From owner-freebsd-questions@FreeBSD.ORG Tue Dec 29 11:11:55 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D93781065692 for ; Tue, 29 Dec 2009 11:11:55 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78]) by mx1.freebsd.org (Postfix) with ESMTP id 977998FC1A for ; Tue, 29 Dec 2009 11:11:55 +0000 (UTC) Received: from seis.bris.ac.uk ([137.222.10.93]) by dirj.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1NPZzT-00042p-VQ; Tue, 29 Dec 2009 11:11:54 +0000 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1NPZzT-000613-82; Tue, 29 Dec 2009 11:11:51 +0000 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3) with ESMTP id nBTBBpEa015470; Tue, 29 Dec 2009 11:11:51 GMT (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3/Submit) id nBTBBoGn015469; Tue, 29 Dec 2009 11:11:50 GMT (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Tue, 29 Dec 2009 11:11:50 +0000 From: Anton Shterenlikht To: Roland Smith Message-ID: <20091229111150.GA15440@mech-cluster241.men.bris.ac.uk> References: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> <20091228173515.GA27630@slackbox.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20091228173515.GA27630@slackbox.xs4all.nl> User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -1.5 X-Spam-Level: - Cc: Anton Shterenlikht , freebsd-questions@freebsd.org Subject: Re: fetchmail and plain text password X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 11:11:55 -0000 On Mon, Dec 28, 2009 at 06:35:15PM +0100, Roland Smith wrote: > On Mon, Dec 28, 2009 at 03:15:53PM +0000, Anton Shterenlikht wrote: > > I use fetchmail > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.html > > to download all my mail from the Uni mail > > server to my fbsd box. > > > > I typically run it in daemon mode, which requires > > having my mail server password in plain text in .fetchmailrc > > > > I'm a little worried about the security of having > > my password in plain text on the system. > > chown you:yourgroup ~/.fetchmailrc > chmod 400 ~/.fetchmailrc > > With these changes, only you and the superuser can read that file. yes, an attacker gaining superuser access is my worry. I'm reading Garfinkel and Spafford (1996) Practical UNIX & internel security (a bit out of date, I know. I ordered the 3rd edition, 2003), and I realised there are a lot of potential security issues, of which I wasn't aware. Things like SUID/SGID files could be an issue, and lots of other things. > > Is there a more secure arrangement that would > > still allow running fetchmail in daemon mode? > > I'd be more worried that your password is sent as plaintext over the network > using e.g. POP3. You should use the --ssl option if your mailserver allows it. it looks like it doesn't allow ssl. > > Or maybe there is another software solution > > alltogether? > > Presumably you are running a mailserver on your box. You can ask the > administrator to forward mail to your machine by making an MX record for it. not sure I understand you here. I run sendmail daemon just for sending mail out of the box, and delivery of internal mail inside the box. Sendmail doesn't listen for any incoming connections. Could you please elaborate, or give a link. many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423