| 1 |
> > I was setting up ssmtp but I realized it isn't being maintained and |
| 2 |
> > there are a couple of alternatives called msmtp and dma. Can anyone |
| 3 |
> > recommend one of these over the other? |
| 4 |
> > |
| 5 |
> > I don't like how ssmtp stores the mail password in clear text in its |
| 6 |
> > config file. It looks like msmtp can pull the password from gpg: |
| 7 |
> > |
| 8 |
> > msmtp --passwordeval 'gpg -d mypwfile.gpg' |
| 9 |
> > |
| 10 |
> > I don't have much experience with gpg. Does this mean I can store the |
| 11 |
> > mail password encrypted on each of my systems so it can be used in an |
| 12 |
> > automated fashion to get mail onto my mail server? Do I need to start |
| 13 |
> > gpg-agent and enter a gpg keyring password whenever I reboot each of the |
| 14 |
> > systems? |
| 15 |
> > |
| 16 |
> > Is this the best way to get email alerts from my various systems to my |
| 17 |
> > email address? |
| 18 |
> > |
| 19 |
> |
| 20 |
> I switched to msmtp when nbsmtp was treecleaned. The switch was |
| 21 |
> uneventful; it just works, which is high praise. |
| 22 |
> |
| 23 |
> You can't encrypt your password unless you're going to be physically |
| 24 |
> present to decrypt it (with some other password). If your machine is |
| 25 |
> physically secure, you can just make the msmtp config file read-only to |
| 26 |
> yourself. If someone can log in as you, they can get your password |
| 27 |
> anyway. There's only a risk if e.g. you're not root, or someone else can |
| 28 |
> get root (access to grub) or walk off with the hard drive. |
| 29 |
> |
| 30 |
> If you're worried about either of those scenarios, set up a separate |
| 31 |
> account for your email alerts. |
| 32 |
|
| 33 |
I like the separate account idea. Any tips on locking it down? Maybe that |
| 34 |
account on the mail server should somehow only be allowed to deliver to a |
| 35 |
single email address (mine)? Would it need a shell account? Certainly not |
| 36 |
allowed in sshd_config. |
| 37 |
|
| 38 |
- Grant |
Archives