Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
If you're worried about either of those scenarios, set up a separate account for your email alerts. I like the separate account idea. Any tips on locking it down? Maybe that account on the mail server should somehow only be allowed to deliver to a single email address (mine)? Would it need a shell account? Certainly not allowed in sshd_config. It depends on how you're authenticating. We've got our users in Postgres, and postfix uses Dovevot's SASL backend to auth. That way a user is just an email address/password combination and can't do anything except send/receive mail. The general defense against hacked user accounts is to do rate-limiting on the MTA with something like postfwd, and at least notify postmaster if someone begins sending hundreds of messages. That way if a user gets hacked, you find out about it and can disable them. In this case I wouldn't even worry about it. If someone can log on to your server and read the msmtp config, you've already got a big problem. The real benefit to using a separate account is that if that does happen, they can't see Grant's personal email password (which is essentially the keys to the kingdom). I was planning on having the alerts sent from each system via my privileged account on the mail server which means storing that password in the msmtp config file on each system. If I instead set up a separate account for alerts and lock that account down so it can only send email to my own address, I can flaunt that password around all I want because it can only be used to send email to me, correct? By the way, is it considered safe to use my own privileged account on the mail server to send mail from a good local mail client if I use SSL/TLS in transmission? Another thing you might consider is getting added to the feedback loops of some major providers. When one of our users gets hacked, I find out quickly because AOL sends me a copy of every message that they get from us which is marked as junk. This is a Good Idea anyway, and mitigates the stolen-password problem in that unlikely event. That sounds like a really good idea. Is there an industry-standard term I could use in a search to figure out how to get the providers (Google, Yahoo, AOL?) to set me up this way? - Grant
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
On 12/05/2012 01:43 AM, Grant wrote: I switched to msmtp when nbsmtp was treecleaned. The switch was uneventful; it just works, which is high praise. You can't encrypt your password unless you're going to be physically present to decrypt it (with some other password). If your machine is physically secure, you can just make the msmtp config file read-only to yourself. If someone can log in as you, they can get your password anyway. There's only a risk if e.g. you're not root, or someone else can get root (access to grub) or walk off with the hard drive. If you're worried about either of those scenarios, set up a separate account for your email alerts. I like the separate account idea. Any tips on locking it down? Maybe that account on the mail server should somehow only be allowed to deliver to a single email address (mine)? Would it need a shell account? Certainly not allowed in sshd_config. It depends on how you're authenticating. We've got our users in Postgres, and postfix uses Dovevot's SASL backend to auth. That way a user is just an email address/password combination and can't do anything except send/receive mail. The general defense against hacked user accounts is to do rate-limiting on the MTA with something like postfwd, and at least notify postmaster if someone begins sending hundreds of messages. That way if a user gets hacked, you find out about it and can disable them. In this case I wouldn't even worry about it. If someone can log on to your server and read the msmtp config, you've already got a big problem. The real benefit to using a separate account is that if that does happen, they can't see Grant's personal email password (which is essentially the keys to the kingdom). Another thing you might consider is getting added to the feedback loops of some major providers. When one of our users gets hacked, I find out quickly because AOL sends me a copy of every message that they get from us which is marked as junk. This is a Good Idea anyway, and mitigates the stolen-password problem in that unlikely event.
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
Grant wrote: msmtp --passwordeval 'gpg -d mypwfile.gpg' Be careful with passing your password as a command line argument, because it will put your password into the output of ps. This would allow any user on the system to read your password. -- R
[gentoo-user] ssmtp alternatives: msmtp vs. dma
I was setting up ssmtp but I realized it isn't being maintained and there are a couple of alternatives called msmtp and dma. Can anyone recommend one of these over the other? I don't like how ssmtp stores the mail password in clear text in its config file. It looks like msmtp can pull the password from gpg: msmtp --passwordeval 'gpg -d mypwfile.gpg' I don't have much experience with gpg. Does this mean I can store the mail password encrypted on each of my systems so it can be used in an automated fashion to get mail onto my mail server? Do I need to start gpg-agent and enter a gpg keyring password whenever I reboot each of the systems? Is this the best way to get email alerts from my various systems to my email address? - Grant
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
On 12/05/2012 12:28 AM, Grant wrote: I was setting up ssmtp but I realized it isn't being maintained and there are a couple of alternatives called msmtp and dma. Can anyone recommend one of these over the other? I don't like how ssmtp stores the mail password in clear text in its config file. It looks like msmtp can pull the password from gpg: msmtp --passwordeval 'gpg -d mypwfile.gpg' I don't have much experience with gpg. Does this mean I can store the mail password encrypted on each of my systems so it can be used in an automated fashion to get mail onto my mail server? Do I need to start gpg-agent and enter a gpg keyring password whenever I reboot each of the systems? Is this the best way to get email alerts from my various systems to my email address? I switched to msmtp when nbsmtp was treecleaned. The switch was uneventful; it just works, which is high praise. You can't encrypt your password unless you're going to be physically present to decrypt it (with some other password). If your machine is physically secure, you can just make the msmtp config file read-only to yourself. If someone can log in as you, they can get your password anyway. There's only a risk if e.g. you're not root, or someone else can get root (access to grub) or walk off with the hard drive. If you're worried about either of those scenarios, set up a separate account for your email alerts.
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
I was setting up ssmtp but I realized it isn't being maintained and there are a couple of alternatives called msmtp and dma. Can anyone recommend one of these over the other? I don't like how ssmtp stores the mail password in clear text in its config file. It looks like msmtp can pull the password from gpg: msmtp --passwordeval 'gpg -d mypwfile.gpg' I don't have much experience with gpg. Does this mean I can store the mail password encrypted on each of my systems so it can be used in an automated fashion to get mail onto my mail server? Do I need to start gpg-agent and enter a gpg keyring password whenever I reboot each of the systems? Is this the best way to get email alerts from my various systems to my email address? I switched to msmtp when nbsmtp was treecleaned. The switch was uneventful; it just works, which is high praise. You can't encrypt your password unless you're going to be physically present to decrypt it (with some other password). If your machine is physically secure, you can just make the msmtp config file read-only to yourself. If someone can log in as you, they can get your password anyway. There's only a risk if e.g. you're not root, or someone else can get root (access to grub) or walk off with the hard drive. If you're worried about either of those scenarios, set up a separate account for your email alerts. I like the separate account idea. Any tips on locking it down? Maybe that account on the mail server should somehow only be allowed to deliver to a single email address (mine)? Would it need a shell account? Certainly not allowed in sshd_config. - Grant
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
On 12/5/12 7:28 AM, Grant wrote: I was setting up ssmtp but I realized it isn't being maintained and there are a couple of alternatives called msmtp and dma. Can anyone recommend one of these over the other? msmtp and nullmailer are good choices as light weight MTAs. I hope to change the default mta from ssmtp to one of them in semi-near future (probably nullmailer now that it has TLS/SSL support). -- Eray Aslan e...@gentoo.org
