Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
Lawrence Greenfield wrote: > >From: Amos Gouaux <[EMAIL PROTECTED]> >Date: Fri, 15 Feb 2002 09:18:11 -0600 > >> On Fri, 15 Feb 2002 09:41:27 -0500, >> Ken Murchison <[EMAIL PROTECTED]> (km) writes: > >km> As Cillian stated, you can proxy as the user, so doing this in perl or >km> some other scripting language is fairly easy. Alternatively, if you >km> want to do this outside of the IMAP protocol take a look at fud.c, which >km> is a finger-type service that tells you the number of unread messages in >km> the INBOX and the last time the users read his/her INBOX. This should >km> be a good starting point for writing your own utility. > >Is there any reason why this fud client can't be put into contrib? The piece that I was talking about is the actual fud daemon which is already in the distro as imap/fud.c. This is the piece which grabs the info directly from the mailstore (outside of IMAP). If you were going to write your own tool to fetch seen state, this is what I would start with. If you actually want the client piece of this client/server service, then Larry addresses that below. > Well, the only client we have is tightly tied to our finger > implementation which is tightly tied to our LDAP environment, etc. > > If I get time I'll try to extract out the fud stuff and throw it into > contrib (bug #1151). > > Larry -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
From: Amos Gouaux <[EMAIL PROTECTED]> Date: Fri, 15 Feb 2002 09:18:11 -0600 > On Fri, 15 Feb 2002 09:41:27 -0500, > Ken Murchison <[EMAIL PROTECTED]> (km) writes: km> As Cillian stated, you can proxy as the user, so doing this in perl or km> some other scripting language is fairly easy. Alternatively, if you km> want to do this outside of the IMAP protocol take a look at fud.c, which km> is a finger-type service that tells you the number of unread messages in km> the INBOX and the last time the users read his/her INBOX. This should km> be a good starting point for writing your own utility. Is there any reason why this fud client can't be put into contrib? Well, the only client we have is tightly tied to our finger implementation which is tightly tied to our LDAP environment, etc. If I get time I'll try to extract out the fud stuff and throw it into contrib (bug #1151). Larry
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
> On Fri, 15 Feb 2002 09:41:27 -0500, > Ken Murchison <[EMAIL PROTECTED]> (km) writes: km> As Cillian stated, you can proxy as the user, so doing this in perl or km> some other scripting language is fairly easy. Alternatively, if you km> want to do this outside of the IMAP protocol take a look at fud.c, which km> is a finger-type service that tells you the number of unread messages in km> the INBOX and the last time the users read his/her INBOX. This should km> be a good starting point for writing your own utility. Is there any reason why this fud client can't be put into contrib? -- Amos
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
Don Jackson wrote: > > Each of my users has a mailbox that contains their voice mail messages. > I want to write an application that turns on the user's message waiting > indicator if they have unread messages in their voice mail mailbox. In > order to do so, I need to know if they have any unread messages. > > I wrote a perl script that uses the IMAP protocol to do this for myself. > In order to get this info for a user, my perl script has to log into the > cyrus server as the user. So my script needs to know the password for > each user. This is pretty unacceptable from a security perspective, my > script would have to know the passwords of every user it was providing > service to. > > Is there a way to create a user that has access to the unseen msg count > for other users, but nothing else? (eg, would not be able to actually > read any users messsages). That way if the password was compromised, the > only thing that could be done with it is to find out how many unseen > msgs other people have. Is it possible to change from one user's > mailbox to another users's mail via the IMAP protocol? > > The other way I thought of to solve this problem is to write a program > that runs on the cyrus server itself, as user cyrus, and then walks > through the mailstore, reading the cyrus.index and cyrus.seen files, and > figuring out which users have unseen msgs in their voice mail mailbox. > Technically this will work, but I'd rather have my app run on another > server and use the IMAP protocol to get this info, rather than run on > the cyrus imap server itself, and have implementation specific knowledge > of the cyrus mailstore. > > Any advice or ideas? As Cillian stated, you can proxy as the user, so doing this in perl or some other scripting language is fairly easy. Alternatively, if you want to do this outside of the IMAP protocol take a look at fud.c, which is a finger-type service that tells you the number of unread messages in the INBOX and the last time the users read his/her INBOX. This should be a good starting point for writing your own utility. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
Cillian Sharkey <[EMAIL PROTECTED]> wrote: > Don Jackson <[EMAIL PROTECTED]> wrote: >> I wrote a perl script that uses the IMAP protocol to do this for myself. >> In order to get this info for a user, my perl script has to log into the >> cyrus server as the user. So my script needs to know the password for >> each user. This is pretty unacceptable from a security perspective, my >> script would have to know the passwords of every user it was providing >> service to. >> >> Is there a way to create a user that has access to the unseen msg count >> for other users, but nothing else? (eg, would not be able to actually >> read any users messsages). That way if the password was compromised, the >> only thing that could be done with it is to find out how many unseen >> msgs other people have. Is it possible to change from one user's >> mailbox to another users's mail via the IMAP protocol? > The IMAP AUTH command provides a way to do this. You authenticate with an > admin username + password but request authorisation as some other user. Kind > of like using "su". It does require logging in & out for each user however and > if the password is compromised, they have full admin access to the server. > You should be able to test this with imtest, e.g: > imtest -u jblogg -a cyrus imap-host > (enter cyrus admin password, logged in as jblogg) > Note that you need to be logged in as the user in question to check the > new/unread status as it is set on a per-user basis. -- Dimitry
Re: How can a program securely get new/unread msg status on lots of Cyrus mailboxes?
Don Jackson <[EMAIL PROTECTED]> wrote: > I wrote a perl script that uses the IMAP protocol to do this for myself. > In order to get this info for a user, my perl script has to log into the > cyrus server as the user. So my script needs to know the password for > each user. This is pretty unacceptable from a security perspective, my > script would have to know the passwords of every user it was providing > service to. > > Is there a way to create a user that has access to the unseen msg count > for other users, but nothing else? (eg, would not be able to actually > read any users messsages). That way if the password was compromised, the > only thing that could be done with it is to find out how many unseen > msgs other people have. Is it possible to change from one user's > mailbox to another users's mail via the IMAP protocol? The IMAP AUTH command provides a way to do this. You authenticate with an admin username + password but request authorisation as some other user. Kind of like using "su". It does require logging in & out for each user however and if the password is compromised, they have full admin access to the server. You should be able to test this with imtest, e.g: imtest -u jblogg -a cyrus imap-host (enter cyrus admin password, logged in as jblogg) Note that you need to be logged in as the user in question to check the new/unread status as it is set on a per-user basis. -- Cillian
