aboutsummaryrefslogtreecommitdiffstats
path: root/pullimap.md
diff options
context:
space:
mode:
Diffstat (limited to 'pullimap.md')
-rw-r--r--pullimap.md375
1 files changed, 0 insertions, 375 deletions
diff --git a/pullimap.md b/pullimap.md
deleted file mode 100644
index 1b2e509..0000000
--- a/pullimap.md
+++ /dev/null
@@ -1,375 +0,0 @@
-% pullimap(1)
-% [Guilhem Moulin](mailto:guilhem@fripost.org)
-% March 2016
-
-Name
-====
-
-PullIMAP - Pull mails from an IMAP mailbox and deliver them to an SMTP session
-
-Synopsis
-========
-
-`pullimap` [**\-\-config=***FILE*] [**\-\-idle**[**=***SECONDS*]]
-[**\-\-no-delivery**] [**\-\-quiet**] *SECTION*
-
-Description
-===========
-
-`pullimap` retrieves messages from an IMAP mailbox and deliver them to
-an SMTP or LMTP transmission channel. It can also remove old messages
-after a configurable retention period.
-
-A *statefile* is used to keep track of the mailbox's `UIDVALIDITY` and
-`UIDNEXT` values. While `pullimap` is running, the *statefile* is also
-used to keep track of UIDs being delivered, which avoids duplicate
-deliveries in case the process is interrupted.
-See the **[control flow](#control-flow)** section below for details.
-
-Options
-=======
-
-`--config=`*FILE*
-
-: Specify an alternate [configuration file](#configuration-file).
- Relative paths start from *$XDG_CONFIG_HOME/pullimap*, or *~/.config/pullimap*
- if the `XDG_CONFIG_HOME` environment variable is unset.
-
-`--idle`[`=`*seconds*]
-
-: Don't exit after a successful poll. Instead, keep the connection open
- and issue `IDLE` commands (require an IMAP server supporting [RFC
- 2177]) to watch for updates in the mailbox. This also enables
- `SO_KEEPALIVE` on the socket.
- Each `IDLE` command is terminated after at most *seconds* (29
- minutes by default) to avoid being logged out for inactivity.
-
-`--no-delivery`
-
-: Update the *statefile*, but skip SMTP/LMTP delivery. This is mostly
- useful for initializing the *statefile* when migrating to `pullimap`
- from another similar program such as [`fetchmail`(1)] or
- [`getmail`(1)].
-
-`-q`, `--quiet`
-
-: Try to be quiet.
-
-`--debug`
-
-: Turn on debug mode. Debug messages are written to the error output.
- Note that this include all IMAP traffic (except literals).
- Depending on the chosen authentication mechanism, this might include
- authentication credentials.
-
-`-h`, `--help`
-
-: Output a brief help and exit.
-
-`--version`
-
-: Show the version number and exit.
-
-Configuration file
-==================
-
-Unless told otherwise by the `--config=FILE` command-line option,
-`pullimap` reads its configuration from *$XDG_CONFIG_HOME/pullimap/config*
-(or *~/.config/pullimap/config* if the `XDG_CONFIG_HOME` environment variable
-is unset) as an [INI file].
-The syntax of the configuration file is a series of `OPTION=VALUE`
-lines organized under some `[SECTION]`; lines starting with a ‘#’ or
-‘;’ character are ignored as comments.
-Valid options are:
-
-*statefile*
-
-: State file to use to keep track of the *mailbox*'s `UIDVALIDITY` and
- `UIDNEXT` values. Relative paths start from
- *$XDG_DATA_HOME/pullimap*, or *~/.local/share/pullimap* if the
- `XDG_DATA_HOME` environment variable is unset.
- (Default: the parent section name of the option.)
-
-*mailbox*
-
-: The IMAP mailbox ([UTF-7 encoded][RFC 2152] and unquoted) to pull
- messages from. Support for persistent message Unique Identifiers
- (UID) is required. (Default: `INBOX`.)
-
-*deliver-method*
-
-: `PROTOCOL:[ADDRESS]:PORT` where to deliver messages. Both
- [SMTP][RFC 5321] and [LMTP][RFC 2033] servers are supported, and
- [SMTP pipelining][RFC 2920] is used when possible.
- (Default: `smtp:[127.0.0.1]:25`.)
-
-*deliver-ehlo*
-
-: Hostname to use in `EHLO` or `LHLO` commands.
- (Default: `localhost.localdomain`.)
