Re: Giveaway-Laptop: sending system mails

To: debian-user@lists.debian.org
Subject: Re: Giveaway-Laptop: sending system mails
From: Reco <recoverym4n@enotuniq.net>
Date: Tue, 31 Dec 2019 17:00:14 +0300
Message-id: <[🔎] E1imI4E-0001Ta-Qk@enotuniq.net>
In-reply-to: <[🔎] bdd34e8c-a170-9358-e36a-355536e84141@the-grue.de>
References: <[🔎] bdd34e8c-a170-9358-e36a-355536e84141@the-grue.de>

	Hi.

On Tue, Dec 31, 2019 at 02:11:06PM +0100, Markus Grunwald wrote:
> But, there is a problem: I have to put the plain mail password in
> /etc/msmtprc, because the normal user won't be there to unlock a gpg
> file or give msmtp the password in any other way. That means, I want
> /etc/msmtprc to be only readable by root (440). But then, users other
> than root (nobody maybe?) won't be able to send mails...

NEWS.Debian.gz have this to say on the issue:

The system-wide configuration file (/etc/msmtprc) can contain SMTP
credentials that are best kept secret. To let regular users use msmtp
while preventing them from reading the file, the permissions can be
adjusted that way:

    # chmod 0640 /etc/msmtprc
    # chgrp msmtp /etc/msmtprc

So that msmtp's binary executing as the "msmtp" group (setgid) can
access it.

In short, if a user will use "msmtp" to send e-mails - you're set.

If msmtp somehow fails you - consider using exim4, which passwd.client
file should not be readable by ordinary user at all.

Reco

Reply to:

References:
- Giveaway-Laptop: sending system mails
  - From: Markus Grunwald <markus@the-grue.de>

Prev by Date: Re: OT: Question about 10/100 switch on a LAN with a faster router
Next by Date: Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]
Previous by thread: Giveaway-Laptop: sending system mails
Next by thread: Re: Giveaway-Laptop: sending system mails
Index(es):
- Date
- Thread