On Sun, Jul 29, 2001 at 04:44:57PM -0700, Rob Hudson wrote: Hello, [cut - about secure pop3 daemon] > > I currently have fetchmail opening up a SSH tunnel, and get my mail > via popa3d. I'll attach relavent scripts... > > /home/user/.fetchmailrc: > ----------------------- > poll cogit8.org via localhost protocol pop3 port 12574: > preconnect "ssh -C -f -L 12574:cogit8.org:110 cogit8.org sleep 10" > password <your_password>; > > I guess that's it. This basically says, > > preconnect (do this before fetching mail) > open a SSH channel from server cogit8.org port 110 to localhost port > 12574 (arbitrary port number), wait 10 seconds for fetchmail to get in > there. > > then, > fetchmail on localhost port 12574. This is unsecure - any localhost user can sniff your passwords. --- kupson@temp: ~$ nc -l -p 60001 # choosen port number +OK USER kupson PASS <mypassword> QUIT kupson@temp: ~$ --- Type "+OK" after fetchmail connects to netcat, then several times <ENTER> . Ssh didn't notify fetchmail that it cannot forwand remote port to localhost. You can run fetchmail as user root and choose port number < 1024, but it's even worse security problem. Somebody know how do it better ? [cut - rest] Kupson PS: Sorry for my english. -- Great software without the knowledge to run it is pretty useless. (Linux Gazette #1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]