Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fetchmail over ssh



roger at day.za.net writes:

> Over the last while I am sure I have seen postings here that refer to 
> the fact that some people here are running their fetchmail over ssh.  
> I need to install a system that does this at _very_ short notice and 
> would apreciate if someone could please reduce my RTFM (reading the 
> fantastic materials) time and give me some pointers.

You can tell fetchmail to accept external authentication, and use ssh
to do the authentication. To run fetchmail in the background, you'd
first create a DSA key, then use ssh-agent to cche the passphrase, 
then start fetchmail.

To create the key:

    ssh-keygen -t dsa 

This saves it in ~/.ssh/id_dsa and id_dsa.pub

Copy the contents of the id_dsa.pub file and append it to 

    ~/.ssh/authorized_keys2 

in your account on the mail server. Be sure to set the permissions
on the remote .ssh directory to 700.

At this point you should be able to ssh to the mail server and it will
ask for the key's passphrase instead of your password.

Next, start up ssh-agent and load its process id into the environment:

    ssh-agent > FOO
    source FOO
    rm FOO

Next, load the key into ssh-agent (it will prompt you for the passphrase):

    ssh-add ~/.ssh/id_dsa

At this point you should be able to ssh to the mail server, and it will
connect using the key, but not require you to type the passphrase.

Once this is working, you can use fetchmail over ssh in the background.
First set up ~/.fetchmailrc:

    set daemon 300
    poll my.mail.server.com with proto IMAP auth ssh
        plugin 'ssh %h /usr/sbin/imapd'

Note that this assumes that /usr/sbin/imapd exists on the mail server.
You could use pop3 instead if you prefer; I prefer imap because I've
found pop3 imposes a much bigger load on the mailserver.

Finally, start fetchmail with no options, and it will run in daemon mode
(in the background) and poll the mailserver every five minutes (300 
seconds).


-- 
John Abreau / Executive Director, Boston Linux & Unix 
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 344 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20020326/a22c3d4f/attachment.sig>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org