On Mon, 20 Jun 2011 05:24:12 -0500 Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > Tim: > >> Who else gets to see *your* .fetchmailrc file? In the normal run of > >> things, these days, your homespace isn't accessible to other users, > >> neither are the files in it. If it is, then you've got plenty of other > >> security concerns to worry about. > > Ranjan Maitra: > > I guess I worry that there is always the chance that the account > > may be broken into and compromised..... > > Is that any more likely than /them/ breaking into your mail account? Perhaps more likely, if the mailer is at a well-protected central account? In any case, this is an additional protection. Whether there is value in additional protection at very little cost is an issue on which we may legitimately disagree. > > I think that someone being able to break into your account would > probably expose far more for you to worry about than just the > fetchmailrc file with passwords in it. > > Information cached by your web browser... Passwords stored in other > locations, even if seemingly encrypted (some encryption techniques are > just useless)... The ability of them to install something to snoop on > you... Of course, these are important issues, but I fail to see how following an additional security "protocol" can hurt. > > I use ssl. Not sure if that takes into account your concerns, but in > > any case, the one-time transmittal (in clear text if so, though > > doubtful) seems to me may be a tad bit less worrisome than passwords > > (assuredly clear-text) in an omnipresent .fetchmailrc. > > Assuming that passwords are sent through SSL, then they couldn't easily > be snooped on. Though various secure mail and messaging systems aren't > always as secure as some people think. Such as logon being secure, but > not the actual message transmission. So as soon as you get some email > that confirms some of your logon credentials, or credit card details, or > anything else you want kept confidential, by writing those details into > the message, they're exposed. Not sure how relevant this is. I am simply talking about an additional layer of security which does not take care of every other security issue. > Anything that's not encrypted requires no effort to copy. They don't > have to hack into your account, all they have to do is listen to the > traffic. > > And then there's: Maybe they can hack into the mail server, rather than > your computer. But that they can do anyway. I have no control over that. Only over my machine(s). Once again, short of bluster, I can not see what harm an additional layer of security can possibly cause. Note that a password needs to be typed once only when a fetchmail command is initiated. Since linux machines can run for months on end without reboot, that effectively means only once in that many times. But, of course, as I have already also said, to each his own. > > >> Well, as I said, try it and see what happens. > > > Not clear how this pertains to my response. > > In that you wondered whether you could omit the password, and whether it > would prompt. A simple experiment would have given you the answer. Well, if you followed the threads, you would realize that you are conflating someone else's query with my response. Your statement does not make sense because it does not apply to me. As should have been clear from my response, I know how to use fetchmail at least somewhat. > The same could be said about many queries on this mailing list. And > you'd know the answer straight away. Of course, but one of the beauties of the fedora mailing list has been the patience with which newcomers/not well-experiences have their questions answered. I have found that very helpful in the past, and it has helped me to the point that I can now sometimes help others with their questions. Best wishes, Ranjan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines