From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 17D7A1383D9 for ; Mon, 20 Jul 2015 11:22:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B71B0E08F3; Mon, 20 Jul 2015 11:22:05 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6847AE08C2 for ; Mon, 20 Jul 2015 11:22:04 +0000 (UTC) Received: from thetick ([93.181.44.4]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0Ln897-1YjAAR40uj-00hOF2 for ; Mon, 20 Jul 2015 13:22:03 +0200 Date: Mon, 20 Jul 2015 13:21:56 +0200 From: Marc Joliet To: gentoo-user@lists.gentoo.org Subject: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer Message-ID: <20150720132156.0f3065cc@thetick> In-Reply-To: <20150608114704.2da5a784@thetick> References: <20150608114704.2da5a784@thetick> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.28; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/K_xU1ETLReuiqkIU+g5RI/+"; protocol="application/pgp-signature" X-Provags-ID: V03:K0:ZEe6788MJ+BmZ/li9O1httlcg4MaPkvIAU/YdhMs8pEBfvsya1T 5ZCkr9BosDx3UFxQkYcdNS4cof37JCJ5AGsakS0R/B2qpZ9/IBb1l+0pZoL/H8SGMdLlFY7 2I45i43HXF/O8917urCucwXRFBgzvAh/Ul4sTHLgCeecGdV47xUXfiHL7/M3ZEVYbKSeOEH sfjAKKB9qXRTRUNUZRgew== X-UI-Out-Filterresults: notjunk:1;V01:K0:og5lLXyUDKU=:Qn4CQUCwLx1jlZY3ya9b5J feMw5DNNG95IrztWhfoqkih7WK2SFkm/o8M4YHgnxplxBoQxA67qu5LOIHE9ZEaQMXHZx1HmJ 1Ya7TH7n5u5pU/3QBEsJTX/1CRwspclMKfpGlBcEXZMaCswpRNFzoppDCptcjcdF9tU0TIhbp 0K8s9FGQe6cOV96VtSd0t6RTfH8q3YlcbFG9ZJuyyGIr1Sl6KXwp1LZ4EO01joc8p5kHX3YEC FZIhDkwDDWDl+m/XS6mY+KFBxZOEqgyECX/WTa4uppIszXetPUE4XSHYZoIn0fZ0oBlCx0uVt Y/x6cy514ijQcvHRfoS3yWe5djUUwYxQowwztEFZeI9uObKqhduSuQRFtLlxMRZNH43La4+A8 ziNv31debQnCslbAB3P737iMpqAdsGNMNs7kOeJ6V3m92P8P7eGac2C0ebWllWdS9C87aT+PL o0Q4DifsAUnbhnucJamRFlPgI/81WuHeVp2hF7E3rSouz8oMKk1eMHCgzvKzSKTsqM5oXATLH w2c/71BueD200Kb4J/4lWM0iSw/sHiLDtCEuKHfWfEeUoEoDWGF2/4Qd8sgvibuj8xR85EA5v rA7NqTLjZVZlyVC2YBz3RoVHEVkS2u7NjABaX7y7cpNrOcnupXyjHVVwTIDgOzrX5I2HNrZOA sh+9VAAmCNGWsI2aKJaDJH4+CNoMxlqN48roDcU/j6fyuuA== X-Archives-Salt: 72d8d099-bf9c-4fa0-a572-917bbd14f1ec X-Archives-Hash: fbff090b66062b6568c0e6b1a930d52f --Sig_/K_xU1ETLReuiqkIU+g5RI/+ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable OK, I finally solved this, albeit a bit differently... by switching to nullmailer. The TL/DR summary is: use the right tool for the job. Some more details fo= llow below. Nullmailer was very easy to set up (the deceptively short HOWTO is pretty m= uch all that is needed). The only problem is that there is no way to rewrite t= he envelope sender, which is required by my email provider. I solved that... creatively. *However* the master branch contains a change that introduces t= he "allmailfrom" control file [0], so once version 1.14 is out I can remove the hack. This choice came about because I switched from fcron to systemd-cron, which runs its mail_on_failure script as user "nobody", which caused my current "passwordeval" command ("cat somefile", somefile having a mode mask of 0600= ) to fail due to insufficient access rights. I really didn't want to deal with = how to properly solve that, and I don't think it's possible (at least not with msmtp). I mean, the problem statement is basically "How do I securely give every user access to the password?". Once stated that way, I think the difficulty with the problem becomes fairly obvious. With nullmailer the remotes file is 0640, with group nullmailer, so only ro= ot or nullmailer can access it. It's also simple enough that I simply didn't = add it to git. So the password is in plain text, but access is strictly limite= d. But really, I *should* have been tipped off by the package description: "An SMTP client and SMTP plugin for mail user agents such as Mutt". The above problem simply doesn't exist when running msmtp as a normal user (in which = case you probably don't even have an /etc/msmtprc). [0] https://github.com/bruceg/nullmailer/commit/da55b71b6136bcefc7aa784a7f9fd45= 987670a7a --=20 Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup --Sig_/K_xU1ETLReuiqkIU+g5RI/+ Content-Type: application/pgp-signature Content-Description: Digitale Signatur von OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVrNnZAAoJEL/Q5oYsiHj0tSsQAKVdg91jTtt0Dtzm4WF0NA0j a1YE1enCFKR6erqV61UKzzpuWDJAPKka5z3PD4dPeMyT9+MIi6I9jK38sO+q0aQW /Kt41GvVRjMNjw0zBeVYUbZzm4/fp7W1y/M1qbm0iGGdMxaKU5AwgZARimnVBqOb qUafUsFuKLMbiZP/8oXPZ1S3cBS+mbJlvIKsNlI/nbUsfyAAEYBg3Pl+UPOAXgW8 zkZ02rTbYgs6gXXYuhnxe7mAQYC8dHdnAMVlt0Efzl36h0HrFj64/yvySD8IO8C9 5iACvoVJYlyBFT9MPacZzk5lXyfNQWJdrCSMW5VLC3PaP8dZRqqu2nAwAY9VO6xB xLs1CL7osGYHbY7MJ1sX2OmXnJM/SWpqGPQS5h0kHE1ZKKTGSe/SpAu3ZOWt6s48 wUa6mFavnkBsSJPNBGzie6Xr7RJqnG6Qxdqj0WuDo8/SUXPREVF2fEjUwILcr0sE yIHbUeMm8RcfnNNoNf2BpMbFFJBuwKMEsbVXWwCCCBOsF92y4gvrXbc0KOJ1L7p1 XvK34dgmrbk05og3zU4PdOXfSCEyVJYkFaHpOgC24coXwtiTdQ7lkuyDb8X/0Kwc IOvgKfm0JtG3m4ZGzr0uPFwoGJYaOsdpvohSOE2gsqKt85Tp0qePZMlKpSDDoLPG 7mU58Xjq+Us394EGE6Wg =H6mN -----END PGP SIGNATURE----- --Sig_/K_xU1ETLReuiqkIU+g5RI/+--