0

I would like to set up notification emails from my computer and a NAS server for certain events. However I don't want to leave my email password on the systems. Are there solutions?

Ideally I would like something similar to SSH private key authentication, where I could generate "keys"/credentials for each system (or even just one for notifications in general will do), preferably with reduced privileges (such as only being used to send email and not log in to my email account).

I thought of email aliases, and Hotmail/Outlook is interesting due to the possibility of preventing aliases from being used for account login, but to my knowledge they cannot use a different password from the primary account. This is many-emails-one-password, while I'm looking more for one-email-many-credentials.

Gmail's SMTP relay service seems to do something similar to what I want but requires my credentials, and/or creates OAuth credentials for a project, which I'm not sure can be used by a system just expecting email, password, and SMTP server.

Of course the easy way would be to create a new email account just for notifications, but it's an extra account, and the credentials would still be common between the systems.

What are the options for this common use-case?

Improve this question
1
  • I also tried this answer but it failed for me (connection timed out).
    – adatum
    Commented Sep 3, 2019 at 21:42

1 Answer 1

Reset to default
0

Your logic is a bit flawed in as much as a private/public key still means if a PC is compromised the attacker can use the private key analogously to a password.

There are some solutions to your problem. One way would be to set up your own SMTP server/proxy and allow senders of known IP addresses to send emails without authenticating. (Many Linux server distros do something like this on a per host basis to allow local servers to send email).

Another alternative would be to forgo email notifications and use another mechanism to achieve the same goal. It occurs to me I could build a CA which uses client side certs and knock up a web->email gateway, using my CA public/private key infrastructure for authentication. Of-course, its probably simpler to just use SSH infrastructure to send commands across an ssh connection to create an email. All of this requires running your own SMTP server though.

Improve this answer
1
  • Setting up my own SMTP server/proxy seems complicated/overkill for this situation, but I appreciate the suggestion. About the public key analogy, what I mean is if one system and its password are compromised, that password can be revoked. The problem is solved without having to change the password on every other system since they don't share one password. Unfortunately, so far, using a dedicated email account (and a single password) for notifications seems like the simplest solution.
    – adatum
    Commented Sep 4, 2019 at 23:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .