1 |
> > I was setting up ssmtp but I realized it isn't being maintained and |
2 |
> > there are a couple of alternatives called msmtp and dma. Can anyone |
3 |
> > recommend one of these over the other? |
4 |
> > |
5 |
> > I don't like how ssmtp stores the mail password in clear text in its |
6 |
> > config file. It looks like msmtp can pull the password from gpg: |
7 |
> > |
8 |
> > msmtp --passwordeval 'gpg -d mypwfile.gpg' |
9 |
> > |
10 |
> > I don't have much experience with gpg. Does this mean I can store the |
11 |
> > mail password encrypted on each of my systems so it can be used in an |
12 |
> > automated fashion to get mail onto my mail server? Do I need to start |
13 |
> > gpg-agent and enter a gpg keyring password whenever I reboot each of the |
14 |
> > systems? |
15 |
> > |
16 |
> > Is this the best way to get email alerts from my various systems to my |
17 |
> > email address? |
18 |
> > |
19 |
> |
20 |
> I switched to msmtp when nbsmtp was treecleaned. The switch was |
21 |
> uneventful; it just works, which is high praise. |
22 |
> |
23 |
> You can't encrypt your password unless you're going to be physically |
24 |
> present to decrypt it (with some other password). If your machine is |
25 |
> physically secure, you can just make the msmtp config file read-only to |
26 |
> yourself. If someone can log in as you, they can get your password |
27 |
> anyway. There's only a risk if e.g. you're not root, or someone else can |
28 |
> get root (access to grub) or walk off with the hard drive. |
29 |
> |
30 |
> If you're worried about either of those scenarios, set up a separate |
31 |
> account for your email alerts. |
32 |
|
33 |
I like the separate account idea. Any tips on locking it down? Maybe that |
34 |
account on the mail server should somehow only be allowed to deliver to a |
35 |
single email address (mine)? Would it need a shell account? Certainly not |
36 |
allowed in sshd_config. |
37 |
|
38 |
- Grant |