| 1 |
On 12/05/2012 01:43 AM, Grant wrote: |
| 2 |
>> |
| 3 |
>> I switched to msmtp when nbsmtp was treecleaned. The switch was |
| 4 |
>> uneventful; it just works, which is high praise. |
| 5 |
>> |
| 6 |
>> You can't encrypt your password unless you're going to be physically |
| 7 |
>> present to decrypt it (with some other password). If your machine is |
| 8 |
>> physically secure, you can just make the msmtp config file read-only to |
| 9 |
>> yourself. If someone can log in as you, they can get your password |
| 10 |
>> anyway. There's only a risk if e.g. you're not root, or someone else can |
| 11 |
>> get root (access to grub) or walk off with the hard drive. |
| 12 |
>> |
| 13 |
>> If you're worried about either of those scenarios, set up a separate |
| 14 |
>> account for your email alerts. |
| 15 |
> |
| 16 |
> I like the separate account idea. Any tips on locking it down? Maybe |
| 17 |
> that account on the mail server should somehow only be allowed to |
| 18 |
> deliver to a single email address (mine)? Would it need a shell |
| 19 |
> account? Certainly not allowed in sshd_config. |
| 20 |
> |
| 21 |
|
| 22 |
It depends on how you're authenticating. We've got our users in |
| 23 |
Postgres, and postfix uses Dovevot's SASL backend to auth. That way a |
| 24 |
"user" is just an email address/password combination and can't do |
| 25 |
anything except send/receive mail. |
| 26 |
|
| 27 |
The general defense against hacked user accounts is to do rate-limiting |
| 28 |
on the MTA with something like postfwd, and at least notify postmaster |
| 29 |
if someone begins sending hundreds of messages. That way if a user gets |
| 30 |
hacked, you find out about it and can disable them. |
| 31 |
|
| 32 |
In this case I wouldn't even worry about it. If someone can log on to |
| 33 |
your server and read the msmtp config, you've already got a big problem. |
| 34 |
The real benefit to using a separate account is that if that does |
| 35 |
happen, they can't see Grant's personal email password (which is |
| 36 |
essentially the keys to the kingdom). |
| 37 |
|
| 38 |
Another thing you might consider is getting added to the feedback loops |
| 39 |
of some major providers. When one of our users gets hacked, I find out |
| 40 |
quickly because AOL sends me a copy of every message that they get from |
| 41 |
us which is marked as junk. This is a Good Idea anyway, and mitigates |
| 42 |
the stolen-password problem in that unlikely event. |
Archives