netbsd-help: Re: fetchmail + ssh

Subject: Re: fetchmail + ssh
To: Reinoud Koornstra <Reinoud.Koornstra@ibbnet.org>
From: Frederick Bruckman <fb@enteract.com>
List: netbsd-help
Date: 11/13/1999 08:24:28
On Sat, 13 Nov 1999, Reinoud Koornstra wrote:

> But no, i aint there. When i try to run fetchmailconf, i get the message:
> 
> env: python: No such file or directory

Ahh. The dependency's missing. For now, fetchmailconf works fine, as
long as you install lang/python manually.
 
> Further more, i normally log on to my mail server with ssh. I used
> to type i password. But now i generated a key and send it to the
> server with scp and it enables me to log on by using rsa. I read
> some pages about fetchmail and ssh, but i couldnt get it working.

IIRC, there's a patch out there to enable fetchmail to use ssl to log
in to the server directly. The other way, which I do, is forward the
imap port on the local host to a remote...

  ssh -L 119:betanews:119 -L 143:imapbeta:143 shell

`shell' is dns'd to one of shell-{1,2,3} depending on load; it may or
not be the same machine as the imap host, which is = shell-3, but it's
always on the same LAN. Now I have in .fetchmailrc "poll localhost
with proto IMAP timeout 95"; the connection is automatically forwarded
encrypted to `shell', and then `shell' connects to imapbeta the
ordinary way, with either unix or tcp transport, depending on whether
it's the same machine, or not.

Only root can execute the above command, because you're grabbing
privileged ports on the local host. It's also possible to forward a
non-privileged port, as a regular user, e.g....

  ssh -L 1143:imap:143 imap"

and then connect through localhost:1143 (assuming that `imap' resolves
to a login host/imap server).

The thing I found confusing about this, at first, is that there's up
to two machines involved (in addition to yours): the ssh login host
and the imap server, and four ports: the forwarded port on the local
box, which you specify; the incoming and outgoing ports on the
loghost, which you don't care about; and the ultimate destination port
on the pop/imap/news server, which you specify.

The other hassle is that you're logged into the shell the whole time
time you're using fetchmail. There are ways around this, but I find it
easy enough to keep an xterm open whenever the link is up.

Hope that helps.