This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From: mparson@bl.org (Mike Parson) Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: Tue, 11 Nov 2003 14:19:42 -0000 In article <boqeh0$5oa$1@string1.ciencias.uniovi.es>, Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: > Does nmh support secure POP3 (spop3)? It will be a *requirement* > for our network very soon. Standard POP3, Kerberized POP, and APOP > are not an option. If not, are there plans to support POP3 over > TLS/SSL in the future? You might want to take a look at fetchmail for grabbing your messages. It can work with IMAP and POP clear-text and over SSL. Fetchmail will retrieve via whatever method you tell it to, then deliver to the local port 25, where you can use procmail/slocal/whatever to get your messages into nmh. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 11 Nov 2003 15:41:06 +0100 Mike Parson <mparson@bl.org> wrote: > > You might want to take a look at fetchmail for grabbing your messages. > > It can work with IMAP and POP clear-text and over SSL. > > Fetchmail will retrieve via whatever method you tell it to, then deliver > to the local port 25, where you can use procmail/slocal/whatever to get > your messages into nmh. Hi, Mike. Thanks a lot for this advice. I will try fetchmail, but IMHO there are some issues related with the use of this package: 1. I have read a lot about security holes related with fetchmail. Perhaps I am in a mistake, but I believe that fetchmail is a bit dangerous and requires a lot of updates. In some way, it will be as difficult to maintain as sendmail when compared with postfix. (sendmail was a nice MTA, but now that it is a monolithic binary it seems more vulnerable, it had two serious security weaknesses this summer.) 2. I want to use fetchmail (or an alternative to it) on my laptop. Sometimes I have network access (either from a WLAN or a wired ethernet link), but others not. I was looking for something easier to use on a machine that sometimes is not connected to external networks. An advantage of running a POP3 client with nmh is that I can request emails from our mail server using the inc(1) command. Looks like I will need to run fetchmail either as a daemon or from crontab on my NetBSD laptop. Thanks again, your post is really useful for me!!! I will try fetchmail if there is not an alternative to it. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 11 Nov 2003 16:58:18 +0100 Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: > > 2. I want to use fetchmail (or an alternative to it) on my laptop. > Sometimes I have network access (either from a WLAN or a wired > ethernet link), but others not. I was looking for something > easier to use on a machine that sometimes is not connected to > external networks. An advantage of running a POP3 client with > nmh is that I can request emails from our mail server using > the inc(1) command. Looks like I will need to run fetchmail > either as a daemon or from crontab on my NetBSD laptop. Well... I think that all will work just fine if I run fetchmail and inc from a shell script. Not as clean as running a secure POP3 client on nmh but it should work. First test worked just fine, I will carefully check the shell script and I will publish it here. Perhaps it will be useful for other people. === From: ehood@hydra.acs.uci.edu (Earl Hood) Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 15 Nov 2003 19:41:51 GMT In article <vr1rvuoq4ajg52@corp.supernews.com>, Mike Parson <mparson@bl.org> wrote: >> Does nmh support secure POP3 (spop3)? It will be a *requirement* >> for our network very soon. Standard POP3, Kerberized POP, and APOP >> are not an option. If not, are there plans to support POP3 over >> TLS/SSL in the future? > >You might want to take a look at fetchmail for grabbing your messages. > >It can work with IMAP and POP clear-text and over SSL. > >Fetchmail will retrieve via whatever method you tell it to, then deliver >to the local port 25, where you can use procmail/slocal/whatever to get >your messages into nmh. And if you do not want to run a local MTA, you can use the -m option to fetchmail to invoke