1. gsauthof
  2. mailcp

Source

mailcp /

Filename Size Date modified Message
4.3 KB
8.9 KB
-*- markdown -*-

##  Overview 

mailcp is a small program to copy mail. My main usage of mailcp
is to periodically deliver my mail from an IMAPS server to my
local maildir-mailbox.

mailcp uses [libvmime][vmime] to support various mailbox types.

Example:

    $ cat config
    imaps://juser:pw@imap.example.net|INBOX
    maildir://localhost/home/juser/mail|test
    $ ./mailcp -r cert -d -f config

In this example mailcp is instructed to trust server
certificates, which are signed by the root certificate from file cert,
to delete the copied messages from the source, if the transfer
was successful and to read source and destination from the file
config.

other url schemes are:

        protocol://(username(:password)?@)?host(:port)?(/root-path)?(\|dir)?
        where protocol is one of {imap, imaps, pop3, pop3s, smtp, smtps,
                                  maildir, sendmail }
        host must be non-empty - e.g. for maildir just set it to localhost

mailcp is designed as one-tool-for-one-job and it tries to follow
the [KISS][KISS] (keep it simple) principle.

mailcp supports TLS in the expected way. I.e. if a server
certificate does not validate, no connection is established. It
is possible to supply trusted/root certificates in various
formats for consideration by mailcp.

mailcp cares about data safety, i.e. if source messages are
deleted, it is made sure that they reliably exist at the
destination. libvmime was reviewed and lightly changed (changes
were integrated into libvmime), such that fsync is called at the
right places, and the posix system calls are checked for all
eventualities.

##  Install 

Dependencies:

* GNU make
* C++ Compiler (GCC g++ is fine)
* libvmime (http://www.vmime.org/)
  > 0.9.0 - currently this means svn trunk - or a future release

    $ make mailcp LDLIBS=-lvmime CXXFLAGS="-O -g -Wall"
    $ cp mailcp $PREFIX/bin

where PREFIX is your favourite destination

Or if you want to build a debug version:

in vmime src dir:

    $ scons debug=yes prefix=$PREFIX
    $ scons debug=yes prefix=$PREFIX install

in the mailcp dir:

    $ make mailcp CXXFLAGS="-g -Wall -I$PREFIX/include" \
                  LDLIBS="trunk/vmime/libvmime-debug.a -lgnutls -lgsasl"


##  Related programs 

For delivering mail from some imap/pop3 server to a local mailbox
there exist several tools.

There is fetchmail, which has a scary config file syntax and
spools fetched mail into the local MTA. In addition to that it
has quite a history of security related issues.

getmail is written in python and tries to be a better fetchmail
with easier config file syntax, direct delivery without
unnecessary/dangerous MTA spooling, less security issues and
overall better design. getmail supports TLS for imap-access etc.
but the severe issue with its TLS-support is, that getmail does
not do any server-certificate validation.

The author plans to support server-certificate validation at some
point in the future, but only as an optional feature.

Thus, getmail nicely invites man-in-the-middle-attackers.

I.e. when using getmail with imaps an attacker is able to read
your mail, delete your mail, manipulate your mail and spy your
username/password.


##  FAQ 

1. Why mailcp does not support spam filtering?

   mailcp just copies mails and tries to be good at it. E.g. if you
   don't want to deliver all your mail from some imap server to
   ~/mail/in and instead filter spam to ~/mail/spam, just invoke
   first mailcp and then a specialized mail filter program.

   Example:
    1. mailcp imap-server -> ~/mail/incoming/
    2. call formail for ~/mail/incoming with procmail -f custom-procmailrc
       (pipes mail through spamassassin, crm114 or something like that)
       * filter rule for ham to ~/mail/inbox/
       * filter rule for spam to ~/mail/spam/
    => for convenience, just put both command lines into some wrapper
       shell-script

2. Howto find out which certificates the remote server sends?

       $ openssl s_client -showcerts -connect imap.example.org:993

   or

       $ gnutls-cli --port 993 imap.example.org

   And to check if a certain root certificate is the right one for a
   certain server:

       $ gnutls-cli --x509cafile someOverpaidRootCertificateAuthority.pem \
                    --port 993 imap.example.org


[KISS]: http://en.wikipedia.org/wiki/KISS_principle
[vmime]: http://www.vmime.org/