Fetchmail and ip-up

Richard Lightman richard at nezumi.plus.com
Mon Aug 26 14:38:18 PDT 2002


* Daniel Brewer <d.brewer at ucl.ac.uk> [2002-08-26 22:09]:
> I probably could copy the .fetchmailrc to root but this does not seem
> very security wise.
> 
Root can read ~daniel/.fetchmailrc is he wants to. You might be able
to hide it from root using gpg, but then you would have to type your
gpg password to download mail.

> Any ideas?
> 
The simple version:

#!/bin/bash
case "$USER" in
  daniel)
    fetchmail -v -d 60
    ;;
  root)
    su daniel -c fetchmail -v -d 60
    ;;
esac


The complex version, with fetchmail, qmail and djbdns:
    /var/log/fetchmail          link to the most recent log
    /var/log/multi/fetchmail/*  logs for the last 10 days
    /etc/ppp/pap-secrets        link to a loopback encrypted filesystem

#!/bin/bash

sleep 2
file=multi/fetchmail/$(date '+%Y-%m-%d_%H:%m:%S')
touch     /var/log/$file
chmod 750 /var/log/$file
awk '/^nezumi/ {print "poll imap.plus.net proto imap username nezumi password \""$3"\""}' /etc/ppp/pap-secrets |\
  fetchmail -a -v -D urusai.localnet.rcl -f - >>/var/log/$file 2>&1 &
ln -sf $file /var/log/fetchmail
rm -f $(find /var/log/multi/fetchmail/ -mtime +10 -type f)
sleep 3
maildirsmtp ~alias/pppdir alias-ppp- $(dnsip relay.plus.net) nezumi.plus.com &


While the system is running, root can still read my mail password,
but you cannot get it by mounting the hard disk on your system - 
without the password.

Remember in this country, if you cannot prove you do not know the
password, you can be imprisoned under the prevention of terrorism
act for refusing to decrypt something you have received. Bare
this in mind before doing a thorough job of securing your e-mail.

Richard
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list