At 09:27 2005-11-17 -0600, Mark F wrote:
I've used procmail before but I don't use it often so I'm still what
you'd call a procmail newbie.
I've configured my postfix mail aliases to forward all mail to root to
my user account.
This is good procedure if you don't read the mail from a shell
account. Many systems (or email clients for that matter) are not
configured to use crypto for message retrieval, so retrieving root mail
using a standard POP3 connection (ie not via tunnelling or POP3S) will
expose the root password. OTOH, if you don't read root mail via a shell
account (via local console or ssh), then you really want to ensure you have
crypto on the mail retrieval because root messages may contain sensitive
information. But, I see that's basically the nature of your inquiry today...
The idea here is to then forward all that mail to my
(Windows, Outlook) workstation account where I can then read it and
respond. Thing is, this mail may contain sensitive information so it
must be encrypted in transit.
Is it being forwarded to an account on a different host? There you would
need encryption -- if BOTH mailhosts support TLS, you can configure the MTA
to use TLS to negotiate an encrypted connection when exchanging the
messages, and this would be transparent to your use of the MTA (i.e. once
configured, when sending a message, you wouldn't need to do anything
special for it to be encrypted). If you're downloading your mail using
your client and the SAME host that the root mail originated on, simply look
to change how you retrieve your mail. POP3 over an ssh tunnel would
encrypt the entire transaction (to the point that an outsider wouldn't even
know you were retrieving email, much less what was in it). I generally use
ssh tunnels when travelling - it gives me point-to-point security from my
workstation to the server without risking that I've got some bogus crap
going on with a wireless access point - some use proxies and mess with
regular mail protocols (which is bad because they're DELIBERATLEY
intercepting your login details and then connecting to your mail server on
the back end). Beware: the T-Mobile/Starbucks hotspot wifi network works
this way...
The benefit to using ssh (such as putty, which is a free, full-featured
windows ssh client) to establish port-forwarded tunnels is that your client
app doesn't have to have good support for crypto - excepting changing the
mailhost config in your client app (to look to a port on the localhost,
which putty then forwards), you don't have to go digging for some
compatible crypto settings between the client and server. OTOH, if you use
a lot of different accounts on different servers, the tunnelling game can
be a pain (and is only reliable if you're ssh'd (and thus have a shell
account) to the server which you're otherwise communicating with (POP,
SMTP, FTP, etc) - don't expect to ssh to one server and 'hop' to others
securely).
using that to encrypt the mail. Still, the sendmail program (from
postfix) is giving me lots of grief. No other mail program I've found
works at all for this purpose but sendmail delivers the message but
looses the subject and the recipients list.
May as well refer to it as postfix-sendmail, just to keep it clear on
future references.
I've got absolutely no idea what sort of TLS support postfix affords. All
the shops I work with use sendmail.
[snip - sorry, I'm not up for figuring out what is what with the script today]
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail