Comments (3)
System-wide configurations with passwords can be problematic: any user that can run msmtp and can make it decrypt the password can then make it dump the password in clear text. So whatever method you use, you need to make sure that only www-data is able to decrypt the password, and that other users cannot assume the www-data identity.
Oh, and if AppArmor is in the way, you can disable it with sudo aa-disable /etc/apparmor.d/usr.bin.msmtp
.
from msmtp.
whatever method you use, you need to make sure that only www-data is able to decrypt the password
Yes, that is the case.
I guess I don't fully grasp how GPG works - if I use it in the way described, is it safer than storing the password as plaintext in the config file (which is also only readable by www-data)?
Or am I possibly opening an even bigger hole with a key pair without a passphrase, even if it's used only for that one purpose?
GPG's home dir for www-data needs to be writable, otherwise GPG won't work - that is at least one thing that could be safer with an openssl-encrypted password file.
Oh, and if AppArmor is in the way, you can disable it with
sudo aa-disable /etc/apparmor.d/usr.bin.msmtp
.
I read a few discussions regarding this, and I understand you don't much care for the way Debian packaged msmtp.
However, I think it's a good idea to keep the apparmor profile, but modify it to add openssl to the list of executable helpers.
I have not yet found a way to do this that would survive updates.
from msmtp.
I don't think I can help you with your GPG questions. They are probably better discussed elsewhere since they are not directly related to msmtp. I'll close this now, but feel free to reopen if there is need for further discussion.
from msmtp.
Related Issues (20)
- msmtpd authentication does not work with mutt HOT 2
- Canonical repo HOT 1
- msmtp running on GCP VM Centos7 HOT 4
- `msmtp --help` and msmtp’s man page disagree about `-F` and `-v` HOT 1
- msmtp’s man page doesn’t mention `-A` HOT 1
- Subaddress matching disables wildcard support HOT 4
- configure - syntax error near unexpected token libgnutls HOT 3
- full-name in From: header HOT 3
- Listen to several interfaces HOT 1
- Account fallback HOT 1
- `Date:` header added is wrong HOT 2
- msmtpq as sendmail piping mail through pager when used with mutt-ical.py HOT 6
- ENV Variables in /etc/msmtp config HOT 1
- Mail rejected with smtpstatus=552 by server HOT 5
- Recipient not rewritten for mail to a local user when address contains the local hostname/mailname HOT 1
- About Undisclosed Recipients HOT 1
- Improved Documentation Request: Configuration File Requirement: Default Account HOT 2
- Version 1.8.26: error: 'GNUTLS_CB_TLS_EXPORTER' undeclared HOT 3
- support mailx command options "-s" HOT 4
- Compile or download HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msmtp.