In my case, I'm the only local user on this box so I'm not worried too much. In the same case, I should store my password in my .fetchmailrc file, but I'd rather do that than type in my password every time fetchmail kicks up.
I would like to know how to make it more secure, however. But at least it is secure past my local system. > On 20010730.2244, Rafal Kupka said ... > > On Sun, Jul 29, 2001 at 04:44:57PM -0700, Rob Hudson wrote: > Hello, > > [cut - about secure pop3 daemon] > > > > I currently have fetchmail opening up a SSH tunnel, and get my mail > > via popa3d. I'll attach relavent scripts... > > > > /home/user/.fetchmailrc: > > ----------------------- > > poll cogit8.org via localhost protocol pop3 port 12574: > > preconnect "ssh -C -f -L 12574:cogit8.org:110 cogit8.org sleep 10" > > password <your_password>; > > > > I guess that's it. This basically says, > > > > preconnect (do this before fetching mail) > > open a SSH channel from server cogit8.org port 110 to localhost port > > 12574 (arbitrary port number), wait 10 seconds for fetchmail to get in > > there. > > > > then, > > fetchmail on localhost port 12574. > This is unsecure - any localhost user can sniff your passwords. > --- > [EMAIL PROTECTED]: ~$ nc -l -p 60001 # choosen port number > +OK > USER kupson > > PASS <mypassword> > > QUIT > > [EMAIL PROTECTED]: ~$ > --- > Type "+OK" after fetchmail connects to netcat, then several times <ENTER> . > > Ssh didn't notify fetchmail that it cannot forwand > remote port to localhost. > > You can run fetchmail as user root and choose port number < 1024, > but it's even worse security problem. > > Somebody know how do it better ? > > [cut - rest] > > Kupson > PS: Sorry for my english. > -- > Great software without the knowledge to run it is pretty useless. > (Linux Gazette #1) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >