X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fmail_fetch%2FREADME;h=8e1e8e1875493161919457a7afc4f9f198b37823;hp=239f9fc8c24047e3517813583cbbbaade75a5e7f;hb=9ae70b623b5bda18ee4b60d9481d49d057b2f508;hpb=d622d38af6c2101b24c27851caf30866070c90c1
diff --git a/plugins/mail_fetch/README b/plugins/mail_fetch/README
index 239f9fc8..8e1e8e18 100644
--- a/plugins/mail_fetch/README
+++ b/plugins/mail_fetch/README
@@ -1,4 +1,4 @@
-Mail Fetch -- Version 1.3.0
+Mail Fetch
Downloads mail from a pop3 server to your SquirrelMail account.
@@ -7,13 +7,13 @@ Features
* Copies messages from remote server
* Saves server, alias, username, and password in prefs file...
-* Remembers where to resume downloading messages if
+* Remembers where to resume downloading messages if
your pop server supports UIDL.
* Optionally deletes mail from the remote server.
* Allow an infinite amount of remote servers
* Optional to not save password - prompt on check
* Save messages into a local IMAP folder instead of INBOX
-* Check mail during login (Needs SM 1.1.3 or older).
+* Check mail during login (Needs SM 1.1.3 or older).
* Check mail during folder refreshes.
* Allows gettext translations.
@@ -31,7 +31,7 @@ Configuration
Under the options you can add, delete or modify server list where
fetching mail. For each server you can set also username and password;
if you leave password blank, the password whore required when you fetch
-mail. Make sure "Leave Mail On Server" is checked if you do not want
+mail. Make sure "Leave Mail On Server" is checked if you do not want
Mail_Fetch to delete it from the remote server. Once configured,
click 'Fetch' in the SquirrelMail menu to get your mail; you can fetch
mail from all server instead or from only one by selecting the options
@@ -43,11 +43,11 @@ entered in order for this to work.
In order to secure a little bit the system, pop3 passwords can be encrypted.
The encryption key may be defined in to places. The first, and more secure,
-is in the httpd configuration as an enviromental variable called MF_TIT
-only accesible from the squirrelmail directory.
-
-the way you can do this from apache is adding the following directives to
-httpd.conf (supposing that squirrelmail is located at /usr/local) or an
+is in the httpd configuration as an enviromental variable called MF_TIT
+only accesible from the SquirrelMail directory.
+
+the way you can do this from apache is adding the following directives to
+httpd.conf (supposing that SquirrelMail is located at /usr/local) or an
included configuration file:
@@ -55,7 +55,7 @@ included configuration file:
Of course, you should replace the text inside double quotes with the key
-you want to (some kind of secret text). A please remember that the file
+you want to (some kind of secret text). A please remember that the file
where you decided to place this must be root only readable.
The second way is to edit functions.php and look for:
@@ -64,7 +64,7 @@ The second way is to edit functions.php and look for:
$MF_TIT = "MailFetch Secure for SquirrelMail 1.x";
}
-Once again change the text "MailFetch 0.8 Secure for SquirrelMail 1.x"
+Once again change the text "MailFetch Secure for SquirrelMail 1.x"
with a secret text.
Please note that you must redefine passwords each time you change the key.
@@ -75,45 +75,49 @@ the "Encrypt Password" checkbox in the option page is not checked. If you
reenter account's passwords the system will switch to encrypted mode.
+Security
+========
+
+By default, the user is not allowed to enter a non-standard POP3 port
+number when configuring an external server with this plugin. This prevents
+the use of this plugin as a port scanner against other servers. However,
+if you need to allow users to access a POP3 service running on a non-
+standard port, you may create a "config.php" file by copying "config_example.php"
+and editing the list of allowable port numbers therein. If "ALL" is added
+to the list of allowable port numbers, then there will be no restriction
+on port numbers whatsoever. Be aware that although this may not represent
+any security threat to servers elsewhere on the Internet that does not
+already exist (other port scanners are freely available), if your server
+resides on a network behind a firewall, this could allow a malicious user
+to scan the servers and services behind your firewall that they'd normally
+not have access to.
