Date: Mon, 28 Dec 2009 18:35:15 +0100 From: Roland Smith <rsmith@xs4all.nl> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: fetchmail and plain text password Message-ID: <20091228173515.GA27630@slackbox.xs4all.nl> In-Reply-To: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> References: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 28, 2009 at 03:15:53PM +0000, Anton Shterenlikht wrote: > I use fetchmail > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.= html > to download all my mail from the Uni mail > server to my fbsd box. >=20 > I typically run it in daemon mode, which requires > having my mail server password in plain text in .fetchmailrc >=20 > I'm a little worried about the security of having > my password in plain text on the system. chown you:yourgroup ~/.fetchmailrc chmod 400 ~/.fetchmailrc With these changes, only you and the superuser can read that file.=20 You could put your /home directory on an ecrypted partition, so that ~/.fetchmailrc is only readable when /home is mounted. Note that this only provides protection after the machine has been powered down. > Is there a more secure arrangement that would > still allow running fetchmail in daemon mode? I'd be more worried that your password is sent as plaintext over the network using e.g. POP3. You should use the --ssl option if your mailserver allows = it. > Or maybe there is another software solution > alltogether? Presumably you are running a mailserver on your box. You can ask the administrator to forward mail to your machine by making an MX record for it. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAks47FMACgkQEnfvsMMhpyV0uQCfRI2uCspb3brUw1tQyTnIe4ow 2wMAn0hCfgvwNQ0GxqZVHftSC+uhEN6g =eUVW -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091228173515.GA27630>