Wageningen University: sending email using msmtp

I have recently posted a pdf explaining how to configure Mutt if you are a student or employee at Wageningen University and wish to use your WURnet email account on your own computer. In that HOWTO the program used to send mail (msmtp) is configured to use DavMail instead of directly connecting to the universities SMTP server. For those of you who do want to connect directly instead, the following lines may be used in “~/.msmtprc”.

# Configuration for direct connection (no DavMail needed)
account WUR
host smtp.wur.nl
port 25
from <firstname.lastname@wur.nl>
tls on
tls_trust_file /usr/local/share/certs/ca-root-nss.crt
tls_starttls on
auth on
user <firstname.lastname@wur.nl>
password <your WURnet password>

This configuration will work on FreeBSD, where the ca-certificates are found in the location /usr/local/share/certs. If you use a different system, then you may need to specify a different directory. Alternatively, it would also be possible (with decreasing security) to use (a) the tls_fingerprint option or (b) the tls_certcheck option (see “man msmtp”). For the tls_fingerprint option, you will need to specify the SHA1 fingerprint of the certificate that the server uses, which you can find by executing e.g.:

$> msmtp –serverinfo –tls –tls-certcheck=off –host=smtp.wur.nl | grep SHA | sed -r ‘s/.{14}//’

If this also doesn’t work (and it really should!), then you could also just use “tls_certcheck no”. But this can leave your email vulnerable to MitM’ing unpleasantness, so it is best avoided.

Deleting files more securely in FreeBSD

People use computers to create and store bodies of text, in some format or another, that may contain private information. When these files are not encrypted—an all too common situation—then they can in theory be read by anyone with physical access to the storage medium upon which these files are encoded. But even worse, your files can be read even after you have deleted them.

That is because, simply put, when you instruct your system to delete a file (e.g. by executing “rm /path/to/file.txt”) it doesn’t really “delete” anything, it just makes the address unavailable to the system. Or, to use an analogy, the operating system is like a person who has forgotten where his diary is located. But the diary is still somewhere in his house, and anyone who can physically enter the house and searches thoroughly just might be able to find it. This may not be what you want.

So if you truly want no-one to be able to read your personal diary, then doing so by simply forgetting where you keep the diary makes no more sense in the binary world than it does in the physical universe. Instead, you want to take a big black marker pen and vigorously cross out every page of writing in the diary, preferably a couple of times just to be sure you didn’t miss anything. Something similar can be done to files on your FreeBSD system as well.

In order to securely delete files, you will first need to install the GNU coreutils in /usr/ports/sysutils/:

root@hostname:~ # cd /usr/ports/sysutils/coreutils/
root@hostname:/usr/ports/sysutils/coreutils # make install clean

This will install the GNU shred command, which will be called “gshred” on FreeBSD systems. Using this command, you can safely delete files containing sensitive data. For example, say you want to delete the file “private.txt” in your home directory. Then you would execute something like this:

[user@hostname ~]$ gshred -vuz private.txt

See also “man gshred” for more info.