| 1 |
OK, I finally solved this, albeit a bit differently... by switching to |
| 2 |
nullmailer. |
| 3 |
|
| 4 |
The TL/DR summary is: use the right tool for the job. Some more details follow |
| 5 |
below. |
| 6 |
|
| 7 |
Nullmailer was very easy to set up (the deceptively short HOWTO is pretty much |
| 8 |
all that is needed). The only problem is that there is no way to rewrite the |
| 9 |
envelope sender, which is required by my email provider. I solved that... |
| 10 |
creatively. *However* the master branch contains a change that introduces the |
| 11 |
"allmailfrom" control file [0], so once version 1.14 is out I can remove the |
| 12 |
hack. |
| 13 |
|
| 14 |
This choice came about because I switched from fcron to systemd-cron, which |
| 15 |
runs its mail_on_failure script as user "nobody", which caused my current |
| 16 |
"passwordeval" command ("cat somefile", somefile having a mode mask of 0600) to |
| 17 |
fail due to insufficient access rights. I really didn't want to deal with how |
| 18 |
to properly solve that, and I don't think it's possible (at least not with |
| 19 |
msmtp). I mean, the problem statement is basically "How do I securely give |
| 20 |
every user access to the password?". Once stated that way, I think the |
| 21 |
difficulty with the problem becomes fairly obvious. |
| 22 |
|
| 23 |
With nullmailer the remotes file is 0640, with group nullmailer, so only root |
| 24 |
or nullmailer can access it. It's also simple enough that I simply didn't add |
| 25 |
it to git. So the password is in plain text, but access is strictly limited. |
| 26 |
|
| 27 |
But really, I *should* have been tipped off by the package description: "An |
| 28 |
SMTP client and SMTP plugin for mail user agents such as Mutt". The above |
| 29 |
problem simply doesn't exist when running msmtp as a normal user (in which case |
| 30 |
you probably don't even have an /etc/msmtprc). |
| 31 |
|
| 32 |
[0] |
| 33 |
https://github.com/bruceg/nullmailer/commit/da55b71b6136bcefc7aa784a7f9fd45987670a7a |
| 34 |
-- |
| 35 |
Marc Joliet |
| 36 |
-- |
| 37 |
"People who think they know everything really annoy those of us who know we |
| 38 |
don't" - Bjarne Stroustrup |
Archives