Date: Tue, 29 Dec 2009 11:11:50 +0000 From: Anton Shterenlikht <mexas@bristol.ac.uk> To: Roland Smith <rsmith@xs4all.nl> Cc: Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-questions@freebsd.org Subject: Re: fetchmail and plain text password Message-ID: <20091229111150.GA15440@mech-cluster241.men.bris.ac.uk> In-Reply-To: <20091228173515.GA27630@slackbox.xs4all.nl> References: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> <20091228173515.GA27630@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 28, 2009 at 06:35:15PM +0100, Roland Smith wrote: > On Mon, Dec 28, 2009 at 03:15:53PM +0000, Anton Shterenlikht wrote: > > I use fetchmail > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.html > > to download all my mail from the Uni mail > > server to my fbsd box. > > > > I typically run it in daemon mode, which requires > > having my mail server password in plain text in .fetchmailrc > > > > I'm a little worried about the security of having > > my password in plain text on the system. > > chown you:yourgroup ~/.fetchmailrc > chmod 400 ~/.fetchmailrc > > With these changes, only you and the superuser can read that file. yes, an attacker gaining superuser access is my worry. I'm reading Garfinkel and Spafford (1996) Practical UNIX & internel security (a bit out of date, I know. I ordered the 3rd edition, 2003), and I realised there are a lot of potential security issues, of which I wasn't aware. Things like SUID/SGID files could be an issue, and lots of other things. > > Is there a more secure arrangement that would > > still allow running fetchmail in daemon mode? > > I'd be more worried that your password is sent as plaintext over the network > using e.g. POP3. You should use the --ssl option if your mailserver allows it. it looks like it doesn't allow ssl. > > Or maybe there is another software solution > > alltogether? > > Presumably you are running a mailserver on your box. You can ask the > administrator to forward mail to your machine by making an MX record for it. not sure I understand you here. I run sendmail daemon just for sending mail out of the box, and delivery of internal mail inside the box. Sendmail doesn't listen for any incoming connections. Could you please elaborate, or give a link. many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091229111150.GA15440>