Add ability to show login error from the IMAP server instead of traditional "Unknown...
[squirrelmail.git] / plugins / mail_fetch / README
CommitLineData
7aa22276 1Mail Fetch
d622d38a 2
3Downloads mail from a pop3 server to your SquirrelMail account.
4
5Features
6========
7
8* Copies messages from remote server
9* Saves server, alias, username, and password in prefs file...
598294a7 10* Remembers where to resume downloading messages if
d622d38a 11 your pop server supports UIDL.
12* Optionally deletes mail from the remote server.
13* Allow an infinite amount of remote servers
14* Optional to not save password - prompt on check
15* Save messages into a local IMAP folder instead of INBOX
598294a7 16* Check mail during login (Needs SM 1.1.3 or older).
d622d38a 17* Check mail during folder refreshes.
18* Allows gettext translations.
19
20
21Description
22===========
23
24Feel like grabbing your messages from a different mail server into
25SquirrelMail? This might be able to help.
26
27
28Configuration
29=============
30
31Under the options you can add, delete or modify server list where
32fetching mail. For each server you can set also username and password;
33if you leave password blank, the password whore required when you fetch
598294a7 34mail. Make sure "Leave Mail On Server" is checked if you do not want
d622d38a 35Mail_Fetch to delete it from the remote server. Once configured,
36click 'Fetch' in the SquirrelMail menu to get your mail; you can fetch
37mail from all server instead or from only one by selecting the options
38dispayed.
39
40If you want to check mail periodicaly choose "Check mail during login"
41or "Check mail during folder refresh". Of course passwords have to be
42entered in order for this to work.
43
44In order to secure a little bit the system, pop3 passwords can be encrypted.
45The encryption key may be defined in to places. The first, and more secure,
598294a7 46is in the httpd configuration as an enviromental variable called MF_TIT
47only accesible from the SquirrelMail directory.
48
49the way you can do this from apache is adding the following directives to
50httpd.conf (supposing that SquirrelMail is located at /usr/local) or an
d622d38a 51included configuration file:
52
53<Directory "/usr/local/squirrelmail">
54 SetEnv MF_TIT "MailFetch Secure for SquirrelMail 1.x"
55</Directory>
56
57Of course, you should replace the text inside double quotes with the key
598294a7 58you want to (some kind of secret text). A please remember that the file
d622d38a 59where you decided to place this must be root only readable.
60
61The second way is to edit functions.php and look for:
62
63 if( !isset( $MF_TIT ) ) {
64 $MF_TIT = "MailFetch Secure for SquirrelMail 1.x";
65 }
66
7aa22276 67Once again change the text "MailFetch Secure for SquirrelMail 1.x"
d622d38a 68with a secret text.
69
70Please note that you must redefine passwords each time you change the key.
71
72To maintain compatibilty with older systems, mail_fetch can work with old
73pref files, with no encrypted passwords. If this occurs, you'll see that
74the "Encrypt Password" checkbox in the option page is not checked. If you
75reenter account's passwords the system will switch to encrypted mode.
76
77
b571d899 78Security
79========
80
81By default, the user is not allowed to enter a non-standard POP3 port
82number when configuring an external server with this plugin. This prevents
83the use of this plugin as a port scanner against other servers. However,
84if you need to allow users to access a POP3 service running on a non-
85standard port, you may create a "config.php" file by copying "config_example.php"
86and editing the list of allowable port numbers therein. If "ALL" is added
87to the list of allowable port numbers, then there will be no restriction
88on port numbers whatsoever. Be aware that although this may not represent
89any security threat to servers elsewhere on the Internet that does not
90already exist (other port scanners are freely available), if your server
91resides on a network behind a firewall, this could allow a malicious user
92to scan the servers and services behind your firewall that they'd normally
93not have access to.
94
95The user will also not be allowed to enter server addresses starting
96with "10.", "192.", "127." and "localhost" by default. This prevents users
97from being able to scan an internal network for the presence of other servers
98they are not allowed to access. If other server addresses should be banned,
99or this list is too restrictive, you may create a "config.php" file by copying
100"config_example.php" and then edit the list of blocked server addresses
101therein.
102
103
d622d38a 104Future Work
105===========
106
107* Add IMAP server stealing
598294a7 108
d622d38a 109* Limit number of pop accounts
110
111
112Installation
113============
114
7aa22276 115Go back to the main directory, run configure and add the plugin.
d622d38a 116
60683821 117Some plugin settings can be adjusted in config/mail_fetch_config.php or
118plugins/mail_fetch/config.php files.
d622d38a 119
202bcbcc 120See plugins/mail_fetch/config_sample.php
d622d38a 121
122
123Note for mod_gzip users
124=======================
125
126As fetching module shows information while fetching is taking place, it
127is a good idea to disable compression for that operation. The way to do
128this with mod_gzip is:
129
130mod_gzip_item_exclude file fetch.php
131
132
133Note for Newmail Plugin users
134=============================
135
136In order to Newmail plugin detect new mails during folder refreshes
137make sure that Mail_Fetch is listed first that Newmail in the
138SM configuration. To do so you only have to remove Newmail plugin
139and then add it again.
140
141
7aa22276 142Credits
143=======
144
145This plugin has been originally created by Tyler Akins, with contributions
146from Philippe Mingo, Tomaso Minelli and Joshua Pollak. It's now maintained
147by the SquirrelMail Project Team.
148