Two months ago I upgraded to PGP Desktop 9, because the new version would finally work with Eudora on Mac OS X. Indeed, all I had to do was install the new version, reboot, and the new automatic mode began immediately discovering and auto-enabling my email accounts as I used them. It does this with some clever connection redirection using the built-in Mac OS X firewall, courtesy of the Unix subsystem.
Unfortunately, the automatic mode doesn’t work so well if you are also using some kind of network tunnel, such as a VPN or ssh port forwarding, which is increasingly common for me as I take the laptop to clients or on the road.
I finally got around to figuring out how to set up PGP Messaging’s manual proxy mode, courtesy of decent instructions for Windows users written by Robert Johansen of PGP. I thought I would document the configuration for Mac OS X users, since there are substantial differences in the application between the two platforms.
PGP Desktop Manual Proxy Configuration for Mac OS X
There are basically two parts to configuring the manual proxy for PGP Desktop: configure PGP to use manual proxy mode, and then configure your email client to connect to the proxy, instead of your mail server.
Configure PGP Desktop for Manual Proxy Mode
- Open the PGP Desktop application, and choose Preferences from the PGP menu. Switch to the Messaging preference panel, and click the Advanced… button in the middle right of the preference panel:
!/images/pgp/prefs-messaging.gif(PGP Preferences, Messaging panel)! - In the Advanced Settings sheet, switch the PGP Proxy Option from Automatic to Manual Proxy:
!/images/pgp/prefs-messaging-advanced.gif(PGP Messaging Advanced: PGP Proxy Options)! - Click OK to close the Advanced sheet, then close the Preferences panel.
- Click on each of your PGP Messaging services in turn, and verify that the Incoming and Outgoing Mail Server settings are both set to the hostname of these servers:
!/images/pgp/messaging-service-properties.gif(PGP Messaging, Service Properties screen)! - Also for each of your PGP Messaging services, click the Settings button in the top-right corner of the screen, and verify the Manual Mode Listen Ports in the Advanced tab:
!/images/pgp/messaging-service-settings.gif(PGP Messaging, Service Settings panel)!
These are the ports on which PGP is “listening” for connections from your email client. You will need to enter these port numbers into your email client in the next stage, so write them down now.
Note: Most users can use the default ports which are offered by PGP, illustrated here. However, if those ports are already in use by another application, you can change them to something else, as long as they are above 1024. Robert’s instructions explain this in a bit more detail; I’m skipping that here. - Although probably not required, it’s a good idea to reboot your computer at this point.
Configure Your Email Client
I’m using Eudora in this example, but the steps should be similar for nearly any email client. You just need to find the configuration screen which allows you to change the ports used for email connections. Sometimes that’s hidden by default, hence the extra instructions for Eudora.
- Quit Eudora if it is running. Find your Eudora application, select it, and press Command-I to open the Get Info window for the application.
- Verify that the Esoteric Settings plug-in is enabled:
!/images/pgp/eudora-get-info.gif(Eudora plug-ins, Esoteric Settings enabled)!
The Esoteric Settings plug-in contains the settings panel which allows you to change the ports Eudora will use to send and receive email. So, you need to enable it, at least long enough to change the settings. - Launch Eudora, and choose Settings… from the Special menu.
- Select the first settings panel, Getting Started, and change the mail server to 127.0.0.1:
!/images/pgp/eudora-settings-getting-started.gif(Eudora Settings, Getting Started)!
127.0.0.1 is a “magic” IP address, called the loopback or localhost, which stands for the actual system on which the address is found. You can think of it as the computer equivalent of “me.”
Note: With Eudora, and for many email clients, you can leave the SMTP server setting blank, if it is the same as the mail server setting. That is what is illustrated here. - Change the email connection ports to use the ports you obtained from PGP Desktop in the earlier section:
!/images/pgp/eudora-settings-ports.gif(Eudora Settings, Ports & Protocols)!
This configures Eudora to talk to PGP (which will then talk to the mail server on Eudora’s behalf), instead of directly to the mail server. - Click OK to save your changes and close the Settings dialog.
At this point, you should check mail and verify that you can send and receive mail as usual. You will probably have to re-enter your password for your email account(s), this is a side effect of changing the mail server address.
If sending and receiving normal email works fine, it’s time to test sending to someone who has PGP also, to test sending encrypted messages.
These are great instructions and combined with Douglas Bowman’s post on secure email will take one a long way. Oh and with Dave Alderling’s SSH with Keys How To. But frankly at this point I have a headache and would probably be prepared to give up the use of my computer than spending any more time making it secure (and thus more vulnerable to operational hiccups which will take hours to run down as well).
Somebody has to come up with a better system. Dot.mac has PGP privacy built-in along with SSL. It might make sense to subscribe after all.