From c7cafadac30d1f442b96d09e5eda2d65b8e6ce93 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Fri, 23 Feb 2001 08:28:11 +0000 Subject: Get rid of some complex recuipes. svn path=/trunk/; revision=3139 --- fetchmail-FAQ.html | 111 +++++++++-------------------------------------------- 1 file changed, 19 insertions(+), 92 deletions(-) (limited to 'fetchmail-FAQ.html') diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index b991e772..f6ade859 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@
Back to Fetchmail Home Page To Site Map -$Date: 2001/02/19 20:31:25 $ +$Date: 2001/02/23 08:28:11 $

Frequently Asked Questions About Fetchmail

@@ -1721,7 +1721,23 @@ http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html

K3. How can I get fetchmail to work with ssh?

-We have five recipes for this.

+We have three recipes for this.

+ +

Using plugin

+ +There's a very simple IMAP recipe using the plugin option. +Use the following: + + + plugin "ssh %h /usr/sbin/imapd" + + +You may have to use a different absolute pathname, whatever the +location of imapd on your mailserver is. This option tells fetchmail +that instead of opening a connection on the server's port 143 and +doing standard IMAP authentication, fetchmail should ssh to the server +and run imapd, using the more secure ssh authentication (as well as +getting ssh's end-to-end encryption).

Single-User POP3

@@ -1835,95 +1851,6 @@ Send a HUP signal to your inetd. Now just use localhost:1234 to access your POP server.

-

Multi-User IMAP

- -This one comes comes to us from Joerg Dorchain. -The basic idea is to set up a bidirectional encrypted socket connection:

- -

-fetchmail <--> ssh <---> sshd <--> imapd
- \---local side--/       \-remote side-/
-
- -Use ssh-keygen(1) to set up a special ssh identity with no password -and RSA-only authentication, which executes /usr/sbin/imapd when -authenticated. For security reasons all other commands should be -disabled. (There is some security exposure in using an identity -without a passphrase; it means anyone who can get access to your -account could use it to read your mail).

- -Running ssh-keygen will generate two files. Have it create the -private key to ~/.ssh/identity-imap. Once you have generated the -corresponding public key, prepend this to the line of key data in it: - -

-command="/usr/sbin/imapd",no-port-forwarding,no-agent-forwarding
-
- -This identity data has to be appended to ~/.ssh/authorized_keys on the -remote machine, as usual for RSA authentication. Whenever your ssh -uses this identity, the remote side will run imapd. The imapd will -see that it is not running as root and go into preauthenticated -mode.

- -On the client side, use the plugin keyword to make -fetchmail talk to the stdin of the remote ssh. Here's an examople: - -

-poll mail.dorchain.net 
-        with options proto imap, preauth ssh, plugin fetchmail-imap-wrapper 
-
- -The wrapper script should look like this:

- -

-#!/bin/sh
-exec ssh -i $HOME/.ssh/identity-imap $1 /usr/sbin/imapd
-
- -

Netcat-based POP or IMAP tunnelling

- -Oren Tirosh <oren@mimique.com> sends us a method of using -fetchmail over ssh without port forwarding, using the plugin keyword.

- -First, set up a poll entry resembling thius one: - - -poll target.host plugin sshtunnel proto pop3 user foo password * - - -The important part is the "plugin sshtunnel". Now set up sshtunnel -as follows:

- - -This is the sshtunnel script: -#!/bin/sh -ssh $1 "nc localhost $2" - - -Thia method uses netcat to connect to the pop3 port locally on the -target host and create a two-way channel over the ssh connection.

- -Oren says: "In my experience it is much more reliable than the methods -described in your FAQ. ssh port forwarding often keeps the local port -bound for along timeout and has timing issues requiring tricks like -sleep, etc. I use this method for fetching all the mail for -mimique.com"

- -

Using plugin

- -Since 5.4.5, there's been a very simple recipe. Use the following option: - - - plugin "ssh %h /usr/sbin/rimapd" - - -You may have to use a different absolute pathname. This option tells -fetchmail that instead of opening a connection on the server's port -143 and doing standard IMAP authentication, fetchmail should ssh to -the server and run rimapd, using the more secure ssh authentication -(as well as getting ssh's encryption).

-


K4. What do I have to do to use the IMAP-GSS protocol?

@@ -2995,7 +2922,7 @@ switching to IMAP and using a short expunge interval.

Back to Fetchmail Home Page To Site Map -$Date: 2001/02/19 20:31:25 $ +$Date: 2001/02/23 08:28:11 $

Eric S. Raymond <esr@snark.thyrsus.com>
-- cgit v1.2.3