Re: security problem (tcp/ip)
- To: Debian users mailing list <debian-user@lists.debian.org>
- Subject: Re: security problem (tcp/ip)
- From: dtm12@jhunix.hcf.jhu.edu (Daniel Martin at cush)
- Date: Mon, 02 Mar 1998 11:37:09 -0500
- Message-id: <[🔎] 87iupx122y.fsf@cush.dyn.ml.org>
- In-reply-to: Carey Evans's message of "28 Feb 1998 22:10:00 +1300"
- References: <3.0.32.19980225032825.00837360@pop.gel.usherb.ca> <874t1oc9nh.fsf@psyche.evansnet> <19980226130810.43070@fliwatut> <877m6gksd2.fsf@psyche.evansnet>
Carey Evans <c.evans@clear.net.nz> writes:
> Frank Barknecht <barknech@ph-cip.uni-koeln.de> writes:
>
> > How do I "forward pop3 over ssh"?
>
> This is described in question C4 in the fetchmail FAQ (at least for
> version 4.3.6). Basically you need to install ssh on the client and
> sshd on the mail server ("mailhost") and put something like this in
> your .fetchmailrc:
>
> poll mailhost port 1234 via localhost with pop3:
> preconnect "ssh -f -L 1234:mailhost:110 mailhost sleep 20 /dev/null";
>
> The version of fetchmail in 1.3.1 might be too old for this.
However, you can still do what I did with the 1.3.1 fetchmail. Our
local friendly sysadmins already had sshd on the mailserver, so I
compiled a copy of fetchmail in my ~/bin directory on the mailserver.
Then, my /etc/ppp/ip-up script (this was under bo) did:
HOME=~martind su martind <<EOD
cd ~martind
m4 -DIPADDR=$4 < jhunix.fetchmailrc | \
ssh jhunix.hcf.jhu.edu 'umask 077; cat > .fetchmailrc'
./bin/getmailloop &
EOD
Where jhunix.fetchmailrc was a file that looked like this:
poll localhost proto imap
user xxxxxx with password xxxxxxxx is martind here
smtphost IPADDR
And ~/bin/getmailloop is just a script that every fifteen minutes does
ssh jhunix.hcf.jhu.edu bin/fetchmail
Of course, this requires that you set up passwordless logins with ssh
for this to work; not everyone will let you do this.
Now this still has all of your mail travelling over the network
unencrypted; however, your username and password aren't ever sent over
the network (except inside an ssh connection).
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: