Fetchmail thru ssh tunnel?

Mike Bilow mikebw at colossus.bilow.com
Sat Mar 18 07:07:24 EST 2000 

First, you can avoid sending your password in the clear by the simple
expedient of authentication with APOP.  An APOP-capable server will append
timestamped unique text to its initial message within corner brackets:

+OK POP3 v7.59 server ready <53a4.38d36f22 at colossus.bilow.com>

The APOP-capable client uses this unique text in combination with its
shared secret (the real password) and generates a cryptographic hash based
upon these two elements.  The server, knowing both, can tell whether the
hash is correct and therefore indicates possession of the appropriate
secret.  The point, of course, is that the shared secret is not passed.

Second, if you want to encrypt the whole mail session through an ssh
tunnel, that's not hard to do.  The real trick is to set up a private key
with no passphrase, so that you will not be prompted for it upon login.
Then run ssh automatically to alias a local port:

ssh -f -i .ssh/popconly -l username -L 1110:pop.host.com:110 pop.host.com 'sleep 60' &
sleep 20
fetchmail

The way this works is by starting the ssh client and giving it about 20
seconds to log in.  Once it is logged in, port 1110 on your local machine
will be aliases through the encrypted tunnel to port 110 on the real POP
server host.  You then point fetchmail at port 1110 on localhost.  If the
POP session takes longer than the arbitrary 60 seconds of sleeping, then
ssh will wait for the session to close.

-- Mike


On Sat, 18 Mar 2000, John Abreau wrote:

> I just got my laptop set up to use a Novatel Merlin cdpd modem, and it's
> working beautifully. I can ssh to my external mail server, and the
> throughput is surprisingly fast, considering that cdpd is limited to 19.2k
> from what I understand. I'm getting better reponse time from cdpd than I
> do with a normal 56k modem.
> 
> Now I need to configure mail. I've got fetchmail working normally, but I'm
> not comfortable about passing my mail over the airwaves in cleartext. Has
> anyone successfully gotten fetchmail working through an ssh tunnel?


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list