49955-064.202.165.092.00110: UIDL 1355
064.202.165.092.00110-192.168.001.103.49955: +OK 1355 1137013402.537860.smtp04.prod.mesa1.secure.3007060912
192.168.001.103.49955-064.202.165.092.00110: QUIT
064.202.165.092.00110-192.168.001.103.49955: +OK Sayonara
Quick observation: As you can see above, after sending an 'APOP' (Authenticated POP) command as per RFC1939, Mail.app seems to 'perhaps assume' that the error means that APOP is not supported, so drop back to the normal USER/PASS clear text authentication. That's bad.
GyazMail v1.3.4
064.202.165.092.00110-192.168.001.103.50035: +OK <24832.1137249090@pop05.mesa1.secureserver.net>
192.168.001.103.50035-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.50035: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50035-064.202.165.092.00110: QUIT
Quick observation: Notice that GyazMail 'respects' the initial '-ERR' that is returned (as per RFC1939) and subsequently QUITs the connection.
GyazMail v1.3.4 with APOP Enabled (This is a setting that can be turned on and off, unlike MAIL.APP which seems to have it as the default)
064.202.165.092.00110-192.168.001.103.50101: +OK <12562.1137250331@pop06.prod.mesa1.secureserver.net>
192.168.001.103.50101-064.202.165.092.00110: APOP me@mail.com a70ea1a90fb413e0f06a5f344d0a0c20
064.202.165.092.00110-192.168.001.103.50101: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50101-064.202.165.092.00110: QUIT
Quick observation: GyazMail continues to work as it should.
Mozilla Thunderbird v1.0.2
064.202.165.092.00110-192.168.001.103.49964: +OK <26903.1137248764@pop05.mesa1.secureserver.net>
192.168.001.103.49964-064.202.165.092.00110: CAPA
064.202.165.092.00110-192.168.001.103.49964: -ERR authorization first
192.168.001.103.49964-064.202.165.092.00110: USER me@mail.com
064.202.165.092.00110-192.168.001.103.49964: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.49964-064.202.165.092.00110: QUIT
Quick observation: Thunderbird apparently tries to check what all of the CAPAbilities are of the mail server, but then when trying to authenticate, still fails and 'respects' the '-ERR' response, as per RFC1939.
Mozilla Thunderbird v1.0.2 with APOP Enabled (This is a setting that can be turned on and off, unlike MAIL.APP which seems to have it as the default)
064.202.165.092.00110-192.168.001.103.50109: +OK <28428.1137250549@pop03.mesa1.secureserver.net>
192.168.001.103.50109-064.202.165.092.00110: AUTH
064.202.165.092.00110-192.168.001.103.50109: -ERR Unrecognized authentication type
192.168.001.103.50109-064.202.165.092.00110: CAPA
064.202.165.092.00110-192.168.001.103.50109: -ERR authorization first
192.168.001.103.50109-064.202.165.092.00110: APOP me@mail.com e8e90f493db724dff1af43f6939766eb
064.202.165.092.00110-192.168.001.103.50109: -ERR Your use of this service has been blocked by Parental Controls.
192.168.001.103.50109-064.202.165.092.00110: QUIT
Quick observation: Thunderbird continues to work as it should.
Now, I also downloaded PowerMail and was going to use it for generating a similar capture, but my previous "test trial" period had run out, and the application continued to be expired, even though I uninstalled and reinstalled it. Nonetheless, I know from previous testing (without the packet captures with tcpflow) that PowerMail also stopped the POP3 session with the prescribed '-ERR' listed.
You may say "then why not use one of the apps above?" Well, I like the integration of Mail.app with iPhoto, the cost (FREE) and the integration with the remainder of the OS. I would like to see the above problem, which is now listed in detail, hopefully resolved in a 10.4.5 release (?).
Anyway, thank you all for your review of this posting, and if you have any workarounds, it would be greatly appreciated. (I would like to get a Mac Mini this month for my wife, but I can't unless this works.)
- Clik