Mail Fetch Downloads mail from a pop3 server to your SquirrelMail account. Features ======== * Copies messages from remote server * Saves server, alias, username, and password in prefs file... * Remembers where to resume downloading messages if your pop server supports UIDL. * Optionally deletes mail from the remote server. * Allow an infinite amount of remote servers * Optional to not save password - prompt on check * Save messages into a local IMAP folder instead of INBOX * Check mail during login (Needs SM 1.1.3 or older). * Check mail during folder refreshes. * Allows gettext translations. Description =========== Feel like grabbing your messages from a different mail server into SquirrelMail? This might be able to help. Configuration ============= Under the options you can add, delete or modify server list where fetching mail. For each server you can set also username and password; if you leave password blank, the password whore required when you fetch mail. Make sure "Leave Mail On Server" is checked if you do not want Mail_Fetch to delete it from the remote server. Once configured, click 'Fetch' in the SquirrelMail menu to get your mail; you can fetch mail from all server instead or from only one by selecting the options dispayed. If you want to check mail periodicaly choose "Check mail during login" or "Check mail during folder refresh". Of course passwords have to be entered in order for this to work. In order to secure a little bit the system, pop3 passwords can be encrypted. The encryption key may be defined in to places. The first, and more secure, is in the httpd configuration as an enviromental variable called MF_TIT only accesible from the SquirrelMail directory. the way you can do this from apache is adding the following directives to httpd.conf (supposing that SquirrelMail is located at /usr/local) or an included configuration file: SetEnv MF_TIT "MailFetch Secure for SquirrelMail 1.x" Of course, you should replace the text inside double quotes with the key you want to (some kind of secret text). A please remember that the file where you decided to place this must be root only readable. The second way is to edit functions.php and look for: if( !isset( $MF_TIT ) ) { $MF_TIT = "MailFetch Secure for SquirrelMail 1.x"; } Once again change the text "MailFetch Secure for SquirrelMail 1.x" with a secret text. Please note that you must redefine passwords each time you change the key. To maintain compatibilty with older systems, mail_fetch can work with old pref files, with no encrypted passwords. If this occurs, you'll see that the "Encrypt Password" checkbox in the option page is not checked. If you reenter account's passwords the system will switch to encrypted mode. Security ======== By default, the user is not allowed to enter a non-standard POP3 port number when configuring an external server with this plugin. This prevents the use of this plugin as a port scanner against other servers. However, if you need to allow users to access a POP3 service running on a non- standard port, you may create a "config.php" file by copying "config_example.php" and editing the list of allowable port numbers therein. If "ALL" is added to the list of allowable port numbers, then there will be no restriction on port numbers whatsoever. Be aware that although this may not represent any security threat to servers elsewhere on the Internet that does not already exist (other port scanners are freely available), if your server resides on a network behind a firewall, this could allow a malicious user to scan the servers and services behind your firewall that they'd normally not have access to. The user will also not be allowed to enter server addresses starting with "10.", "192.", "127." and "localhost" by default. This prevents users from being able to scan an internal network for the presence of other servers they are not allowed to access. If other server addresses should be banned, or this list is too restrictive, you may create a "config.php" file by copying "config_example.php" and then edit the list of blocked server addresses therein. Future Work =========== * Add IMAP server stealing * Limit number of pop accounts Installation ============ Go back to the main directory, run configure and add the plugin. Some plugin settings can be adjusted in config/mail_fetch_config.php or plugins/mail_fetch/config.php files. See plugins/mail_fetch/config_sample.php Note for mod_gzip users ======================= As fetching module shows information while fetching is taking place, it is a good idea to disable compression for that operation. The way to do this with mod_gzip is: mod_gzip_item_exclude file fetch.php Note for Newmail Plugin users ============================= In order to Newmail plugin detect new mails during folder refreshes make sure that Mail_Fetch is listed first that Newmail in the SM configuration. To do so you only have to remove Newmail plugin and then add it again. Credits ======= This plugin has been originally created by Tyler Akins, with contributions from Philippe Mingo, Tomaso Minelli and Joshua Pollak. It's now maintained by the SquirrelMail Project Team.