BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fetchmail over ssh

Subject: Fetchmail over ssh
From: jabr at blu.org (John Abreau)
Date: Tue, 26 Mar 2002 12:27:19 -0500
In-reply-to: Your message of "Tue, 26 Mar 2002 15:26:36 +0200." <3CA0932C.15683.3A41D058@localhost>

roger at day.za.net writes:

> Over the last while I am sure I have seen postings here that refer to
> the fact that some people here are running their fetchmail over ssh.
> I need to install a system that does this at _very_ short notice and
> would apreciate if someone could please reduce my RTFM (reading the
> fantastic materials) time and give me some pointers.

You can tell fetchmail to accept external authentication, and use ssh
to do the authentication. To run fetchmail in the background, you'd
first create a DSA key, then use ssh-agent to cche the passphrase,
then start fetchmail.

To create the key:

ssh-keygen -t dsa

This saves it in ~/.ssh/id_dsa and id_dsa.pub

Copy the contents of the id_dsa.pub file and append it to

~/.ssh/authorized_keys2

in your account on the mail server. Be sure to set the permissions
on the remote .ssh directory to 700.

At this point you should be able to ssh to the mail server and it will
ask for the key's passphrase instead of your password.

Next, start up ssh-agent and load its process id into the environment:

ssh-agent > FOO
source FOO
rm FOO

Next, load the key into ssh-agent (it will prompt you for the passphrase):

ssh-add ~/.ssh/id_dsa

At this point you should be able to ssh to the mail server, and it will
connect using the key, but not require you to type the passphrase.

Once this is working, you can use fetchmail over ssh in the background.
First set up ~/.fetchmailrc:

set daemon 300
poll my.mail.server.com with proto IMAP auth ssh
plugin 'ssh %h /usr/sbin/imapd'

Note that this assumes that /usr/sbin/imapd exists on the mail server.
You could use pop3 instead if you prefer; I prefer imap because I've
found pop3 imposes a much bigger load on the mailserver.

Finally, start fetchmail with no options, and it will run in daemon mode
(in the background) and poll the mailserver every five minutes (300
seconds).

--
John Abreau / Executive Director, Boston Linux & Unix
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 344 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20020326/a22c3d4f/attachment.sig>

Follow-Ups:
- Fetchmail over ssh
  - From: mcmanus at ducksong.com (Patrick R. McManus)

References:
- Fetchmail over ssh
  - From: roger at day.za.net (Roger Day)

Prev by Date: flashing a Linksys router from Linux
Next by Date: kerberos
Previous by thread: Fetchmail over ssh
Next by thread: Fetchmail over ssh
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org