From c7cafadac30d1f442b96d09e5eda2d65b8e6ce93 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Fri, 23 Feb 2001 08:28:11 +0000
Subject: Get rid of some complex recuipes.

svn path=/trunk/; revision=3139
---
 fetchmail-FAQ.html | 111 +++++++++--------------------------------------------
 1 file changed, 19 insertions(+), 92 deletions(-)

diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html
index b991e772..f6ade859 100644
--- a/fetchmail-FAQ.html
+++ b/fetchmail-FAQ.html
@@ -10,7 +10,7 @@
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
 <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $
+<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $
 </table>
 <HR>
 <H1>Frequently Asked Questions About Fetchmail</H1>
@@ -1721,7 +1721,23 @@ http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html</a>
 <hr>
 <h2><a name="K3">K3. How can I get fetchmail to work with ssh?</a></h2>
 
-We have five recipes for this.<P>
+We have three recipes for this.<P>
+
+<h3>Using plugin</h3>
+
+There's a very simple IMAP recipe using the <tt>plugin</tt> option.
+Use the following:
+
+<TT>
+	plugin "ssh %h /usr/sbin/imapd"
+</TT>
+
+You may have to use a different absolute pathname, whatever the
+location of imapd on your mailserver is.  This option tells fetchmail
+that instead of opening a connection on the server's port 143 and
+doing standard IMAP authentication, fetchmail should ssh to the server
+and run imapd, using the more secure ssh authentication (as well as
+getting ssh's end-to-end encryption).<p>
 
 <h3>Single-User POP3</h3>
 
@@ -1835,95 +1851,6 @@ Send a HUP signal to your inetd.
 
 Now just use localhost:1234 to access your POP server.<P>
 
-<h3>Multi-User IMAP</h3>
-
-This one comes comes to us from Joerg Dorchain.
-The basic idea is to set up a bidirectional encrypted socket connection:<p>
-
-<pre>
-fetchmail &lt;--&gt; ssh &lt;---&gt; sshd &lt;--&gt; imapd
- \---local side--/       \-remote side-/
-</pre>
-
-Use ssh-keygen(1) to set up a special ssh identity with no password
-and RSA-only authentication, which executes /usr/sbin/imapd when
-authenticated.  For security reasons all other commands should be
-disabled. (There is some security exposure in using an identity 
-without a passphrase; it means anyone who can get access to your
-account could use it to read your mail).<p>
-
-Running ssh-keygen will generate two files.  Have it create the
-private key to ~/.ssh/identity-imap. Once you have generated the
-corresponding public key, prepend this to the line of key data in it:
-
-<pre>
-command="/usr/sbin/imapd",no-port-forwarding,no-agent-forwarding
-</pre>
-
-This identity data has to be appended to ~/.ssh/authorized_keys on the
-remote machine, as usual for RSA authentication.  Whenever your ssh
-uses this identity, the remote side will run imapd.  The imapd will
-see that it is not running as root and go into preauthenticated
-mode.<p>
-
-On the client side, use the <code>plugin</code> keyword to make
-fetchmail talk to the stdin of the remote ssh.  Here's an examople:
-
-<pre>
-poll mail.dorchain.net 
-        with options proto imap, preauth ssh, plugin fetchmail-imap-wrapper 
-</pre>
-
-The wrapper script should look like this:<p>
-
-<pre>
-#!/bin/sh
-exec ssh -i $HOME/.ssh/identity-imap $1 /usr/sbin/imapd
-</pre>
-
-<h3>Netcat-based POP or IMAP tunnelling</h3>
-
-Oren Tirosh &lt;oren@mimique.com&gt; sends us a method of using
-fetchmail over ssh without port forwarding, using the plugin keyword.<P>
-
-First, set up a poll entry resembling thius one:
-
-<TT>
-poll target.host plugin sshtunnel proto pop3 user foo password *
-</TT>
-
-The important part is the "plugin sshtunnel".  Now set up sshtunnel
-as follows:<P>
-
-<TT>
-This is the sshtunnel script:
-#!/bin/sh
-ssh $1 "nc localhost $2"
-</TT>
-
-Thia method uses netcat to connect to the pop3 port locally on the
-target host and create a two-way channel over the ssh connection.<P>
-
-Oren says: "In my experience it is much more reliable than the methods
-described in your FAQ.  ssh port forwarding often keeps the local port
-bound for along timeout and has timing issues requiring tricks like
-sleep, etc.  I use this method for fetching all the mail for
-mimique.com"<P>
-
-<h3>Using plugin</h3>
-
-Since 5.4.5, there's been a very simple recipe.  Use the following option:
-
-<TT>
-	plugin "ssh %h /usr/sbin/rimapd"
-</TT>
-
-You may have to use a different absolute pathname. This option tells
-fetchmail that instead of opening a connection on the server's port
-143 and doing standard IMAP authentication, fetchmail should ssh to
-the server and run rimapd, using the more secure ssh authentication
-(as well as getting ssh's encryption).<p>
-
 <hr>
 <h2><a name="K4">K4. What do I have to do to use the IMAP-GSS protocol?</a></h2>
 
@@ -2995,7 +2922,7 @@ switching to IMAP and using a short expunge interval.<p>
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
 <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/02/19 20:31:25 $
+<td width="30%" align=right>$Date: 2001/02/23 08:28:11 $
 </table>
 
 <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@snark.thyrsus.com&gt;</A></ADDRESS>
-- 
cgit v1.2.3