Hey all, I'm in the process of writing some scripts which I want to be able to take actions on my local mailbox. (For example, to move a subset of messages to the trash over time, if unread for a week. To act on messages in my learn-spam folder and then delete them). What occured to me as being a Neat Idea is if Dovecot could honor ident (rfc1413) lookups, from trusted hosts (i.e. 127.0.0.1). In this way I get all the benefits of dovecot's indexing being updated and nice locking, but I don't have to leave my password laying around in a plaintext file. (Yes, this assumes I'm running a shell on the mail server. I'm not concerned about the same level of security when you could simply cat my mail spool). I'd definitely consider something like an SSH key with a forced command (I do see questions in the FAQ about making dovecot work over a socket connection), but that forgoes using standard imap clients. I could also create a dovecot-only user with my UID and no other login privileges, but I'd like this to "just work" for anyone. I don't know anything about if dovecot supports X509 auth, but this would require the client libraries to support such a thing, which not all do. I'd love to hear about any other ways people have thought about to do this. Any ideas? -Dan Mahoney -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
On Thu, May 23, 2013 at 04:10:01PM -0700, Dan Mahoney, System Admin wrote:> I'd love to hear about any other ways people have thought about > to do this. Any ideas?Are you familiar with the mutt(1) MUA? I use it with a: set tunnel="MAILDIR=~/Mail/ /usr/libexec/dovecot/imap" So it speaks IMAP, but to its own /usr/libexec/dovecot/imap process, not through a network socket. Maybe you could adapt this idea in some way. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote:> > I'm in the process of writing some scripts which I want to be able to take > actions on my local mailbox. (For example, to move a subset of messages > to the trash over time, if unread for a week. To act on messages in my > learn-spam folder and then delete them).http://wiki2.dovecot.org/PreAuth You can also use doveadm for quite a lot of this sort of administration; this may be easier if you're scripting in shell rather than something more sophisticated.> I'd definitely consider something like an SSH key with a forced > command (I do see questions in the FAQ about making dovecot work over a > socket connection), but that forgoes using standard imap clients.Well, I'm not sure what you consider 'standard' here, but there are both Perl and Python IMAP libraries which will connect to a command rather than a socket. If you're using a client which insists on connecting to an (INET) socket, it's a little harder; while you can obviously connect preauthed imap to a listening socket with netcat, that's not remotely secure.> I could also create a dovecot-only user with my UID and no other login > privileges, but I'd like this to "just work" for anyone.I believe with the latest 2.2 you can also do this with Kerberos principals, if you're running Kerberos; I haven't looked into this yet, but I mean to (for much the same reason). Ben