Re: [vox-tech] Secure Email Access (fetchmail and ssh)

[Micah Cowan <micaMAPSh@cowanbox.com>]

On Thu, Oct 11, 2001 at 10:35:41PM -0700, Matt Roper wrote:
> I am trying to find a secure way to have the box that I use as a mail
> server go download all my @ucdavis email from the UCD mail server.  My
> plan is to use fetchmail with an ssh preconnect string to accomplish
> this.  I believe that my .fetchmailrc file should have an entry that
> looks something like the following:
> 
> poll yellow.ucdavis.edu via localhost port 1234 with proto pop3:
>     user 'mattrope' there with password 'XXXXXXX' is mattrope here
>     preconnect "ssh -f -q -L 1234:yellow.ucdavis.edu:110
>     yellow.ucdavis.edu sleep 20 < /dev/null > /dev/null"

Since by the time it has arrived at your ucdavis server, it has
*already* been sent over the wire in the clear, I assume your goal
isn't actually to encrypt your email, but only to hide your password?

If that's the case, find out if your server supports a secure POP3
authentication method, such as POP3 over SSL, or (more likely) APOP
authentication.  Ask your admin...

If they don't, have you considered using a .forward file (my first
choice) if they have that capability?  That makes it very easy - no
passwords involved.

If it's actually the mail you want to encrypt, then you ought to be
encrypting it before it arrives in your ucdavis box to begin with -
insist on all sensitive mail being sent to you being encrypted via
PGP.

Micah