Menu
▾
▴
fetchmail-users
|
From: Stephen A. <fet...@ro...> - 2006-07-06 09:00:55
|
The subject may be a little misleading... in my scenario we have 10 ISP POP3 accounts that map to 8 local users. The way I set it up a few years ago was fetchmail running as root and collecting mail for all POP3 accounts. I've since discovered that fetchmail is normally run on a per-user basis. Given that the users never log in to a shell, what is the best configuration in my case? Are there pros/cons of doing it either way? Many thanks, Steve :) |
|
From: Rob M. <rob...@gm...> - 2006-07-06 09:20:50
|
On 7/6/06, Stephen Allen <fet...@ro...> wrote:
> The subject may be a little misleading... in my scenario we have 10 ISP
> POP3 accounts that map to 8 local users. The way I set it up a few
> years ago was fetchmail running as root and collecting mail for all POP3
> accounts. I've since discovered that fetchmail is normally run on a
> per-user basis.
>
> Given that the users never log in to a shell, what is the best
> configuration in my case? Are there pros/cons of doing it either way?
There is no need, unless you're passing email directly to a non-SUID
MDA, to run fetchmail as root. Indeed, future versions of fetchmail
will refuse to run as root. I haven't run fetchmail as root since
before 6.0 was released and have not had any problems.
Simply run it as a standard user (say "fetchmail") and have it pass
email to your MTA.
In general, running any program with higher privileges than it
requires is a security risk.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
|
From: Stephen A. <fet...@ro...> - 2006-07-06 09:26:12
|
Rob MacGregor wrote: > There is no need, unless you're passing email directly to a non-SUID > MDA, to run fetchmail as root. Indeed, future versions of fetchmail > will refuse to run as root. I haven't run fetchmail as root since > before 6.0 was released and have not had any problems. > > Simply run it as a standard user (say "fetchmail") and have it pass > email to your MTA. > > In general, running any program with higher privileges than it > requires is a security risk. Thanks Rob, I take note about not running it as root and will fix that ASAP. My questions was mainly aimed at, should I run one instance of fetchmail to poll all POP3 accounts for all 8 users, or should I set up a seperate instance per-user? And I thought it might be significant to say that the users cannot log in via a shell. Thanks, Steve :) |
|
From: Rob M. <rob...@gm...> - 2006-07-06 16:00:13
|
On 7/6/06, Stephen Allen <fet...@ro...> wrote:
>
> Thanks Rob, I take note about not running it as root and will fix that
> ASAP. My questions was mainly aimed at, should I run one instance of
> fetchmail to poll all POP3 accounts for all 8 users, or should I set up
> a seperate instance per-user? And I thought it might be significant to
> say that the users cannot log in via a shell.
Up to you. I tend to split things by ISP, rather than user. That way
problems with one ISP don't impact all the others.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
|
From: Matthias A. <mat...@gm...> - 2006-07-07 09:45:38
|
Stephen Allen <fet...@ro...> writes: > Thanks Rob, I take note about not running it as root and will fix that > ASAP. My questions was mainly aimed at, should I run one instance of > fetchmail to poll all POP3 accounts for all 8 users, or should I set up > a seperate instance per-user? And I thought it might be significant to > say that the users cannot log in via a shell. If fetchmail is forwarding via SMTP (the default) or LMTP (note that file permissions apply when forwarding into a unix-domain LMTP socket), there is: - no need to run fetchmail as root, and - no need that the recipients can log into a shell. -- Matthias Andree |
|
From: Michelle K. <lin...@fr...> - 2006-08-11 18:30:16
|
Am 2006-07-06 08:20:49, schrieb Rob MacGregor:
> On 7/6/06, Stephen Allen <fet...@ro...> wrote:
> >The subject may be a little misleading... in my scenario we have 10 ISP
> >POP3 accounts that map to 8 local users. The way I set it up a few
> >years ago was fetchmail running as root and collecting mail for all POP3
> >accounts. I've since discovered that fetchmail is normally run on a
> >per-user basis.
> >
> >Given that the users never log in to a shell, what is the best
> >configuration in my case? Are there pros/cons of doing it either way?
>
> There is no need, unless you're passing email directly to a non-SUID
> MDA, to run fetchmail as root. Indeed, future versions of fetchmail
> will refuse to run as root. I haven't run fetchmail as root since
> before 6.0 was released and have not had any problems.
>
> Simply run it as a standard user (say "fetchmail") and have it pass
> email to your MTA.
And if there is no "real" MTA (we use ssmtp) ? I have tried the setup
as user "fetchmail" and I can not deliver to the other around 180 users.
Sorry for the late question, but I was some month not availlable and
came back from Palestine for 3 weeks (after 8 days prison illegal).
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
|
|
From: Matthias A. <mat...@gm...> - 2006-08-12 12:46:44
|
Michelle Konzack <lin...@fr...> writes: > And if there is no "real" MTA (we use ssmtp) ? I have tried the setup > as user "fetchmail" and I can not deliver to the other around 180 > users. You don't need ssmtp for fetchmail. Fetchmail talks SMTP. -- Matthias Andree |
|
From: Matthias A. <mat...@gm...> - 2006-08-12 12:48:08
|
Michelle Konzack <lin...@fr...> writes: > And if there is no "real" MTA (we use ssmtp) ? I have tried the setup > as user "fetchmail" and I can not deliver to the other around 180 users. BTW, ssmtp is going away: http://packages.qa.debian.org/s/ssmtp.html http://bjorn.haxx.se/debian/testing.pl?package=ssmtp -- Matthias Andree |
|
From: Rob M. <rob...@gm...> - 2006-08-11 19:58:26
|
On 7/27/06, Michelle Konzack <lin...@fr...> wrote:
>
> And if there is no "real" MTA (we use ssmtp) ? I have tried the setup
> as user "fetchmail" and I can not deliver to the other around 180 users.
So, point fetchmail at SSMTP, or are you saying that the box that runs
the POP accounts doesn't have any SMTP service that can deliver mail?
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
|
From: Michelle K. <lin...@fr...> - 2006-08-18 11:42:37
|
Am 2006-08-11 18:58:13, schrieb Rob MacGregor:
> On 7/27/06, Michelle Konzack <lin...@fr...> wrote:
> >
> > And if there is no "real" MTA (we use ssmtp) ? I have tried the setup
> > as user "fetchmail" and I can not deliver to the other around 180 users.
>
> So, point fetchmail at SSMTP, or are you saying that the box that runs
> the POP accounts doesn't have any SMTP service that can deliver mail?
"ssmtp" can deliver but not receive. "ssmtp" is a MTA which pull
only messages out opf the box and not more. So this box can never
be used as an Open-SMTP-Relay.
All of my servers (over 80) are using ssmtp for security reason.
Greetings
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
|
|
From: Rob M. <rob...@gm...> - 2006-08-18 18:14:56
|
On 8/16/06, Michelle Konzack <lin...@fr...> wrote:
> "ssmtp" can deliver but not receive. "ssmtp" is a MTA which pull
> only messages out opf the box and not more. So this box can never
> be used as an Open-SMTP-Relay.
>
> All of my servers (over 80) are using ssmtp for security reason.
You don't need ssmtp for that. Any SMTP server can be bound to
loopback only. In the case of sendmail (8.12 and later) you can run
only the client daemon only (which only handles mail created locally).
However, for your fetchmail box you'll either need to add a true SMTP
server (even if only bound to loopback) or tell fetchmail to deliver
the mail directly to your real SMTP server.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X