On Tuesday, 21 September 2010, 09:19:40 -0700,
Brendan Cully <bren...@kublai.com> wrote:
> On Tuesday, 21 September 2010 at 00:43, E. Prom wrote:
> > [...]
> > I tried setting tunnel="ssh my_server nc smtp.gmail.com 465", but it
> > doesn't work and I don't manage to find why. The only thing I can see is
> > that a ssh connection is opened and data is sent. I also tried smtp
> > instead of smtps, but it doesn't work either.
>
> Have you tried running that command yourself from the command line?
> Can you get any data out of netcat that way?
Yes, when using smtp without ssl ("ssh my_server nc smtp.gmail.com 25").
But setting it in $tunnel with some other settings finally causes mutt
to segfault. In the meantime, it seems that ssl/tls is still enabled,
despite ssl_force_tls unset, and using smtp on port 25.
> For situations like this, you might prefer the $preconnect variable:
> http://dev.mutt.org/doc/manual.html#preconnect
> Which will let ssh set up local port forwarding you can use for SMTP.
I think I'll end up using this ; less elegant but it should work :)
> But honestly, I don't see why you're bothering. smtps is encrypted
> from the start, so there's no risk of any data leakage. The only thing
> that an interloper on your wifi network can see is that you have
> opened a connection to smtp.gmail.com. The actual contents of your
> mail are protected.
In fact I felt like having a cold shower when I discovered that
fetchmail and my IRC client don't check the validity of the server's
certificate, allowing mitm. I'm also not very confident in the dozens of
authorities who issue certificates. At least, my ssh server is reliable.
Thanks for your answer.
