plugins/mail_fetch/README

   1 Mail Fetch
   2
   3 Downloads mail from a pop3 server to your SquirrelMail account.
   4
   5 Features
   6 ========
   7
   8 * Copies messages from remote server
   9 * Saves server, alias, username, and password in prefs file...
  10 * Remembers where to resume downloading messages if
  11   your pop server supports UIDL.
  12 * Optionally deletes mail from the remote server.
  13 * Allow an infinite amount of remote servers
  14 * Optional to not save password - prompt on check
  15 * Save messages into a local IMAP folder instead of INBOX
  16 * Check mail during login (Needs SM 1.1.3 or older).
  17 * Check mail during folder refreshes.
  18 * Allows gettext translations.
  19
  20
  21 Description
  22 ===========
  23
  24 Feel like grabbing your messages from a different mail server into
  25 SquirrelMail?  This might be able to help.
  26
  27
  28 Configuration
  29 =============
  30
  31 Under the options you can add, delete or modify server list where
  32 fetching mail.  For each server you can set also username and password;
  33 if you leave password blank, the password whore required when you fetch
  34 mail.  Make sure "Leave Mail On Server" is checked if you do not want
  35 Mail_Fetch to delete it from the remote server.  Once configured,
  36 click 'Fetch' in the SquirrelMail menu to get your mail; you can fetch
  37 mail from all server instead or from only one by selecting the options
  38 dispayed.
  39
  40 If you want to check mail periodicaly choose "Check mail during login"
  41 or "Check mail during folder refresh". Of course passwords have to be
  42 entered in order for this to work.
  43
  44 In order to secure a little bit the system, pop3 passwords can be encrypted.
  45 The encryption key may be defined in to places. The first, and more secure,
  46 is in the httpd configuration as an enviromental variable called MF_TIT
  47 only accesible from the SquirrelMail directory.
  48
  49 the way you can do this from apache is adding the following directives to
  50 httpd.conf (supposing that SquirrelMail is located at /usr/local) or an
  51 included configuration file:
  52
  53 <Directory "/usr/local/squirrelmail">
  54     SetEnv MF_TIT "MailFetch Secure for SquirrelMail 1.x"
  55 </Directory>
  56
  57 Of course, you should replace the text inside double quotes with the key
  58 you want to (some kind of secret text). A please remember that the file
  59 where you decided to place this must be root only readable.
  60
  61 The second way is to edit functions.php and look for:
  62
  63     if( !isset( $MF_TIT ) ) {
  64         $MF_TIT = "MailFetch Secure for SquirrelMail 1.x";
  65     }
  66
  67 Once again change the text "MailFetch Secure for SquirrelMail 1.x"
  68 with a secret text.
  69
  70 Please note that you must redefine passwords each time you change the key.
  71
  72 To maintain compatibilty with older systems, mail_fetch can work with old
  73 pref files, with no encrypted passwords. If this occurs, you'll see that
  74 the "Encrypt Password" checkbox in the option page is not checked. If you
  75 reenter account's passwords the system will switch to encrypted mode.
  76
  77
  78 Security
  79 ========
  80
  81 By default, the user is not allowed to enter a non-standard POP3 port
  82 number when configuring an external server with this plugin.  This prevents
  83 the use of this plugin as a port scanner against other servers.  However,
  84 if you need to allow users to access a POP3 service running on a non-
  85 standard port, you may create a "config.php" file by copying "config_example.php"
  86 and editing the list of allowable port numbers therein.  If "ALL" is added
  87 to the list of allowable port numbers, then there will be no restriction
  88 on port numbers whatsoever.  Be aware that although this may not represent
  89 any security threat to servers elsewhere on the Internet that does not
  90 already exist (other port scanners are freely available), if your server
  91 resides on a network behind a firewall, this could allow a malicious user
  92 to scan the servers and services behind your firewall that they'd normally
  93 not have access to.
  94
  95 The user will also not be allowed to enter server addresses starting
  96 with "10.", "192.", "127." and "localhost" by default.  This prevents users
  97 from being able to scan an internal network for the presence of other servers
  98 they are not allowed to access.  If other server addresses should be banned,
  99 or this list is too restrictive, you may create a "config.php" file by copying
 100 "config_example.php" and then edit the list of blocked server addresses
 101 therein.
 102
 103
 104 Future Work
 105 ===========
 106
 107 * Add IMAP server stealing
 108
 109 * Limit number of pop accounts
 110
 111
 112 Installation
 113 ============
 114
 115 Go back to the main directory, run configure and add the plugin.
 116
 117 Some plugin settings can be adjusted in config/mail_fetch_config.php or
 118 plugins/mail_fetch/config.php files.
 119
 120 See plugins/mail_fetch/config_sample.php
 121
 122
 123 Note for mod_gzip users
 124 =======================
 125
 126 As fetching module shows information while fetching is taking place, it
 127 is a good idea to disable compression for that operation. The way to do
 128 this with mod_gzip is:
 129
 130 mod_gzip_item_exclude       file fetch.php
 131
 132
 133 Note for Newmail Plugin users
 134 =============================
 135
 136 In order to Newmail plugin detect new mails during folder refreshes
 137 make sure that Mail_Fetch is listed first that Newmail in the
 138 SM configuration. To do so you only have to remove Newmail plugin
 139 and then add it again.
 140
 141
 142 Credits
 143 =======
 144
 145 This plugin has been originally created by Tyler Akins, with contributions
 146 from Philippe Mingo, Tomaso Minelli and Joshua Pollak. It's now maintained
 147 by the SquirrelMail Project Team.
 148