Re: [msmtp-users] Re: Fixed the 'From' header problem

[Martin Lambers <marlam@...23...>]

On Fri, 10. Mar 2006, 12:08:17 +0000, anon anon wrote:
> The only issue I have left is with the msmtp sysconfig file being world
> readable: I don't necessarily want all users seeing the un/pw combination
> for the SMTP server.
> 
> Someone suggested I set msmtp to setuid to user 'msmtp' and then change
> the perms on the file.  I might try that.  For the time being, everything
> works great.

Please note that msmtp was not designed to be setuid. A user can simply
use the --debug option and then read the password anyway (at least in
case of PLAIN and LOGIN authentication). Even if --debug would be
disabled, it is very likely that a malicious user will find a way to
break a setuid msmtp and get access to the authentication data.

Is it possible to restrict the SMTP server to only accept connections
from a few selected hosts? Then you would not need authentication.

Regards,
Martin