This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From: mparson@bl.org (Mike Parson)
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: Tue, 11 Nov 2003 14:19:42 -0000
In article <boqeh0$5oa$1@string1.ciencias.uniovi.es>,
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
> Does nmh support secure POP3 (spop3)? It will be a *requirement*
> for our network very soon. Standard POP3, Kerberized POP, and APOP
> are not an option. If not, are there plans to support POP3 over
> TLS/SSL in the future?
You might want to take a look at fetchmail for grabbing your messages.
It can work with IMAP and POP clear-text and over SSL.
Fetchmail will retrieve via whatever method you tell it to, then deliver
to the local port 25, where you can use procmail/slocal/whatever to get
your messages into nmh.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 11 Nov 2003 15:41:06 +0100
Mike Parson <mparson@bl.org> wrote:
>
> You might want to take a look at fetchmail for grabbing your messages.
>
> It can work with IMAP and POP clear-text and over SSL.
>
> Fetchmail will retrieve via whatever method you tell it to, then deliver
> to the local port 25, where you can use procmail/slocal/whatever to get
> your messages into nmh.
Hi, Mike.
Thanks a lot for this advice. I will try fetchmail, but IMHO there
are some issues related with the use of this package:
1. I have read a lot about security holes related with fetchmail.
Perhaps I am in a mistake, but I believe that fetchmail is a
bit dangerous and requires a lot of updates. In some way, it
will be as difficult to maintain as sendmail when compared
with postfix. (sendmail was a nice MTA, but now that it is
a monolithic binary it seems more vulnerable, it had two
serious security weaknesses this summer.)
2. I want to use fetchmail (or an alternative to it) on my laptop.
Sometimes I have network access (either from a WLAN or a wired
ethernet link), but others not. I was looking for something
easier to use on a machine that sometimes is not connected to
external networks. An advantage of running a POP3 client with
nmh is that I can request emails from our mail server using
the inc(1) command. Looks like I will need to run fetchmail
either as a daemon or from crontab on my NetBSD laptop.
Thanks again, your post is really useful for me!!! I will try
fetchmail if there is not an alternative to it.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 11 Nov 2003 16:58:18 +0100
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
>
> 2. I want to use fetchmail (or an alternative to it) on my laptop.
> Sometimes I have network access (either from a WLAN or a wired
> ethernet link), but others not. I was looking for something
> easier to use on a machine that sometimes is not connected to
> external networks. An advantage of running a POP3 client with
> nmh is that I can request emails from our mail server using
> the inc(1) command. Looks like I will need to run fetchmail
> either as a daemon or from crontab on my NetBSD laptop.
Well... I think that all will work just fine if I run fetchmail
and inc from a shell script. Not as clean as running a secure POP3
client on nmh but it should work. First test worked just fine,
I will carefully check the shell script and I will publish it here.
Perhaps it will be useful for other people.
===
From: ehood@hydra.acs.uci.edu (Earl Hood)
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 15 Nov 2003 19:41:51 GMT
In article <vr1rvuoq4ajg52@corp.supernews.com>,
Mike Parson <mparson@bl.org> wrote:
>> Does nmh support secure POP3 (spop3)? It will be a *requirement*
>> for our network very soon. Standard POP3, Kerberized POP, and APOP
>> are not an option. If not, are there plans to support POP3 over
>> TLS/SSL in the future?
>
>You might want to take a look at fetchmail for grabbing your messages.
>
>It can work with IMAP and POP clear-text and over SSL.
>
>Fetchmail will retrieve via whatever method you tell it to, then deliver
>to the local port 25, where you can use procmail/slocal/whatever to get
>your messages into nmh.
And if you do not want to run a local MTA, you can use the
-m option to fetchmail to invoke procmail directly. For example:
fetchmail -m '/usr/bin/procmail -d %T' ...
Typically, procmail is used as the delivery agent for MTAs, so it is a
bit more efficient to just call procmail directly.
===
From: Jym Dyer <jym@econet.org>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 15 Nov 2003 13:57:23 -0800
> And if you do not want to run a local MTA, you can use the -m
> option to fetchmail to invoke procmail directly. For example:
>
> fetchmail -m '/usr/bin/procmail -d %T' ...
=v= Yes, but as this is the MH newsgroup, maybe folks'd want to
invoke slocal instead of procmail. :^)
=v= I actually pipe mine through spamassassin and *then* slocal!
Here's the .maildelivery file entry that tells slocal to put
spam-tagged mail into a +suspect folder:
x-spam-flag yes + A suspect
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 17 Nov 2003 08:40:30 +0100
Jym Dyer <jym@econet.org> wrote:
>> And if you do not want to run a local MTA, you can use the -m
>> option to fetchmail to invoke procmail directly. For example:
>>
>> fetchmail -m '/usr/bin/procmail -d %T' ...
Hi, Earl and Jym!
Thanks a lot for this advice. Having a chance to run a remote MTA
is nice. But I want to make my laptop as autonomous as possible.
I simply do not trust on our current mail server (it is a low quality
Pentium 200MHz that hangs two or three times each month.) I dropped
this system management two years ago because the other system manager
"tries things instead of reading" when something goes wrong. This
machine has both hardware and software problems. I prefer managing
email locally if possible.
> =v= Yes, but as this is the MH newsgroup, maybe folks'd want to
> invoke slocal instead of procmail. :^)
Indeed! I am running slocal too. :-)
> =v= I actually pipe mine through spamassassin and *then* slocal!
> Here's the .maildelivery file entry that tells slocal to put
> spam-tagged mail into a +suspect folder:
>
> x-spam-flag yes + A suspect
I am running spamassassin too. A nice spam filter, but I am interested
in running bogofilter (a nice advice from Bill Wohler). Again, our
mail server is the problem. It is an old Slackware machine. GNU/Linux
systems are not doing a good job when running as NFS servers. I have
problems locking files. I want to build BerkeleyDB and bogofilter on
my laptop (running NetBSD). I believe that it will work better.
Your .maildelivery file looks better than mine. I will try fixing
mine as soon as possible:
# $Id: dot.maildelivery,v 1.3 2003/10/06 08:12:42 sobrado Rel $
X-Spam-Flag YES qpipe A "/usr/contrib/nmh/libexec/nmh/rcvstore +spam"
Checking the new configuration will not be difficult, I have more spam
than wanted. This is the output of my folders(1) command.
$ folders
FOLDER # MESSAGES RANGE ; CUR (OTHERS)
administration has 12 messages (1- 12); cur= 2.
contrib has 7 messages (1- 7); cur= 6.
drafts has 23 messages (1- 23).
inbox+ has 60 messages (1- 60); cur=60.
personal has 78 messages (1- 78); cur=56.
posted has no messages.
research has 10 messages (1- 10); cur=10.
root has 14 messages (1- 14).
spam has 112 messages (1-112).
spam-old has 500 messages (1-500).
TOTAL = 816 messages in 10 folders.
Worst of all is that I cleaned the spam folder about ten hours ago!
If I make a mistake I will see how the inbox folder grows...
===
From: Jym Dyer <jym@econet.org>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 17 Nov 2003 17:46:02 -0800
>> x-spam-flag yes + A suspect
> Your .maildelivery file looks better than mine.
=v= Well, that's just the first line. Some of the logic
goes into a fetchmail alias that does this:
% fetchmail -m 'spamassassin -F 0 -P | /usr/lib/nmh/slocal'
If I just use inc, I don't get spamassassin.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 18 Nov 2003 11:42:16 +0100
Jym Dyer <jym@econet.org> wrote:
>>> x-spam-flag yes + A suspect
>> Your .maildelivery file looks better than mine.
>
> =v= Well, that's just the first line. Some of the logic
> goes into a fetchmail alias that does this:
>
> % fetchmail -m 'spamassassin -F 0 -P | /usr/lib/nmh/slocal'
>
> If I just use inc, I don't get spamassassin.
I see the point, you are replacing the .forward file with this alias.
