[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fetchmail over ssh, how?

> I am trying to run fetchmail over ssh but I seem to be too dumb to get
> it going. Ive read the (debian) docs, a webpage dedicated to this
> problem (http://yosh.gimp.org/Secure-POP-SSH.html) but still I cant get
> it going.  I hope somebody here can help me.

thanks for the url. :-)  here's the answer to your problem if you haven't
already figured it out.

> The setup, two debian/slink boxes ap031 and ap058. I am on ap031,
> ssh-agent, ssh-askpass(?) are running, so that I can log into the other
> machine simply with ssh (seems not to apply here...). I want to get mail
> from ap058. ssh is installed on both machines, username both times cts,
> authorized_keys entries are ok.

step one is to make sure you have passwordless ssh setup (either useing
~/.shosts files or better yet the rsa stuff and ssh-add).  it sounds like
you have that working.

> My entry in .fetchmailrc;
> poll ap058 port 11110 via localhost with protocol pop3:

this should be:

poll localhost port 11110 via localhost with protocol pop3:

you are creating an encrypted tunnel from port 11110 on your localbox (the
one running fetchmail) to port 110 of your pop server.... so in order to use
it you must connect to localhost:11110.

to test it one step at a time run the preconnect command and then use telnet
to telnet to localhost:11110, you should see the prompt of your pop server.

also when you are trying to get it running, make sure you are running
'fetchmail -N' so it runs in the foreground.  it will make it much easier to
figure out what's going wrong.

> Is password needed? If I enter something there I am not asked for a
> password, but I am unsure _which_ password I have to give (and why). Is
> it really the password on ap058 or the pgp passphrase on ap031? Or vice
> versa? All four paswords differ... I think I have tried them all.

if you're pop server requires a password (i've never seen one which doesn't)
then yes, you need a password.  the password you are giving is the one you
would use to login to the pop server to check your mail.

> This means that the port address I want to use is allready in use? How
> can I reuse that port again?

the you are forcing the localhost port to stay open for 20 seconds with your
sleep command.  once the 20 seconds is up it will stay open until your pop
session finishes (gets all your mail this time), and then ssh should
automatcially die.

> I changed the preconnect to 
> preconnect "ssh-agent ssh -f -L 11110:ap058:110 ap058 sleep 20 </dev/null >/dev/null";
> so that I have to enter my local passphrase and if I enter a wrong one, I
> have to enter the remote password, good. But still I get the socket error
> message. What am I doing wrong?

i'm not sure of the syntax but here is my ~/.fetchmailrc which has been
working for me for a couple months (not you probably want to use the
smtphost option instead of the mda option but so long as you have procmail
installed either should work okay.  i like not being reliant on my mta
because it means i can play with postfix without worry of trashing my mail):
---
heyzeus(larry)> cat ~/.fetchmailrc
set daemon 60

poll localhost port 1100 protocol pop3 uidl 
        username larry password mypassword
#       smtphost localhost
        mda "/usr/bin/procmail -d larry"
        preconnect "ssh -C -f -L 1100:calvino:110 calvino 'sleep 9'"
---
where my username is larry on both remote and local servers, and the pop
server is calvino.

enjoy.

adam.
Reply to: