diff options
| -rw-r--r-- | fetchmail-FAQ.html | 111 |
1 files changed, 19 insertions, 92 deletions
diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index b991e772..f6ade859 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $ +<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $ </table> <HR> <H1>Frequently Asked Questions About Fetchmail</H1> @@ -1721,7 +1721,23 @@ http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html</a> <hr> <h2><a name="K3">K3. How can I get fetchmail to work with ssh?</a></h2> -We have five recipes for this.<P> +We have three recipes for this.<P> + +<h3>Using plugin</h3> + +There's a very simple IMAP recipe using the <tt>plugin</tt> option. +Use the following: + +<TT> + plugin "ssh %h /usr/sbin/imapd" +</TT> + +You may have to use a different absolute pathname, whatever the +location of imapd on your mailserver is. This option tells fetchmail +that instead of opening a connection on the server's port 143 and +doing standard IMAP authentication, fetchmail should ssh to the server +and run imapd, using the more secure ssh authentication (as well as +getting ssh's end-to-end encryption).<p> <h3>Single-User POP3</h3> @@ -1835,95 +1851,6 @@ Send a HUP signal to your inetd. Now just use localhost:1234 to access your POP server.<P> -<h3>Multi-User IMAP</h3> - -This one comes comes to us from Joerg Dorchain. -The basic idea is to set up a bidirectional encrypted socket connection:<p> - -<pre> -fetchmail <--> ssh <---> sshd <--> imapd - \---local side--/ \-remote side-/ -</pre> - -Use ssh-keygen(1) to set up a special ssh identity with no password -and RSA-only authentication, which executes /usr/sbin/imapd when -authenticated. For security reasons all other commands should be -disabled. (There is some security exposure in using an identity -without a passphrase; it means anyone who can get access to your -account could use it to read your mail).<p> - -Running ssh-keygen will generate two files. Have it create the -private key to ~/.ssh/identity-imap. Once you have generated the -corresponding public key, prepend this to the line of key data in it: - -<pre> -command="/usr/sbin/imapd",no-port-forwarding,no-agent-forwarding -</pre> - -This identity data has to be appended to ~/.ssh/authorized_keys on the -remote machine, as usual for RSA authentication. Whenever your ssh -uses this identity, the remote side will run imapd. The imapd will -see that it is not running as root and go into preauthenticated -mode.<p> - -On the client side, use the <code>plugin</code> keyword to make -fetchmail talk to the stdin of the remote ssh. Here's an examople: - -<pre> -poll mail.dorchain.net - with options proto imap, preauth ssh, plugin fetchmail-imap-wrapper -</pre> - -The wrapper script should look like this:<p> - -<pre> -#!/bin/sh -exec ssh -i $HOME/.ssh/identity-imap $1 /usr/sbin/imapd -</pre> - -<h3>Netcat-based POP or IMAP tunnelling</h3> - -Oren Tirosh <oren@mimique.com> sends us a method of using -fetchmail over ssh without port forwarding, using the plugin keyword.<P> - -First, set up a poll entry resembling thius one: - -<TT> -poll target.host plugin sshtunnel proto pop3 user foo password * -</TT> - -The important part is the "plugin sshtunnel". Now set up sshtunnel -as follows:<P> - -<TT> -This is the sshtunnel script: -#!/bin/sh -ssh $1 "nc localhost $2" -</TT> - -Thia method uses netcat to connect to the pop3 port locally on the -target host and create a two-way channel over the ssh connection.<P> - -Oren says: "In my experience it is much more reliable than the methods -described in your FAQ. ssh port forwarding often keeps the local port -bound for along timeout and has timing issues requiring tricks like -sleep, etc. I use this method for fetching all the mail for -mimique.com"<P> - -<h3>Using plugin</h3> - -Since 5.4.5, there's been a very simple recipe. Use the following option: - -<TT> - plugin "ssh %h /usr/sbin/rimapd" -</TT> - -You may have to use a different absolute pathname. This option tells -fetchmail that instead of opening a connection on the server's port -143 and doing standard IMAP authentication, fetchmail should ssh to -the server and run rimapd, using the more secure ssh authentication -(as well as getting ssh's encryption).<p> - <hr> <h2><a name="K4">K4. What do I have to do to use the IMAP-GSS protocol?</a></h2> @@ -2995,7 +2922,7 @@ switching to IMAP and using a short expunge interval.<p> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $ +<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> |