fetchmail and plain text password
Roland Smith
rsmith at xs4all.nl
Mon Dec 28 17:35:22 UTC 2009
On Mon, Dec 28, 2009 at 03:15:53PM +0000, Anton Shterenlikht wrote:
> I use fetchmail
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.html
> to download all my mail from the Uni mail
> server to my fbsd box.
>
> I typically run it in daemon mode, which requires
> having my mail server password in plain text in .fetchmailrc
>
> I'm a little worried about the security of having
> my password in plain text on the system.
chown you:yourgroup ~/.fetchmailrc
chmod 400 ~/.fetchmailrc
With these changes, only you and the superuser can read that file.
You could put your /home directory on an ecrypted partition, so that
~/.fetchmailrc is only readable when /home is mounted. Note that this only
provides protection after the machine has been powered down.
> Is there a more secure arrangement that would
> still allow running fetchmail in daemon mode?
I'd be more worried that your password is sent as plaintext over the network
using e.g. POP3. You should use the --ssl option if your mailserver allows it.
> Or maybe there is another software solution
> alltogether?
Presumably you are running a mailserver on your box. You can ask the
administrator to forward mail to your machine by making an MX record for it.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091228/8de91bfd/attachment.pgp
More information about the freebsd-questions
mailing list