Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
CARE

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 276 guest(s) and 6 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

HOWTO Home

Current HOWTO: Secure POP via SSH mini-HOWTO


Secure POP via SSH mini-HOWTO: Using it With Your Mail Software Next Previous Contents

3. Using it With Your Mail Software

This section describes setting up your POP client software to use the ssh forwarded connection. It's primary focus is fetchmail (ESR's excellent mail-retrieval and forwarding utility), since that is the most flexible software I have found for dealing with POP. fetchmail can be found at http://www.tuxedo.org/~esr/fetchmail/. It will do you a great service to read the excellent documentation that comes with fetchmail.

3.1 Setting up fetchmail

The following is my .fetchmailrc


defaults
        user msingh is manish
        no rewrite

poll localhost with protocol pop3 and port 11110:
        preconnect "ssh -C -f msingh@popserver -L 11110:popserver:110 sleep 5"
        password foobar;

Pretty simple, huh? fetchmail has a wealth of commands, but the key ones are the preconnect line and the poll option.

We're not connecting directly to the POP server, but instead localhost and port 11110. The preconnect does the forwarding each time fetchmail is run, leaving open the connection for 5 seconds, so fetchmail can make it's own connect. The rest fetchmail does itself.

So each time you run fetchmail, you're prompted for your ssh password for authentication. If you run fetchmail in the background (like I do), it's inconvenient to have to do that. Which brings us to the next section.

3.2 Automating it all

ssh can authenticate using many methods. One of these is an RSA public/private key pair. You can generate an authentication key for your account using ssh-keygen. An authetication key can have a passphrase associated with it, or the passphase can be blank. Whether you want a passphrase depends on how secure you think the account you are using locally is.

If you think your machine is secure, go ahead and have a blank passpharase. Then the above .fetchmailrc works just by running fetchmail. You can then run fetchmail in daemon mode when you dial up and mail is fetched automatically. You're done.

However, if you think you need a passphrase, things get more complex. ssh can run under control of an agent, which can register keys and authenticate whatever ssh connections are made under it. So I have this script getmail.sh:


#!/bin/sh
ssh-add
while true; do fetchmail --syslog --invisible; sleep 5m; done

When I dialup, I run:

$ ssh-agent getmail.sh

This prompts me for my passphrase once, then checks mail every 5 minutes. When the dialup connection is closed, I terminate ssh-agent. (This is automated in my ip-up and ip-down scripts)

3.3 Not using fetchmail

What if I can't/don't want to use fetchmail? Pine, Netscape, and some other clients have their own POP mechanisms. First, consider using fetchmail! It's far more flexible, and mail clients shouldn't be doing that kind of stuff anyway. Both Pine and Netscape can be configured to use local mail systems.

But if you must, unless your client has a preconnect feature like fetchmail, you're going to have to keep the ssh port forward active for the entire time you're connected. Which means using sleep 100000000 to keep the connection alive. This might not go over well with your network admins.

Secondly, some clients (like Netscape) have the port number hardcoded to 110. So you need to be root to do port forwarding from privledged ports. This is also annoying. But it should work.


Next Previous Contents

The Linux Tutorial completely respects the rights of authors and artists to decide for themselves if and how their works can be used, independent of any existing licenses. This means if you are the author of any document presented on this site and do no wish it to be displayed as it is on this site or do not wish it to be displayed at all, please contact us and we will do our very best to accommodate you. If we are unable to accommodate you, we will, at your request, remove your document as quickly as possible.

If you are the author of any document presented on this site and would like a share of the advertising revenue, please contact us using the standard Feedback Form.


  
Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here

Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.20 Seconds