Checking root's mail remotely

MMacD

Active Member

Reaction score: 16
Messages: 183

What's the approved way to get root's mail from some other machine on a secure (pfsense box) lan?

My server-of-all-work runs 10.2, and I have it set up with postfix, dovecot, pam, and openssl. Openssl seems to believe that the setup is good, but I can't get the mail client, running under XP, to log in as root. Someone, pam I suppose, complains in
maillog
that
Code:
Oct 26 09:03:01 server dovecot: pop3-login: Login: user=<root>, method=PLAIN, rip=192.168.0.11, lip=192.168.0.96, mpid=30973, TLS, session=<z5ayPsQ/MhDAqAAL>
Oct 26 09:03:01 server dovecot: pop3(root): Error: Invalid settings in userdb: userdb returned 0 as uid
Oct 26 09:03:01 server dovecot: pop3(root): Error: Invalid user settings. Refer to server log for more information.
which I suppose means that it doesn't like me logging in as root.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,680
Messages: 39,278

It's probably easier if you redirect root's mail using /etc/aliases to a regular user account. You can even forward it to an 'external' email address. Just stick something like this at the end of /etc/aliases:
Code:
root: me@example.com
Or to a 'local' user:
Code:
root: myuser

Don't forget to run newaliases(8) after you modified /etc/aliases.

Using the root account with POP3/IMAP is, in general, not a good idea, even if the connection is encrypted. And judging by the error messages it looks like it's been disabled.
 
OP
MMacD

MMacD

Active Member

Reaction score: 16
Messages: 183

Thanks, SirD. I should have thought of that myself, since I've been autoforwarding from my isp account for years.

I stumbled across some trickiness, trying to organise the alias. I decided that it should be one I can su root from, but discovered that not only does dovecot not like root logging in remotely, it won't even allow someone from wheel to do so. Then, trying to change /etc/group, I discovered that the only account listed for wheel is root itself. So there are now 2 other accounts that think they're in wheel, but that aren't in /etc/group. Does that seem normal to you? I've never had occasion to dig around in the group file before, so maybe it's okay, but it seems like a bug given what the docs say.
 
OP
MMacD

MMacD

Active Member

Reaction score: 16
Messages: 183

I found, too, that aliasing is a bit fragile, since it got confused when I did a test mail to root@server, apparently not realising that it's a local address despite the hostname
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,680
Messages: 39,278

Don't add the @hostname, this will ensure the account is always treated as local.
 
Top