Commit d78b61e3 authored by Rob Funk's avatar Rob Funk

Add files from ESR's dev directory that weren't under version control

svn path=/trunk/; revision=3881
parent d9e84e17
aclocal.m4
config.h.in
configure
config.guess
config.sub
install-sh
mkinstalldirs
missing
This diff is collapsed.
Changelog for fetchmail
* Mon Jan 12 2004 <esr@thyrsus.com>
- See the project news file for recent changes.
Summary of responses on `Nuke the options?':
Yes:
Felix Morley Finch <felix@crowfix.com>
Nathan Myers <ncm@cantrip.org>
Irving Wolfe <Irving_Wolfe@wolfe.net>
Craig Metz <cmetz@inner.net>
Alexander Kourakos <awk@bnt.com>
John Swinbank <john@swinbank.u-net.com>
Alexandros Manoussakis <alx@beryl.kapatel.gr>
No:
Guenther Leber <gleber@gams.at>
Dave Bodenstab <imdave@mcs.net>
Erik Soosalu <esoosalu@geocities.com>
Jonathan Marten <jonathan.marten@uk.Sun.COM>
Other:
Chris Hanson <cph@martigny.ai.mit.edu> thinks --smtphost can be useful,
but says the change won't affect him.
Matt Simmons <simmonmt@acm.org> didn't express a general opinion but wants
-B/fetchlimit kept.
Steffen Opel <opel@rumpelkammer.uni-mannheim.de> makes a good argument
that --limit should be settable from the command line as a way to throttle
fetches according to day-night rates.
Comments:
felix@crowfix.com: "Using --fetchmailrc, someone could
write a Perl wrapper which would dummy up a temporary control file
using the soon-to-be-banned options, if someone really wanted such a
program."
ncm@cantrip.org doesn't want fetchmailrc to require a control file.
gleber@gams.at: "I like the flexibility I get from [command-line
options] and use it very often."
awk@bnt.com: keep -u, -p, nuke the others.
alx@beryl.kapatel.gr: keep -u, -p, -t, nuke the others.
esoosalu@geocities.com: "I would have an objection to removing
command line options: It makes it a lot harder to debug the inital setup."
jonathan.marten@uk.Sun.COM: particularly (and not unreasonably)
objects to losing -r.
Alexandros Manoussakis <alx@beryl.kapatel.gr> offered the following summary:
It seems like many of us want to be able to use
fetchmail without the need of a .fetchmailrc file.
Regarding your list of commands to remove from
the command line, taking into account the feedback
regarding the matter we have (* denotes wanted options):
-I, --interface interface required specification
-M, --monitor monitor interface for activity
* -p, --protocol specify pop2, pop3, imap, apop, rpop, kpop, etrn
-U, --uidl force the use of UIDLs (pop3 only)
-P, --port TCP/IP service port to connect to
-A, --auth authentication type (password or kerberos)
-E, --envelope envelope address header
-Q, --qvirtual prefix to remove from local user id
* -u, --username specify users's login on server
-n, --norewrite don't rewrite header addresses
* -l, --limit don't fetch messages over given size
* -K, --nokeep delete new messages after retrieval
* -S, --smtphost set SMTP forwarding host
-D, --smtpaddress set SMTP delivery domain to use
-Z, --antispam, set antispam response value
-b, --batchlimit set batch limit for SMTP connections
-B, --fetchlimit set fetch limit for server connections
-e, --expunge set max deletions between expunges
* -r, --folder specify remote folder name
* -t, --timeout server nonresponse timeout
Let's see how it goes and you can remove at least the options
no-one complains about!
NTLM support by Grant Edwards <grante@visi.com>
This directory contains sources for a library which provides
routines to manipulate the structures used for the client end
of Microsoft NTLM authentication.
This code (the ntlm.h file and smb*.[ch] files) was taken mostly from
the Samba project and was initially intended for use with Microsoft
Exchange Server when it is configured to require NTLM authentication
for clients of its IMAP server.
Not much effort has been put into making this portable, and the author
only know for sure that it works on i386 Linux glibc systems -- though
there shouldn't be anything all that system-specific anywhere. System
byte order differences should already be taken care of.
USAGE
The application program must convert these structures to/from base64
which is used to transfer data for IMAP authentication. For example
usage see the sources for the mutt MUA or here in the fetchmail
package.
In general the usage is something like shown below (no, I don't
know if this code even compiles, but you get the idea
hopefully):
#include <ntlm.h>
extern char *seqTag; /* IMAP sequence number */
int imap_auth_ntlm(char *user, char *domain, char *pass)
{
tSmbNtlmAuthRequest request;
tSmbNtlmAuthChallenge challenge;
tSmbNtlmAuthResponse response;
char buffer[512];
char tmpstr[32];
writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
readFromServer(buffer)
/* buffer should be "+", but we won't show code to check */
/*
* prepare the request, convert to base64, and send it to
* the the server. My server didn't care about domain, and NULL
* worked fine.
