how to read root mail from other machine on secure lan

karlp at ourldsfamily.com karlp at ourldsfamily.com
Wed Jan 24 21:24:07 UTC 2007 

On Mon, January 22, 2007 10:48 am, Rick Stevens wrote:
> On Mon, 2007-01-22 at 10:04 +0700, Budi Febrianto wrote:
>> I never read root emails as root. I forward all root emails to another
>> user account.
>>
>> Budi Febrianto
>>     indomino.blogpsot.com
>>
>> Ralph E. Kenyon, Jr. wrote:
>> > Hi,
>> >
>> > I'm trying to figure out how to allow access to my root mail account using
>> > a pop email client on another machine on my LAN.
>> >
>> > I can check the mail for another user on my Redhat 9 linux box, but not
>> > root.
>> > Authentication fails.
>> >
>> > I have managed to allow telnet login to root, but this did not work for
>> > the mail account.
>> >
>> > Can anyone give me any suggestions?
>
> There are several issues.  First off, by default RHEL doesn't allow root
> access over the network--only on the console.  To change that (and I do
> NOT recommend this for security reasons), edit /etc/securetty.  It
> contains a list of the ttys that root IS allowed to log in on.
>
> Second, NEVER, EVER, EVER use telnet!  It is completely unsecure.
> Usernames, passwords and ALL data is sent over the net in cleartext.
> Use ssh instead.  And even using ssh, never log in as root.  Log in as a
> normal user, then use "su -" to become root.
>
> Third, the POP server (dovecot) by default doesn't allow access by users
> with UIDs less than 500.  Look at the /etc/dovecot.conf file for
> details.

Oh, and it's probably better to vi /etc/aliases;newaliases

and set 'who gets root email' to yourself. That's the preferred method. Then
write a procmail rule:

:0:
*^TO_root at host
  IN-root_host

or something similar.

Karl


> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -          su -; find / -name someone -exec touch \{\} \;            -
> -                          - The UNIX way of touching someone        -
> ----------------------------------------------------------------------
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>


-- 
karl
     _/  _/      _/      _/_/_/       ____________   __o
    _/ _/       _/      _/    _/     ____________  _-\<._
   _/_/        _/      _/_/_/                     (_)/ (_)
  _/ _/       _/      _/           ......................
 _/   _/ arl _/_/_/  _/ earson    KarlP at ourldsfamily.com
---
Senior Consulting Sys/DB Analyst
http://consulting.ourldsfamily.com
---
 My Thoughts on Terrorism In America right after 9/11/2001:
 http://www.ourldsfamily.com/wtc.shtml
---
 The world is a dangerous place to live... not because of
 the people who are evil, but because of the people who
 don't do anything about it.
 - Albert Einstein
---

More information about the Redhat-install-list mailing list