joakimbech.com

The trash can full of ideas

Fetchmail and GnuPG

| Comments

When using imap in mutt you have the possibility to use gpg to decrypt your password instead of having it as plaintext in your configuration file (.muttrc), see ArchWiki how to do that.

However, if you consider using POP3, then you will also need to install and enable msmtp (not strictly needed), fetchmail and procmail. Ubuntu have created a quite nice guide of the steps involved.

Just as mutt also msmtp have the possibility to use gpg in runtime instead of having the password stored in plaintext. The way to do that in msmtp is to put a line mention gpg in your $HOME/.msmtprc file.

1
passwordeval    "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.msmtp-gmail.gpg"

However, fetchmail doesn’t have the same option. So, mutt and msmtp is fine, but you still have to put your password in a cleartext file when configuring fetchmail. Clearly there must be a better way to handle this? I downloaded the source code (fetchmail-6.3.26) and did a quick and dirty hack. I just modified the main function in the file fetchmail.c, so that instead of having to provide the password on commandline (when password isn’t set in $HOME/.fetchmailrc) it makes use of gpg similar to how both mutt and msmtp does. It isn’t pretty … but it works (tested on Arch Linux on a Raspberry PI). To try it out, use the same gpg encrypted file as you use for msmtp, i.e, $HOME/msmtp-gmail.gpg and patch fetchmail using this patch and rebuild.

+

fetchmail patch (fetchmail_gpg.patch) download

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
diff --git a/fetchmail.c b/fetchmail.c
index ae30f90..6462dfe 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -573,6 +573,28 @@ int main(int argc, char **argv)
          ctl->remotename, ctl->server.pollname);
      return(PS_AUTHFAIL);
      } else {
+#define ENABLE_GPG_PASSWORD
+#ifdef ENABLE_GPG_PASSWORD
+        FILE *f;
+        f = popen("/usr/bin/gpg -dq $HOME/.msmtp-gmail.gpg", "r");
+        if (f)
+        {
+            tmpbuf = (char *)xmalloc(64);
+            memset(tmpbuf, 0, 64);
+            fgets(tmpbuf, 64, f);
+            pclose(f);
+
+            /* Remove the newline character. */
+            tmpbuf[strlen(tmpbuf)-1] = '\0';
+            ctl->password = xstrdup(tmpbuf);
+            /* fprintf(stdout, "pw: %s : %d\n", ctl->password, strlen(ctl->password)); */
+            free(tmpbuf);
+        }
+        else
+        {
+            fprintf(stderr, "No encrypted file at $HOME/.msmtp-gmail.gpg");
+        }
+#else
      const char* password_prompt = GT_("Enter password for %s@%s: ");
      size_t pplen = strlen(password_prompt) + strlen(ctl->remotename) + strlen(ctl->server.pollname) + 1;

@@ -580,7 +602,9 @@ int main(int argc, char **argv)
      snprintf(tmpbuf, pplen, password_prompt,
          ctl->remotename, ctl->server.pollname);
      ctl->password = xstrdup((char *)fm_getpassword(tmpbuf));
+        fprintf(stdout, "pw: %s : %d\n", ctl->password, strlen(ctl->password));
      free(tmpbuf);
+#endif
      }
  }
     }

Comments