Hi.
On Tue, Dec 31, 2019 at 02:11:06PM +0100, Markus Grunwald wrote:
> But, there is a problem: I have to put the plain mail password in
> /etc/msmtprc, because the normal user won't be there to unlock a gpg
> file or give msmtp the password in any other way. That means, I want
> /etc/msmtprc to be only readable by root (440). But then, users other
> than root (nobody maybe?) won't be able to send mails...
NEWS.Debian.gz have this to say on the issue:
The system-wide configuration file (/etc/msmtprc) can contain SMTP
credentials that are best kept secret. To let regular users use msmtp
while preventing them from reading the file, the permissions can be
adjusted that way:
# chmod 0640 /etc/msmtprc
# chgrp msmtp /etc/msmtprc
So that msmtp's binary executing as the "msmtp" group (setgid) can
access it.
In short, if a user will use "msmtp" to send e-mails - you're set.
If msmtp somehow fails you - consider using exim4, which passwd.client
file should not be readable by ordinary user at all.
Reco