It makes sense when you are running fetchmail. Thanks a lot for this
advice.
===
From: ehood@hydra.acs.uci.edu (Earl Hood)
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 19 Nov 2003 00:47:14 GMT
In article <Jym.wz3ccpxpks.fsf@econet.org>, Jym Dyer <jym@econet.org> wrote:
>> And if you do not want to run a local MTA, you can use the -m
>> option to fetchmail to invoke procmail directly. For example:
>>
>> fetchmail -m '/usr/bin/procmail -d %T' ...
>
>=v= Yes, but as this is the MH newsgroup, maybe folks'd want to
>invoke slocal instead of procmail. :^)
The above bascially gives /var/spool/mail delivery so you can
use inc like you normally do. Also, it will use ~/.procmailrc
if you have any local pre-filtering needs or want to customize
where messages are delivered.
===
From: Jym Dyer <jym@econet.org>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 19 Nov 2003 06:13:43 -0800
> The above bascially gives /var/spool/mail delivery so you can
> use inc like you normally do.
=v= Gotcha. I actually lost track of the start of the thread
and forgot that he was writing a drop-in replacement for "inc".
=v= I'm avoiding procmail simply because I'm already dependent
on a whole suite of tools. Fortunately, spamassassin can also
do /var/spool/mail delivery if you want it to.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 19 Nov 2003 15:40:25 +0100
Jym Dyer <jym@econet.org> wrote:
>> The above bascially gives /var/spool/mail delivery so you can
>> use inc like you normally do.
>
> =v= Gotcha. I actually lost track of the start of the thread
> and forgot that he was writing a drop-in replacement for "inc".
:-)
Indeed, I was working in a replacement for inc(1). The idea behind
this replacement is providing a way to retrieve messages from a
remote location when using POP3 over SSL *is* a requirement. I am
not sure about how managing anti-spam measurements (e.g., spamassassin
and bogofilter) locally in the right way, I will do some research
on this issue as soon as possible.
> =v= I'm avoiding procmail simply because I'm already dependent
> on a whole suite of tools. Fortunately, spamassassin can also
> do /var/spool/mail delivery if you want it to.
Same happens to me! procmail(1) is probably the *standard* mail
filtering tool, I like it and I highly recommend it. But I want
MH/nmh (currently nmh) as MUA for my personal use. As nmh has its
own filtering tool, I prefer using it instead of procmail.
The perfect workstation for me does not depend on a lot of tools.
If I need a big set of tools for my work there is something wrong.
For managing email, I want a simple MTA (like postfix(1) or
sendmail(8)), *if* it is required, a powerful MUA (nmh) one or
two front-ends to the MUA and, sadly, an anti-spam tool.
In short, if nmh has a nice mail filtering tool (slocal(1)) I prefer,
as you, staying with it. It is easier maintaining nmh upgraded
(and perhaps one or two front-ends to it and a MTA) that maintaining
a lot of software packages with odd dependencies with other software.
On this matter, I acknowledge the work of nmh maintainers re-writing
the MH code for making it more portable and ANSI-compliant, and the
nice design behind this software product, that not only follows the
Unix way for doing things but also preserves that nice style from
mid-80's where the graphical front-end to an application was *not*
the application itself. The advantages of running front-ends over
a software package (like MH/nmh) are obvious to me. Less complex
software products are easier to maintain, and we have a chance to
use the (command-line) package itself if we are in a remote location
using a machine that does not supports X11.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 19 Nov 2003 15:51:05 +0100
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
>
> The perfect workstation for me does not depend on a lot of tools.
> If I need a big set of tools for my work there is something wrong.
That is the reason I am running NetBSD and (a bit old) Solaris releases
on my systems. Good, small, and high quality operating systems. :-)
...I must fix how my signature appears... since I upgraded tin(1)
I have some issues related with postings like double signatures...
I will work on it this weekend.
===
From: Jym Dyer <jym@econet.org>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 10 Dec 2003 07:01:12 -0800
=v= Aiiee! It's the thread that won't die! I wrote:
> =v= I'm avoiding procmail simply because I'm already dependent
> on a whole suite of tools. Fortunately, spamassassin can also
> do /var/spool/mail delivery if you want it to.
=v= I've just found out that newer versions of spamassassin
have gotten out of the /var/spool/mail delivery business. The
release notes suggest using procmail!
=v= Which is beside the point for the original message in this
thread, but I wanted to correct that little detail. :^)
=v= FWIW, I now use fetchmail/spamassassin/slocal by way of a
script that accepts a "-silent" or "-nosilent" flag and will
run scan accordingly. Thus it works as a drop-in replacement
for inc!
===
From: those who know me have no need of my name <not-a-real-address@usa.net>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 12 Nov 2003 07:06:31 GMT
in comp.mail.mh i read:
>Does nmh support secure POP3 (spop3)?
no. if fetchmail doesn't appeal to you, look for stunnel.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 12 Nov 2003 18:47:06 +0100
those who know me have no need of my name <not-a-real-address@usa.net> wrote:
> in comp.mail.mh i read:
>
>>Does nmh support secure POP3 (spop3)?
>
> no. if fetchmail doesn't appeal to you, look for stunnel.
Thanks a lot for this advice. I will check stunnel too.
By the way, as I promised this is the front-end to inc(1).
I am sure it needs a lot of improvements and I will be glad
to apply any change to it.
Cheers,
Igor.
#!/bin/sh
#
# $Id: inc,v 1.6 2003/11/12 17:42:12 sobrado Exp $
#
PATH=/usr/bin:/usr/contrib/bin:/usr/contrib/nmh/bin
mtsconf="/usr/contrib/nmh/etc/mts.conf"
protocol=pop3
hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'`
args=;
while [ $# -gt 0 ]; do
case $1 in
-host) hostname=$2; shift ;;
*) args=${args}" "$1 ;;
esac
shift
done
echo fetchmail "-p${protocol}" --ssl ${hostname}
echo inc "${args}"
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 12 Nov 2003 18:53:33 +0100
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
[...]
> echo fetchmail "-p${protocol}" --ssl ${hostname}
> echo inc "${args}"
^^^^
Oh, well... the echoes must be removed. I used them for testing
purposes. Sorry for this mistake.
===
From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es>
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: 12 Nov 2003 19:30:45 +0100
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
> Oh, well... the echoes must be removed. I used them for testing
> purposes. Sorry for this mistake.
This is probably a better front-end to fetchmail(1) and inc(1),
but I am sure it needs a lot of improvements yet.
#!/bin/sh
#
# $Id: inc,v 1.12 2003/11/12 18:25:18 sobrado Stab $
#
PATH=/usr/bin:/usr/contrib/bin:/usr/contrib/nmh/bin
mtsconf="/usr/contrib/nmh/etc/mts.conf"
protocol="pop3"
hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'`
args=
username=
while [ $# -gt 0 ]; do
case $1 in
-user) username="-u "$2; shift ;;
-host) hostname=$2; shift ;;
*) args=${args}" "$1 ;;
esac
shift
done
fetchmail "-p${protocol}" --ssl ${username} ${hostname}
inc ${args}
===
From: mparson@bl.org (Mike Parson)
Subject: Re: Does nmh support POP3 over TLS/SSL?
Newsgroups: comp.mail.mh
Date: Wed, 26 Nov 2003 16:23:06 -0000
In article <botu8l$2jf$1@string1.ciencias.uniovi.es>,
Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote:
> Igor Sobrado <sobrado@string1.ciencias.uniovi.es>wrote:
>> Oh, well... the echoes must be removed. I used them for testing
>> purposes. Sorry for this mistake.
>
> This is probably a better front-end to fetchmail(1) and inc(1),
> but I am sure it needs a lot of improvements yet.
Looks pretty good, just one, nit-picking suggestion:
<snip>
> hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'`
Why use grep and awk? =)
hostname=`/bin/awk '/^pophost/ {print $2}' ${mtsconf}`
Also, since you seem interested in security, always fully-path your
external calls, never trust the ${PATH}.
===