From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5A3661381F3 for ; Wed, 5 Dec 2012 06:44:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 22AC121C01A; Wed, 5 Dec 2012 06:44:20 +0000 (UTC) Received: from mail-ee0-f53.google.com (mail-ee0-f53.google.com [74.125.83.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C223FE0230 for ; Wed, 5 Dec 2012 06:43:01 +0000 (UTC) Received: by mail-ee0-f53.google.com with SMTP id c50so2863331eek.40 for ; Tue, 04 Dec 2012 22:43:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=UyTvANnBuE4cKMcoUMV0JER6PUqTKWmNKlEwpLehV+4=; b=yPUeANSPN+wv2iKgnH9pzgFDHN71lqk2kRR97COkoL9emI/a1lg1+rU2FJGhTeqll3 DsJit8VAm/b+Xv6W0m0QdZ4jyDCDhRQwktUAc3Eb+jcCQkBMe0WtNvfs+RZWCYTMxp+y 5fD61UU0n7pD0zlR0KLMcSbuGg/f7Kn1cM69CTKVBHNzPUIudhxC3eyr5MNft9755DXm 4KOM+s1ERDSrnYQEItpeEyfy9klk5B3do4MlN86eYas7dXe1BgYZRSJMnoafZUJihRuH Tt5yn/pR15noCGk8Y4hADq6gUrBC8+jD3FwPUMFsPgoLCUGNlWCEinTd4aiZyPMHCAST JI6Q== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.14.175.198 with SMTP id z46mr57233138eel.26.1354689780412; Tue, 04 Dec 2012 22:43:00 -0800 (PST) Received: by 10.223.60.69 with HTTP; Tue, 4 Dec 2012 22:43:00 -0800 (PST) In-Reply-To: <50BEDF15.9040304@orlitzky.com> References: <50BEDF15.9040304@orlitzky.com> Date: Tue, 4 Dec 2012 22:43:00 -0800 Message-ID: Subject: Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma From: Grant To: Gentoo mailing list Content-Type: multipart/alternative; boundary=047d7b603e7424700004d0154bc2 X-Archives-Salt: 5885f6cd-96a3-4628-a7a7-b44ecefd11aa X-Archives-Hash: b94ddfec38496d19acede159caef54b9 --047d7b603e7424700004d0154bc2 Content-Type: text/plain; charset=ISO-8859-1 > > I was setting up ssmtp but I realized it isn't being maintained and > > there are a couple of alternatives called msmtp and dma. Can anyone > > recommend one of these over the other? > > > > I don't like how ssmtp stores the mail password in clear text in its > > config file. It looks like msmtp can pull the password from gpg: > > > > msmtp --passwordeval 'gpg -d mypwfile.gpg' > > > > I don't have much experience with gpg. Does this mean I can store the > > mail password encrypted on each of my systems so it can be used in an > > automated fashion to get mail onto my mail server? Do I need to start > > gpg-agent and enter a gpg keyring password whenever I reboot each of the > > systems? > > > > Is this the best way to get email alerts from my various systems to my > > email address? > > > > I switched to msmtp when nbsmtp was treecleaned. The switch was > uneventful; it just works, which is high praise. > > You can't encrypt your password unless you're going to be physically > present to decrypt it (with some other password). If your machine is > physically secure, you can just make the msmtp config file read-only to > yourself. If someone can log in as you, they can get your password > anyway. There's only a risk if e.g. you're not root, or someone else can > get root (access to grub) or walk off with the hard drive. > > If you're worried about either of those scenarios, set up a separate > account for your email alerts. I like the separate account idea. Any tips on locking it down? Maybe that account on the mail server should somehow only be allowed to deliver to a single email address (mine)? Would it need a shell account? Certainly not allowed in sshd_config. - Grant --047d7b603e7424700004d0154bc2 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable > > I was setting up ssmtp but I realized it isn't being maintain= ed and
> > there are a couple of alternatives called msmtp and dma= . =A0Can anyone
> > recommend one of these over the other?
>= >
> > I don't like how ssmtp stores the mail password in clear text= in its
> > config file. =A0It looks like msmtp can pull the passw= ord from gpg:
> >
> > msmtp --passwordeval 'gpg -d my= pwfile.gpg'
> >
> > I don't have much experience with gpg. =A0Does t= his mean I can store the
> > mail password encrypted on each of my= systems so it can be used in an
> > automated fashion to get mail= onto my mail server? =A0Do I need to start
> > gpg-agent and enter a gpg keyring password whenever I reboot each= of the
> > systems?
> >
> > Is this the best wa= y to get email alerts from my various systems to my
> > email addr= ess?
> >
>
> I switched to msmtp when nbsmtp was treecleaned. = The switch was
> uneventful; it just works, which is high praise.
= >
> You can't encrypt your password unless you're going to= be physically
> present to decrypt it (with some other password). If your machine is> physically secure, you can just make the msmtp config file read-only= to
> yourself. If someone can log in as you, they can get your passw= ord
> anyway. There's only a risk if e.g. you're not root, or someon= e else can
> get root (access to grub) or walk off with the hard driv= e.
>
> If you're worried about either of those scenarios, s= et up a separate
> account for your email alerts.

I like the separate account= idea. =A0Any tips on locking it down? =A0Maybe that account on the mail se= rver should somehow only be allowed to deliver to a single email address (m= ine)? =A0Would it need a shell account? =A0Certainly not allowed in sshd_co= nfig.

- Grant
--047d7b603e7424700004d0154bc2--