[Postfixadmin-devel] fetchmail support

[Christian B. <pos...@cb...>]

Hello,

Viktor Gotwig (info AT symateam.de) has sent me a patch to add fetchmail=20
support to Postfixadmin. I just commited the major parts of it. The=20
only thing I left out is the menu entry (templates/menu.tpl)
   <li><a target=3D"_top" href=3D"fetchmail.php">
      <?php print $PALANG['pMenu_fetchmail']; ?></a></li>
which should be wrapped by a nice "if ($CONF[fetchmail_whatever'])".

=46or now, you have to type fetchmail.php in your browser to use the=20
script.

The original patch (against 2.1) is attached to this mail; I had to do=20
some minor changes to make it work with the SVN version.

This is the original mail Viktor sent me:
(some additional comments are listed below)

=2D---------  Weitergeleitete Nachricht  ----------

Betreff: postfixadmin 2.1.0
Datum: Montag, 24. September 2007
Von: Viktor Gotwig
An: Christian Boltz

Hello mister Boltz,

I have taken some improvements on postfixadmin-2.1.0 to add an fetchmail
interface. May be, you can also reuse it.

Many small/middle companies have only an dynamical IP connection to the
internet (DSL etc.) and are not able directly receive their emails from
outside with postfix. Fetchmail is very handly, but does not have some
possibility for an sql configuration.

My approach was to run an cronjob "job.pl" (each 5 minutes), that create
an .fetchmailrc configuration on the fly for each account, runs
"fetchmail" with that and saves returned text protocol message from
fetchmail back into the table.

Security things:
1) the file .fetchmailrc does not contains passwords or another sensible
data from different users at a time,
2) it will be deleted at the end of cron job,
3) the passwords are stored base64-encoded to protect against accident
read/remember by administrators working on the DB. Is of course not
secure, helps against accidents only.

ToDo for me: the fetchmail option "MDA" is not tested yet. We plan to
write some custom email filter scripts, it may be conveniently to use
that option here.

Thanks a lot for the program, it is really very useful. Sorry for
perhaps to quick and dirty code, I have had very little time for that.
And polite request to you: Please find some time to check/protect the
code against sql injections, there are really a lot of places in code
where injections are possible.

I will be like to hear something from you :)


Good luck,

Viktor.

P.S. For the info: I have already send this patch to mister Peters
(because their email address was first that I found on some source
files), but he answered not to work on this project any more.
=2D------------------------------------------------------

Additions from some later mails (in german, therefore not quoted here):

"legal"
=2D he has allowed to publish his code/patch under GPL
=2D we are allowed to do any change we find useful
=2D he would be happy if we list his name somewhere[tm]

technical:
=2D the "Extra options" and "MDA" can be dangerous (example MDA=20
  "rm -rf /") - so these fields should be locked unless a special
  $CONF setting is enabled.
  Another option would be to offer some options in a dropdown list,
  populated by a config.inc.php setting.
=2D the user interface differs from the current Postfixadmin style (try=20
  yourself ;-)  (yes, we should change it to follow the current=20
  Postfixadmin style)
=2D fetchmail.tpl uses an interesting method to call helper functions,
  judge yourself (I'll add my opition later)
=2D known bug: several "undefined offset" and "undefined index" notices
=2D the database definition for fetchmail currently resides in a comment
  in fetchmail.php
=2D lots of strings are not translatable yet


Regards,

Christian Boltz
=2D-=20
> > Ich habe auf diese Soap Opera hier eigentlich keine Lust...
> Dann mach Deinen Rechner aus, das Fenster auf und bef=F6rdere diesen
> aus dem selbigen.
wieso Fenster auf?
[>> su...@ni..., > Michael Raab und Michael Schulz in suse-linux]