[sf-lug] sending mail through SSH port forwarding
Rick Moen
rick at linuxmafia.com
Wed Oct 22 13:23:33 PDT 2008
Quoting John Magolske (b79net at gmail.com):
> To clarify, my objective is to avoid is transmitting my email account
> passwords as plaintext between my laptop and the server when fetching
> and sending email.
It's always wise to be clear about what specific threat scenario one is
trying to address. So, really, in this case, the sole security downside
is that someone theoretically sniffing your password from a nearby
wireless node could steal an occasional bit of inbound mail addressed to
you, which (if then deleted from the server) you would not yourself
receive.
Although it's also true that the intruder could send outbound mail
masquerading as you, he/she doesn't need your IMAP/POP3 password to do
that.
You might want to ask yourself how much effort that (rather small)
threat scenario justifies.
(I'm assuming, here, that your POP3/IMAP credential isn't also useful
for other things such as ssh shell access. If it is, then fix _that_.)
> I do understand that once the mail moves beyond my mail server & into
> the wild there's no security at all unless I'm using something like
> pgp encryption.
...or a TLS connection between your local mail server and the endpoint
MTA. But you probably don't know when and where that is going to be
used -- and also, you don't know whether the mail will be processed
unencrypted after receipt at the remote MTA.
> To send mail I'm using msmtp....
Ah. I have a bestiary of all known similar "nullmailers" here:
http://linuxmafia.com/faq/Mail/nullmailers.html
If those don't meet your needs (and the TLS/SSL capabilities of
nullmailers tend to be weak), then you might have to resort to a real
MTA, such as Exim4.
More information about the sf-lug
mailing list