*/
buildSmbNtlmAuthRequest(&request,user,domain);
convertToBase64(buffer, &request, SmbLength(&request));
writeToServer("%s\r\n",buffer);
/* read challange data from server, convert from base64 */
readFromServer(buffer);
/* buffer should contain the string "+ [base 64 data]" */
convertFromBase64(&challenge, buffer+2);
/* prepare response, convert to base64, send to server */
buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
convertToBase64(buffer,&response,SmbLength(&response));
writeToServer("%s\r\n",buffer);
/* read line from server, it should be "[seq] OK blah blah blah" */
readFromServer(buffer);
sprintf(tmpstr,"%s OK",seqTag);
if (strncmp(buffer,tmpstr,strlen(tmpstr)))
{
/* login failed */
return -1;
}
return 0;
}
Fetchmail SSL support
=====================
NOTE: This text is maybe not explanatory enough, so a little knowledge about
public-key-cryptography and associated topics is required.
Using the fetchmail ssl option, you can have the data transferred between you
and the server in an encrypted form, so that eavesdropping should become
practically impossible.
This works as following: the server has a key pair (a secret and a public key),
and it sends the client it's public key. Messages encrypted with the public key
can be decrypted using the private one and vice versa.
A symmetric session key (symmetric means that the same key is used for
encryption and decryption) can now be agreed upon by the two parties using
the secure channel the key pair builds. The session key is now used to encrypt
the traffic.
In the fetchmail case, the client can now authenticate itself to the server by
using the usual POP/IMAP/whatever authentication mechanisms.
However, so called man-in-the-middle attacks are still possible: in such a
setting, an attacker imposes the server, and thus can e.g. get your
authentication information if you don't use a challenge based authentication
mechanism (because he is thought to be the real server, fetchmail will try to
authenticate against it by telling it your password).
So, not only you need to prove your identity to the server, the server likewise
needs to prove it's to you.
In the standard setting, the server has a certificate (the client can have a
certificate too to prove its identity, but this is not covered by this
document). This certificate contains the server's public key, some data about
the server, and a digital signature and data about the signer.
Digital signatures can also be made using a key pair as described earlier.
To check this certificate, you may use the new option sslcertck. When it is
specified, the signature of server certificate is checked against local trusted
certificates to see whether the owner of one of the ceritificates has signed
that server certificate, and if so, whether the signature is valid.
So, if the server certificate is signed by a Certification Authority (CA),
you put the CA's certificate into a directory where you keep trusted
certificates, and point fetchmail to it. Fetchmail will then accept certificates
signed by the owner of that certificate with the private key belonging to the
public key in the certificate.
You can specifiy this path using the sslcertpath option.
The idea is that the CA only gives certificates to entities of which it has
checked and verified the identity of (and in this case, that the server name you
specify does belong to it). So, if you chose the intentions and the thoroughness
of a CA, you can be reasonably sure that if a certificate is signed by the CA,
it really belongs to the server and owner that it claims to.
Certificates are only valid in a certain time window, so your system clock
should be reasonably accurate when checking certificates.
Additionally, CAs keep Certificate Revocation Lists (CRLs) in which they note
the certificates that are to be treated as invalid (e.g. because the server
name has changed, another ceritifcate was granted, or even because the
certificate was not granted to the rightful owner).
The really paranoid (who chose to not trust a CA) can check the fingerprint of
the public key that is used by the server. The fingerprint is a hash of that
key that (hopefully) has few collisions and is hard to attack using a "birthday
attack", i.e. nobody can generate a second key that hashes to the same value
of the original key in reasonable time. So, if the fingerprint matches, you
can be reasonable sure that you talk to the original server, because only that
knows the secret key, and it is very hard to generate a matching secret key from
the public key. If it doesn't, it might be an attack, but keep in mind that the
server key may also have changed legitimately before panicing ;)
fetchmail will present the fingerprint to you. Another mode, that strictly
checks the fingerprint, is available (using the sslfingerprint option, and
giving the desired fingerprint as an argument). If you want to check finger-
prints, you should use that option, because otherwise, it may be too late
to cancel if you see the fingerprint (your password may already have been
transmitted)!
The certificate directory must be hashed in a way OpenSSL expects it: each
time you modify a file in that directory or add a file to it, you need
to use the c_rehash perl script that comes with OpenSSL (in the tools/
subdirectory, in case that it isn't installed). Additionally, you might
need to convert the ceriticates to different formats (the PEM format is expected
and usually is available, DER is another one; you can convert between
both using the openssl(1) utility).
The fingerprints fetchmail uses are MD5 sums. You can generate them e.g. useing
the openssl(1) "x509 -fingerprint" command. The format is a hexadecimal string
with a ":" separating two byes (i.e. a ":" every two hex "digits"). The letter
hex digits must be in upper case!
*CAVEAT*: OpenSSL seems to be unable to check CRLs at the moment!
- Thomas Moestl <tmoestl@gmx.net>
To do a release:
1. Torture-test the code against the list of test sites usuing the
torturetest script.
2. Check in all files to RCS with an appropriate release label.
3. Run "makerelease" is root. Read the script to see what it generates.
4. Run "upload" as yourself.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
bighand.png

2.35 KB

This diff is collapsed.
This diff is collapsed.
-------------------------------------------------------------------------------
- GetMail - GotMail -
1999 by Thomas Nesges <ThomaNesges@TNT-Computer.de>
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Installation:
-------------------------------------------------------------------------------
The Installation is as simple as it could be. Just create the directory
/usr/local/gotmail and copy all files to it. Ready.
If you decide to choose an other directory to copy the files to, don't forget
to change the path in the scripts.
-------------------------------------------------------------------------------
Usage:
-------------------------------------------------------------------------------
GetMail starts with: getmail <option>
options:
clear - stops fetchmail and kills the logfile
fetch - starts fetchmail
got - starts gotmail
goth - starts gotmail html
send - sends all mail from the mailqueue
status - tails the logfile
start - starts fetchmail and tails the logfile
stop - stops fetchmail
-v - prints GetMails version number
GotMail can be startet without any parameters. It then prints a statistic
on the console. The only parameters so far are:
html - prints the output to an html file specified in gotmail.conf
-v - prints GotMails version number
-------------------------------------------------------------------------------
Configuration
-------------------------------------------------------------------------------
GotMail is configured by a file named gotmail.conf either in the user's home
dir, in /etc or in /usr/local/gotmail. gotmail.conf itself is a shell script.
It just exports some variables to the environment. So it's syntax is like this:
export <OPTION>=<VALUE>
Remember not to put spaces between <OPTION>=<VALUE> !!
You have the folllowing options:
GOTM_ERR yes|no print error messages?
GOTM_MSG yes|no print mail stats?
GOTM_TIM yes|no print start/stop stats?
GOTM_HED yes|no print a header?
Special HTML options:
GOTM_BGCOL hex color backgroundcolor
GOTM_TXCOL hex color textcolor
GOTM_ERRCOL hex color color of error messages
GOTM_TIMCOL hex color color of start/stop stats
GOTM_MSGCOL hex color color of mail stats
GOTM_HTMLFILE filename filename for html output
-------------------------------------------------------------------------------
#!/bin/sh
#
# To start fetchmail as a system service, copy this file to
# /etc/init.d/fetchmail and run "update-rc.d fetchmail
# defaults". A fetchmailrc file containg hosts and
# passwords for all local users should be placed in /root
# and should contain a line of the form "set daemon <nnn>".
#
# To remove the service, delete /etc/init.d/fetchmail and run
# "update-rc.d fetchmail remove".
DAEMON=/usr/bin/fetchmail
set -e
test -f $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting mail retrieval agent: "
if start-stop-daemon --start --quiet --exec $DAEMON; then echo "fetchmail."
else echo "fetchmail already running."; fi
;;
stop)
echo -n "Stopping mail retrieval agent: "
start-stop-daemon --stop --quiet --exec $DAEMON
echo "fetchmail."
;;
force-reload|restart)
echo -n "Restarting mail retrieval agent: "
start-stop-daemon --stop --quiet --exec $DAEMON
start-stop-daemon --start --quiet --exec $DAEMON
echo "fetchmail."
;;
*)
echo "Usage: /etc/init.d/fetchmail {start|stop|restart}"
exit 1
;;
esac
exit 0
This diff is collapsed.
This diff is collapsed.
#/bin/bash
#
# fetchmaildistrib --- Distribute central fetchmail knowledge.
#
# The central fetchmail database, /etc/fetchmail, contains all accounts that
# are to be fetched by the root's daemon. Often, a user desires quicker
# access (e.g., when testing some email path). In such cases, the destination
# user (marked as is USER here in the poll lines) should set up a ~/.fetchmailrc
# for himself. This scripts generates such lines from the central file.
#
# By Rick van Rein.
# From stdin, select poll lines for user $1
function selectuser () {
grep ^poll | grep "is $1 here"
}
for i in `cut -d: -f1 </etc/passwd`
do homedir=`grep ^$i: /etc/passwd | cut -d: -f6`
fetchfile=`selectuser $i </etc/fetchmailrc`
if [ -z "$fetchfile" ]
then rm -f $homedir/.fetchmailrc
else cp /dev/null $homedir/.fetchmailrc
chmod go-rwx $homedir/.fetchmailrc
grep ^defaults /etc/fetchmailrc >>$homedir/.fetchmailrc
selectuser $i </etc/fetchmailrc >>$homedir/.fetchmailrc
fi
done
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
# ~/.bash_login
#
# Start Fetchmail up when I Login.
#
# TDEV=my PRESENT terminal device IE: ttyp2, tty5, ....
#
export TDEV=`tty | sed -n -e "s#/dev/##p"`
#
if [ ! -s ~/.fetchmail ]; then
/usr/local/bin/fetchmail -d 300
echo "owner" >.fetchmail.$TDEV
else
echo "notowner" >.fetchmail.$TDEV
fi
# END of Fetchmail startup
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.