procmail directly. For example: fetchmail -m '/usr/bin/procmail -d %T' ... Typically, procmail is used as the delivery agent for MTAs, so it is a bit more efficient to just call procmail directly. === From: Jym Dyer <jym@econet.org> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 15 Nov 2003 13:57:23 -0800 > And if you do not want to run a local MTA, you can use the -m > option to fetchmail to invoke procmail directly. For example: > > fetchmail -m '/usr/bin/procmail -d %T' ... =v= Yes, but as this is the MH newsgroup, maybe folks'd want to invoke slocal instead of procmail. :^) =v= I actually pipe mine through spamassassin and *then* slocal! Here's the .maildelivery file entry that tells slocal to put spam-tagged mail into a +suspect folder: x-spam-flag yes + A suspect === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 17 Nov 2003 08:40:30 +0100 Jym Dyer <jym@econet.org> wrote: >> And if you do not want to run a local MTA, you can use the -m >> option to fetchmail to invoke procmail directly. For example: >> >> fetchmail -m '/usr/bin/procmail -d %T' ... Hi, Earl and Jym! Thanks a lot for this advice. Having a chance to run a remote MTA is nice. But I want to make my laptop as autonomous as possible. I simply do not trust on our current mail server (it is a low quality Pentium 200MHz that hangs two or three times each month.) I dropped this system management two years ago because the other system manager "tries things instead of reading" when something goes wrong. This machine has both hardware and software problems. I prefer managing email locally if possible. > =v= Yes, but as this is the MH newsgroup, maybe folks'd want to > invoke slocal instead of procmail. :^) Indeed! I am running slocal too. :-) > =v= I actually pipe mine through spamassassin and *then* slocal! > Here's the .maildelivery file entry that tells slocal to put > spam-tagged mail into a +suspect folder: > > x-spam-flag yes + A suspect I am running spamassassin too. A nice spam filter, but I am interested in running bogofilter (a nice advice from Bill Wohler). Again, our mail server is the problem. It is an old Slackware machine. GNU/Linux systems are not doing a good job when running as NFS servers. I have problems locking files. I want to build BerkeleyDB and bogofilter on my laptop (running NetBSD). I believe that it will work better. Your .maildelivery file looks better than mine. I will try fixing mine as soon as possible: # $Id: dot.maildelivery,v 1.3 2003/10/06 08:12:42 sobrado Rel $ X-Spam-Flag YES qpipe A "/usr/contrib/nmh/libexec/nmh/rcvstore +spam" Checking the new configuration will not be difficult, I have more spam than wanted. This is the output of my folders(1) command. $ folders FOLDER # MESSAGES RANGE ; CUR (OTHERS) administration has 12 messages (1- 12); cur= 2. contrib has 7 messages (1- 7); cur= 6. drafts has 23 messages (1- 23). inbox+ has 60 messages (1- 60); cur=60. personal has 78 messages (1- 78); cur=56. posted has no messages. research has 10 messages (1- 10); cur=10. root has 14 messages (1- 14). spam has 112 messages (1-112). spam-old has 500 messages (1-500). TOTAL = 816 messages in 10 folders. Worst of all is that I cleaned the spam folder about ten hours ago! If I make a mistake I will see how the inbox folder grows... === From: Jym Dyer <jym@econet.org> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 17 Nov 2003 17:46:02 -0800 >> x-spam-flag yes + A suspect > Your .maildelivery file looks better than mine. =v= Well, that's just the first line. Some of the logic goes into a fetchmail alias that does this: % fetchmail -m 'spamassassin -F 0 -P | /usr/lib/nmh/slocal' If I just use inc, I don't get spamassassin. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 18 Nov 2003 11:42:16 +0100 Jym Dyer <jym@econet.org> wrote: >>> x-spam-flag yes + A suspect >> Your .maildelivery file looks better than mine. > > =v= Well, that's just the first line. Some of the logic > goes into a fetchmail alias that does this: > > % fetchmail -m 'spamassassin -F 0 -P | /usr/lib/nmh/slocal' > > If I just use inc, I don't get spamassassin. I see the point, you are replacing the .forward file with this alias. It makes sense when you are running fetchmail. Thanks a lot for this advice. === From: ehood@hydra.acs.uci.edu (Earl Hood) Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 19 Nov 2003 00:47:14 GMT In article <Jym.wz3ccpxpks.fsf@econet.org>, Jym Dyer <jym@econet.org> wrote: >> And if you do not want to run a local MTA, you can use the -m >> option to fetchmail to invoke procmail directly. For example: >> >> fetchmail -m '/usr/bin/procmail -d %T' ... > >=v= Yes, but as this is the MH newsgroup, maybe folks'd want to >invoke slocal instead of procmail. :^) The above bascially gives /var/spool/mail delivery so you can use inc like you normally do. Also, it will use ~/.procmailrc if you have any local pre-filtering needs or want to customize where messages are delivered. === From: Jym Dyer <jym@econet.org> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 19 Nov 2003 06:13:43 -0800 > The above bascially gives /var/spool/mail delivery so you can > use inc like you normally do. =v= Gotcha. I actually lost track of the start of the thread and forgot that he was writing a drop-in replacement for "inc". =v= I'm avoiding procmail simply because I'm already dependent on a whole suite of tools. Fortunately, spamassassin can also do /var/spool/mail delivery if you want it to. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 19 Nov 2003 15:40:25 +0100 Jym Dyer <jym@econet.org> wrote: >> The above bascially gives /var/spool/mail delivery so you can >> use inc like you normally do. > > =v= Gotcha. I actually lost track of the start of the thread > and forgot that he was writing a drop-in replacement for "inc". :-) Indeed, I was working in a replacement for inc(1). The idea behind this replacement is providing a way to retrieve messages from a remote location when using POP3 over SSL *is* a requirement. I am not sure about how managing anti-spam measurements (e.g., spamassassin and bogofilter) locally in the right way, I will do some research on this issue as soon as possible. > =v= I'm avoiding procmail simply because I'm already dependent > on a whole suite of tools. Fortunately, spamassassin can also > do /var/spool/mail delivery if you want it to. Same happens to me! procmail(1) is probably the *standard* mail filtering tool, I like it and I highly recommend it. But I want MH/nmh (currently nmh) as MUA for my personal use. As nmh has its own filtering tool, I prefer using it instead of procmail. The perfect workstation for me does not depend on a lot of tools. If I need a big set of tools for my work there is something wrong. For managing email, I want a simple MTA (like postfix(1) or sendmail(8)), *if* it is required, a powerful MUA (nmh) one or two front-ends to the MUA and, sadly, an anti-spam tool. In short, if nmh has a nice mail filtering tool (slocal(1)) I prefer, as you, staying with it. It is easier maintaining nmh upgraded (and perhaps one or two front-ends to it and a MTA) that maintaining a lot of software packages with odd dependencies with other software. On this matter, I acknowledge the work of nmh maintainers re-writing the MH code for making it more portable and ANSI-compliant, and the nice design behind this software product, that not only follows the Unix way for doing things but also preserves that nice style from mid-80's where the graphical front-end to an application was *not* the application itself. The advantages of running front-ends over a software package (like MH/nmh) are obvious to me. Less complex software products are easier to maintain, and we have a chance to use the (command-line) package itself if we are in a remote location using a machine that does not supports X11. