From owner-freebsd-questions@FreeBSD.ORG Mon Dec 28 17:35:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2156A106566C for ; Mon, 28 Dec 2009 17:35:22 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr11.xs4all.nl (smtp-vbr11.xs4all.nl [194.109.24.31]) by mx1.freebsd.org (Postfix) with ESMTP id 901BC8FC1A for ; Mon, 28 Dec 2009 17:35:21 +0000 (UTC) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr11.xs4all.nl (8.13.8/8.13.8) with ESMTP id nBSHZFGC058782; Mon, 28 Dec 2009 18:35:15 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id 3BEB0BA9D; Mon, 28 Dec 2009 18:35:15 +0100 (CET) Date: Mon, 28 Dec 2009 18:35:15 +0100 From: Roland Smith To: Anton Shterenlikht Message-ID: <20091228173515.GA27630@slackbox.xs4all.nl> References: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline In-Reply-To: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: fetchmail and plain text password X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 17:35:22 -0000 --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 28, 2009 at 03:15:53PM +0000, Anton Shterenlikht wrote: > I use fetchmail > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.= html > to download all my mail from the Uni mail > server to my fbsd box. >=20 > I typically run it in daemon mode, which requires > having my mail server password in plain text in .fetchmailrc >=20 > I'm a little worried about the security of having > my password in plain text on the system. chown you:yourgroup ~/.fetchmailrc chmod 400 ~/.fetchmailrc With these changes, only you and the superuser can read that file.=20 You could put your /home directory on an ecrypted partition, so that ~/.fetchmailrc is only readable when /home is mounted. Note that this only provides protection after the machine has been powered down. > Is there a more secure arrangement that would > still allow running fetchmail in daemon mode? I'd be more worried that your password is sent as plaintext over the network using e.g. POP3. You should use the --ssl option if your mailserver allows = it. > Or maybe there is another software solution > alltogether? Presumably you are running a mailserver on your box. You can ask the administrator to forward mail to your machine by making an MX record for it. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAks47FMACgkQEnfvsMMhpyV0uQCfRI2uCspb3brUw1tQyTnIe4ow 2wMAn0hCfgvwNQ0GxqZVHftSC+uhEN6g =eUVW -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--