The root user can receive a lot of email, and if left unchecked, this can accumulate into a very large file, which could potentially fill /var. However, emptying this mailbox can be a pain, especially if the machine is at a remote location, behind a firewall.
This page details a method to securely obtain root's email, via the internet, without using POP3S and without reconfiguring the router. The process below tunnels the POP3 connection via SSH, this keeps things nice and simple, does not expose the POP3 server to the internet, and does not open any extra ports on the firewall. The process below also redirects root's email to another user, this means that root's password does not need to be stored in the POP3 client used to check the mail.
cat /var/mail/root >> /var/mail/rootmail
cat /dev/null > /var/mail/root
echo "test mail" | mailx -s "test mail" root
The mail should be written to /var/mail/rootmail, while /var/mail/root should remain empty.
Now, root's mail is available for download via POP3, using the unprivileged account "rootmail".
The above account could be checked as-is, across the internet, if port-forwarding was set up, however we want to use SSH, this saves us from having to configure SSL support in our POP3 server and client, and having to set up port-forwarding on the router.
Create the SSH tunnel with PuTTY as follows:
Open your POP3 client software (eg. Thunderbird) and create a new POP3 account with the following settings:
This done, the rootmail account can be checked with POP3 whenever the SSH tunnel is open.