Re: security problem (tcp/ip)

[dtm12@jhunix.hcf.jhu.edu (Daniel Martin at cush)]

Carey Evans <c.evans@clear.net.nz> writes:

> Frank Barknecht <barknech@ph-cip.uni-koeln.de> writes:
> 
> > How do I "forward pop3 over ssh"? 
> 
> This is described in question C4 in the fetchmail FAQ (at least for
> version 4.3.6).  Basically you need to install ssh on the client and
> sshd on the mail server ("mailhost") and put something like this in
> your .fetchmailrc:
> 
> poll mailhost port 1234 via localhost with pop3:
>         preconnect "ssh -f -L 1234:mailhost:110 mailhost sleep 20 /dev/null";
> 
> The version of fetchmail in 1.3.1 might be too old for this.

However, you can still do what I did with the 1.3.1 fetchmail.  Our
local friendly sysadmins already had sshd on the mailserver, so I
compiled a copy of fetchmail in my ~/bin directory on the mailserver.
Then, my /etc/ppp/ip-up script (this was under bo) did:

HOME=~martind su martind <<EOD
  cd ~martind
  m4 -DIPADDR=$4 < jhunix.fetchmailrc | \
      ssh jhunix.hcf.jhu.edu 'umask 077; cat > .fetchmailrc'
  ./bin/getmailloop &
EOD

Where jhunix.fetchmailrc was a file that looked like this:
poll localhost proto imap 
    user xxxxxx with password xxxxxxxx is martind here
    smtphost IPADDR

And ~/bin/getmailloop is just a script that every fifteen minutes does 
ssh jhunix.hcf.jhu.edu bin/fetchmail

Of course, this requires that you set up passwordless logins with ssh
for this to work; not everyone will let you do this.

Now this still has all of your mail travelling over the network
unencrypted; however, your username and password aren't ever sent over 
the network (except inside an ssh connection).


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .