Re: Gnus Access mail spool by ssh

[Nuutti Kotivuori <nuutti.kotivuori@sonera.com>]

"Harry" == Harry Putnam <reader@newsguy.com> writes:
> Sorry, I'm still confused here.... Your description stops right at the
> punch line.
> 
> Nuutti Kotivuori <nuutti.kotivuori@sonera.com> writes:
> 
>> Local machine runs fetchmail, which runs ssh to connect to the remote
>> machine and run imapd, which the fetchmail will access. . . . 
> 
> What does fetchmail do with it.  Deliver to /var/mail/$USER or put it
> on standard out of ssh command or what?

Well as pointed out, fetchmail does as it's told. For the very best
solutions, it likes to use a local SMTP server, if not, then MDA, if
not then maybe BSMTP delivery or whatever. That has nothing to do with
this setup, it's just fetchmail configuration.

>> Local .fetchmailrc:
>> 
>> poll mail.host.foo with proto IMAP and options no dns
>> preauth ssh plugin /usr/home/xxx/bin/fetchmail-imap-wrapper
> 
> OK .. I follow the .fetchmailrc recipe.
> Is this wrapper necessary if ssh-agent is engaged?

Err. Depending, see below.

>> Local bin/fetchmail-imap-wrapper:
>> 
>> #!/bin/sh
>> exec ssh -i $HOME/.ssh/identity-imap -l xxx $1 /opt/net/etc/imapd
> 
> You aim ssh at a specific id in ~/.ssh -- login as xxx.... what does
> $1 do?  First argument to what... ssh?   --- imapd gets invoked and
> passes new mail to fetchmail?  Which then does what?

$1 is the first argument passed to the script. And as the manual page
of fetchmail says, it will pass the name of the server and the port of
the server as arguments to the script. So $1 in that case expands to
the name of the server.

This is so if I have my .ssh/config including usernames for my hosts,
I can use the same wrapper script for all connections.

As for the imapd, it get's eof after fetchmail is finished and dies
away - as the ssh connection shuts down.

> I've tried this with the following scripts:
> 
> .fetchmailrc:
> poll reader.local.lan with proto IMAP and options no dns
>  preauth ssh plugin /home/reader/scripts/ssh-fetch.sh
> 
> ssh-fetch.sh
> #!/bin/sh
> exec ssh reader@reader /usr/sbin/imapd
> 
> I can't tell if its going to work because some other mess with my
> FreeBSD install crops up to wreck it.
> 
> $ fetchmail 
> /usr/libexec/ld-elf.so.1: Shared object "libssl.so.1" not found
> 
> Fetchmail installed from FreeBSD install with no complaints.

Well it looks ok. But it seems you are missing ssl support. It is not
needed and if you compile fetchmail yourself, you shouldn't include
ssl support unless you really need it.

This can probably be fixed by installing libssl. This can be obtained
from www.openssl.org, I do not know about FreeBSD installs.

> This is starting to look like too much pain in the ass for such a
> simple chore.

Umm. I found this to be very easy to set up. Then again, I already had
fetchmail installed and was using it.

> Running just the shell script (ssh-fetch.sh) gives:
> 
> bsd > scripts/ssh-fetch.sh
> * PREAUTH reader.ptw.com IMAP4rev1 v12.264 server ready
> 
> whoopee .... now what?

Well this seems to be doing fine, your script works. If you type
ctrl-d there, you'll see the connection close down cleanly. Or you can
type 'a LIST "" %'. Or 'a SELECT INBOX'. Anyway that's just extra if
you wanna see how the server works.

> `man imapd' you say...  Well the one I have is just one tiny cut above
> useless, lacking descriptive information.

www.imap.org has pointers to the IMAP4rev1 RFC that you should look
for info on how IMAP works, not that you need it.

> I think I like the straight forward approach laid out by Kai and Lars.
> What are the chances on a local network that the `cat' command in the
> mail-sources prescript will die an ugly death?  I'm beginning to think
> what ever risk, it is  much less problem than sorting out a bunch of
> complicated soft ware for this one task.
> 
> Plus, it seems one could insert some kind of `trap' that would make it
> safer. 
> 
> Especially since I have an overall backup of all incoming mail that
> keeps the latest 1000 messages. 

Well, it would be awfully nice if mail-sources and nnimap supported
using a command instead of a direct connection.

-- Naked