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 19 Nov 2003 15:51:05 +0100 Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: > > The perfect workstation for me does not depend on a lot of tools. > If I need a big set of tools for my work there is something wrong. That is the reason I am running NetBSD and (a bit old) Solaris releases on my systems. Good, small, and high quality operating systems. :-) ...I must fix how my signature appears... since I upgraded tin(1) I have some issues related with postings like double signatures... I will work on it this weekend. === From: Jym Dyer <jym@econet.org> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 10 Dec 2003 07:01:12 -0800 =v= Aiiee! It's the thread that won't die! I wrote: > =v= I'm avoiding procmail simply because I'm already dependent > on a whole suite of tools. Fortunately, spamassassin can also > do /var/spool/mail delivery if you want it to. =v= I've just found out that newer versions of spamassassin have gotten out of the /var/spool/mail delivery business. The release notes suggest using procmail! =v= Which is beside the point for the original message in this thread, but I wanted to correct that little detail. :^) =v= FWIW, I now use fetchmail/spamassassin/slocal by way of a script that accepts a "-silent" or "-nosilent" flag and will run scan accordingly. Thus it works as a drop-in replacement for inc! === From: those who know me have no need of my name <not-a-real-address@usa.net> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 12 Nov 2003 07:06:31 GMT in comp.mail.mh i read: >Does nmh support secure POP3 (spop3)? no. if fetchmail doesn't appeal to you, look for stunnel. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 12 Nov 2003 18:47:06 +0100 those who know me have no need of my name <not-a-real-address@usa.net> wrote: > in comp.mail.mh i read: > >>Does nmh support secure POP3 (spop3)? > > no. if fetchmail doesn't appeal to you, look for stunnel. Thanks a lot for this advice. I will check stunnel too. By the way, as I promised this is the front-end to inc(1). I am sure it needs a lot of improvements and I will be glad to apply any change to it. Cheers, Igor. #!/bin/sh # # $Id: inc,v 1.6 2003/11/12 17:42:12 sobrado Exp $ # PATH=/usr/bin:/usr/contrib/bin:/usr/contrib/nmh/bin mtsconf="/usr/contrib/nmh/etc/mts.conf" protocol=pop3 hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'` args=; while [ $# -gt 0 ]; do case $1 in -host) hostname=$2; shift ;; *) args=${args}" "$1 ;; esac shift done echo fetchmail "-p${protocol}" --ssl ${hostname} echo inc "${args}" === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 12 Nov 2003 18:53:33 +0100 Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: [...] > echo fetchmail "-p${protocol}" --ssl ${hostname} > echo inc "${args}" ^^^^ Oh, well... the echoes must be removed. I used them for testing purposes. Sorry for this mistake. === From: Igor Sobrado <sobrado@string1.ciencias.uniovi.es> Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: 12 Nov 2003 19:30:45 +0100 Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: > Oh, well... the echoes must be removed. I used them for testing > purposes. Sorry for this mistake. This is probably a better front-end to fetchmail(1) and inc(1), but I am sure it needs a lot of improvements yet. #!/bin/sh # # $Id: inc,v 1.12 2003/11/12 18:25:18 sobrado Stab $ # PATH=/usr/bin:/usr/contrib/bin:/usr/contrib/nmh/bin mtsconf="/usr/contrib/nmh/etc/mts.conf" protocol="pop3" hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'` args= username= while [ $# -gt 0 ]; do case $1 in -user) username="-u "$2; shift ;; -host) hostname=$2; shift ;; *) args=${args}" "$1 ;; esac shift done fetchmail "-p${protocol}" --ssl ${username} ${hostname} inc ${args} === From: mparson@bl.org (Mike Parson) Subject: Re: Does nmh support POP3 over TLS/SSL? Newsgroups: comp.mail.mh Date: Wed, 26 Nov 2003 16:23:06 -0000 In article <botu8l$2jf$1@string1.ciencias.uniovi.es>, Igor Sobrado <sobrado@string1.ciencias.uniovi.es> wrote: > Igor Sobrado <sobrado@string1.ciencias.uniovi.es>wrote: >> Oh, well... the echoes must be removed. I used them for testing >> purposes. Sorry for this mistake. > > This is probably a better front-end to fetchmail(1) and inc(1), > but I am sure it needs a lot of improvements yet. Looks pretty good, just one, nit-picking suggestion: <snip> > hostname=`grep ^pophost ${mtsconf} | awk '{ print $2 }'` Why use grep and awk? =) hostname=`/bin/awk '/^pophost/ {print $2}' ${mtsconf}` Also, since you seem interested in security, always fully-path your external calls, never trust the ${PATH}. ===