+
+The user will also not be allowed to enter server addresses starting
+with "10.", "192.", "127." and "localhost" by default. This prevents users
+from being able to scan an internal network for the presence of other servers
+they are not allowed to access. If other server addresses should be banned,
+or this list is too restrictive, you may create a "config.php" file by copying
+"config_example.php" and then edit the list of blocked server addresses
+therein.
+
+
Future Work
===========
* Add IMAP server stealing
-
+
* Limit number of pop accounts
Installation
============
-As with other plugins, just uncompress the archive in the plugins
-directory, go back to the main directory, run configure and add the plugin.
-
-Questions/comments/flames/etc can be sent to the SquirrelMail plugins list.
+Go back to the main directory, run configure and add the plugin.
-Old versionn (0.7) has been updated from 0.6 by Philippe Mingo
- IMPORTANT!!! This is a "secured" version, it makes a little encryption
- of the pop3 passwords. In order to use this facility, systems that
- have been using older versions (0.6 and lessers) should reenter
- passwords using the modify button at the options page in order to
- encrypt the password. The Encrypt passwords checkbox is only informative,
- and it lets you know if passwords are secure or not.
+Some plugin settings can be adjusted in config/mail_fetch_config.php or
+plugins/mail_fetch/config.php files.
-Old version (0.4) has been updated from Joshua's version 0.3 by
- Tomaso Minelli
- and Tyler (but only VERY minor stuff -- not worth really mentioning)
-
-Old version (0.3) has been updated from Tyler's original version 0.1 by
- Joshua Pollak
-
-
-Translations
-============
-Translation is made in the same manner than Squirrelmail's core does.
-You need to take .po file, fill the template, store it
-in the appropriate locale folder under the plugin and compile the po
-file. Better than this fill the po file and send it back to the author.
-The translation will be included in the next release of the plugin.
+See plugins/mail_fetch/config_sample.php
Note for mod_gzip users
@@ -135,47 +139,10 @@ SM configuration. To do so you only have to remove Newmail plugin
and then add it again.
-ChangeLog
-=========
-
----------------------------------------------------------------------------
- Philippe Mingo
----------------------------------------------------------------------------
-1.3.0 Official SM Version - Moved into the SM package.
-1.2.6 BugFix
-1.2.5 Bugfix
-1.2.4 Optimized class.POP3. Fixed problem with spaces in folders name.
-1.2.3 non-gettext systems now works
-1.2.2 Fixed login problems.
-1.2.1 Added polish translation.
-1.2.0 Added spanish translation.
-1.1.2 Bugfix: Missing include at login check.
-1.1.1 Bugfix: Now works with SM 1.1.1 and 1.1.2. To do this check during
- login is disabled with these versions.
-1.1 Bugfix: Now messages deletes correctly from pop servers.
-1.0 Added check during folder refresh and check during login code.
-0.9 Added an alias for each server. Changed default encryption key, please
- reenter passwords if you're not using environment system.
-0.8 Better encryption security through env variables.
-0.7 Added password encryption and strings internationalization.
-----------------------------------------------------------------------------
-0.6 Bugfix for folder list and typo
- set_time_limit of 20 seconds per message (to avoid timeout errors)
-0.5 Works properly for servers that have 0 messages to fetch
-----------------------------------------------------------------------------
- Tomaso Minelli
-----------------------------------------------------------------------------
-0.4 Allow an infinite amount of remote servers
- If password is empty, prompt on check
- Save messages into a local IMAP folder instead of INBOX
- (Tyler) Uses new 1.1.1 validate.php format
-----------------------------------------------------------------------------
- Joshua Pollak
-----------------------------------------------------------------------------
-0.3 Converted fetch routine to use the POP3 object from thewebmasters.net
- Added Leave Mail on Server option
- Now only downloads new messages if the pop server supports UIDL.
-----------------------------------------------------------------------------
-0.2 Now saves account information
-0.1 Initial release by Tyler Akins
-----------------------------------------------------------------------------
\ No newline at end of file
+Credits
+=======
+
+This plugin has been originally created by Tyler Akins, with contributions
+from Philippe Mingo, Tomaso Minelli and Joshua Pollak. It's now maintained
+by the SquirrelMail Project Team.
+