1 |
OK, I finally solved this, albeit a bit differently... by switching to |
2 |
nullmailer. |
3 |
|
4 |
The TL/DR summary is: use the right tool for the job. Some more details follow |
5 |
below. |
6 |
|
7 |
Nullmailer was very easy to set up (the deceptively short HOWTO is pretty much |
8 |
all that is needed). The only problem is that there is no way to rewrite the |
9 |
envelope sender, which is required by my email provider. I solved that... |
10 |
creatively. *However* the master branch contains a change that introduces the |
11 |
"allmailfrom" control file [0], so once version 1.14 is out I can remove the |
12 |
hack. |
13 |
|
14 |
This choice came about because I switched from fcron to systemd-cron, which |
15 |
runs its mail_on_failure script as user "nobody", which caused my current |
16 |
"passwordeval" command ("cat somefile", somefile having a mode mask of 0600) to |
17 |
fail due to insufficient access rights. I really didn't want to deal with how |
18 |
to properly solve that, and I don't think it's possible (at least not with |
19 |
msmtp). I mean, the problem statement is basically "How do I securely give |
20 |
every user access to the password?". Once stated that way, I think the |
21 |
difficulty with the problem becomes fairly obvious. |
22 |
|
23 |
With nullmailer the remotes file is 0640, with group nullmailer, so only root |
24 |
or nullmailer can access it. It's also simple enough that I simply didn't add |
25 |
it to git. So the password is in plain text, but access is strictly limited. |
26 |
|
27 |
But really, I *should* have been tipped off by the package description: "An |
28 |
SMTP client and SMTP plugin for mail user agents such as Mutt". The above |
29 |
problem simply doesn't exist when running msmtp as a normal user (in which case |
30 |
you probably don't even have an /etc/msmtprc). |
31 |
|
32 |
[0] |
33 |
https://github.com/bruceg/nullmailer/commit/da55b71b6136bcefc7aa784a7f9fd45987670a7a |
34 |
-- |
35 |
Marc Joliet |
36 |
-- |
37 |
"People who think they know everything really annoy those of us who know we |
38 |
don't" - Bjarne Stroustrup |