aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS4
-rw-r--r--README13
-rw-r--r--fetchmail.man40
3 files changed, 33 insertions, 24 deletions
diff --git a/NEWS b/NEWS
index 68962e11..b11004be 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,10 @@
------------------------------------------------------------------------------
fetchmail-2.6 (Wed Dec 25 05:56:24 EST 1996)
+features --
+
+* --interface option format is now simpler.
+
bugs --
* Fixed length-computation bug (apparently introduced in 2.3) that messed
diff --git a/README b/README
index 5eeaa57c..888fcb45 100644
--- a/README
+++ b/README
@@ -34,6 +34,9 @@ pop-perl5-1.2, popc, popmail-1.6 and upop) are marked with **.
** Support for retrieving and forwarding from multi-drop mailboxes
that is guaranteed not to cause mail loops.
+ ** (Linux only) Security option to permit fetchmail to run only
+ when an interface to a particular IP address is up.
+
* Easy control via command line or free-format run control file.
* Daemon mode -- fetchmail can be run in background to poll
@@ -60,11 +63,11 @@ pop-perl5-1.2, popc, popmail-1.6 and upop) are marked with **.
feedback is rapid, bugs get found and fixed rapidly.
The fetchmail code appears to be stable and free of bugs affecting
-normal operation (that is, retrieving from POP3 or IMAP and forwarding
-99via SMTP to sendmail). It will probably undergo substantial change
-only if and when support for a new retrieval protocol or authentication
-is added. See the distribution files NEWS for detailed information on
-recent changes and NOTES for design notes.
+normal operation (that is, retrieving from POP3 or IMAP in single-drop
+mode and forwarding via SMTP to sendmail). It will probably undergo
+substantial change only if and when support for a new retrieval
+protocol or authentication is added. See the distribution files NEWS
+for detailed information on recent changes and NOTES for design notes.
You can easily fetch the latest version of fetchmail via FTP from the
following FTP directory:
diff --git a/fetchmail.man b/fetchmail.man
index ce1b76b5..d24234ff 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -107,26 +107,24 @@ Specify an alternate name for the .fetchids file used to save POP3
UIDs.
.TP
.B \-I specification, --interface specification
-.I fetchmail
-relies on the underlying TCP/IP protocol to reach the server host.
-Transient links are commonly established directly to a mail host and are
-relatively secure channels to communicate. When other routes exist, or
-when a transient link is established to a different remote host, your
-username and password may be vulnerable to snooping when daemon mode
-automatically polls for mail.
-.sp
-This option may be used to specify a connection IP address (or range)
-for a system TCP/IP interface. When the link is not up or is connected
-to a different host, polling will be skipped. The format is:
-.sp
- interface/iii.iii.iii.iii/mmm.mmm.mmm.mmm
+Require that a point-to-point connection to a given IP address be up
+before polling. Normally fetchmail is used via a transient
+point-to-point TCP/IP link established directly to a mailserver via
+SLIP or PPP; this is a relatively secure channel. But when other
+TCP/IP routes to the mailserver exist, your username and password may
+be vulnerable to snooping (especially when daemon mode automatically
+polls for mail, shipping a clear password over the net at predictable
+intervals). The --interface option may be used to prevent this by
+specifying a connection IP address (or range) for the mailserver
+TCP/IP link. When the specified link is not up or is not connected to
+a matching IP address, polling will be skipped. The format is:
.sp
-The field after the first slash is the acceptable IP address and the
-field after the second slash is a mask which specifies a range of IP
-addresses to accept. If no mask is present 255.255.255.255 is assumed
-(i.e. an exact match).
+ iii.iii.iii.iii/mmm.mmm.mmm.mmm
.sp
-This option is currently only supported under Linux.
+The field before the slash is the acceptable IP address and the field
+after the slash is a mask which specifies a range of IP addresses to
+accept. If no mask is present 255.255.255.255 is assumed (i.e. an
+exact match). This option is currently only supported under Linux.
.TP
.B \-M interface, --monitor interface
Daemon mode can cause transient links which are automatically taken down
@@ -827,7 +825,11 @@ Use of any of the supported protocols other than APOP or KPOP requires
that the program send unencrypted passwords over the TCP/IP connection
to the mailserver. This creates a risk that name/password pairs
might be snaffled with a packet sniffer or more sophisticated
-monitoring software.
+monitoring software. Under Linux, the --interface option can be used
+to restrict polling to a specified point-to-point link, but snooping
+is still possible if (a) either host has a network device that can be
+opened in promiscuous mode, or (b) the intervening network link can
+be tapped.
.PP
Send comments, bug reports, gripes, and the like to Eric S. Raymond
<esr@thyrsus.com>.