-
-*deliver-rcpt*
-
-: Message recipient. Note that the local part needs to quoted if it
- contains special characters; see [RFC 5321] for details.
- (Default: the username associated with the effective uid of the
- `pullimap` process.)
-
-*purge-after*
-
-: Retention period (in days), after which messages are removed from
- the IMAP server. (The value is at best 24h accurate due to the IMAP
- `SEARCH` criterion ignoring time and timezone.)
- If *purge-after* is set to `0` then messages are deleted immediately
- after delivery. Otherwise `pullimap` issues an IMAP `SEARCH` (or
- extended `SEARCH` on servers advertizing the [`ESEARCH`][RFC 4731]
- capability) command to list old messages; if `--idle` is set then
- the `SEARCH` command is issued again every 12 hours.
-
-*type*
-
-: One of `imap`, `imaps` or `tunnel`.
- `type=imap` and `type=imaps` are respectively used for IMAP and IMAP
- over SSL/TLS connections over an INET socket.
- `type=tunnel` causes `pullimap` to create an unnamed pair of
- connected sockets for interprocess communication with a *command*
- instead of opening a network socket.
- (Default: `imaps`.)
-
-*host*
-
-: Server hostname, for `type=imap` and `type=imaps`.
- (Default: `localhost`.)
-
-*port*
-
-: Server port.
- (Default: `143` for `type=imap`, `993` for `type=imaps`.)
-
-*proxy*
-
-: An optional SOCKS proxy to use for TCP connections to the IMAP
- server (`type=imap` and `type=imaps` only), formatted as
- `PROTOCOL://[USER:PASSWORD@]PROXYHOST[:PROXYPORT]`.
- If `PROXYPORT` is omitted, it is assumed at port 1080.
- Only [SOCKSv5][RFC 1928] is supported (with optional
- [username/password authentication][RFC 1929]), in two flavors:
- `socks5://` to resolve *hostname* locally, and `socks5h://` to let
- the proxy resolve *hostname*.
-
-*command*
-
-: Command to use for `type=tunnel`. Must speak the [IMAP4rev1
- protocol][RFC 3501] on its standard output, and understand it on its
- standard input. The value is passed to `` `/bin/sh -c` `` if it
- contains shell metacharacters; otherwise it is split into words and
- the resulting list is passed to `execvp`(3).
-
-*STARTTLS*
-
-: Whether to use the [`STARTTLS`][RFC 2595] directive to upgrade to a
- secure connection. Setting this to `YES` for a server not
- advertising the `STARTTLS` capability causes `pullimap` to
- immediately abort the connection.
- (Ignored for *type*s other than `imap`. Default: `YES`.)
-
-*auth*
-
-: Space-separated list of preferred authentication mechanisms.
- `pullimap` uses the first mechanism in that list that is also
- advertised (prefixed with `AUTH=`) in the server's capability list.
- Supported authentication mechanisms are `PLAIN` and `LOGIN`.
- (Default: `PLAIN LOGIN`.)
-
-*username*, *password*
-
-: Username and password to authenticate with. Can be required for non
- pre-authenticated connections, depending on the chosen
- authentication mechanism.
-
-*compress*
-
-: Whether to use the [`IMAP COMPRESS` extension][RFC 4978] for servers
- advertising it. (Default: `YES`.)
-
-*null-stderr*
-
-: Whether to redirect *command*'s standard error to `/dev/null` for
- `type=tunnel`. (Default: `NO`.)
-
-*SSL_protocols*
-
-: A space-separated list of SSL protocols to enable or disable (if
- prefixed with an exclamation mark `!`. Known protocols are `SSLv2`,
- `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`. Enabling a
- protocol is a short-hand for disabling all other protocols.
- (Default: `!SSLv2 !SSLv3 !TLSv1 !TLSv1.1`, i.e., only enable TLSv1.2
- and above.)
-
-*SSL_cipher_list*
-
-: The cipher list to send to the server. Although the server
- determines which cipher suite is used, it should take the first
- supported cipher in the list sent by the client. See
- [`ciphers`(1ssl)] for more information.
-
-*SSL_fingerprint*
-
-: Fingerprint of the server certificate's Subject Public Key Info, in
- the form `[ALGO$]DIGEST_HEX` where `ALGO` is the used algorithm (by
- default `sha256`).
- Attempting to connect to a server with a non-matching certificate
- SPKI fingerprint causes `pullimap` to abort the connection during
- the SSL/TLS handshake.
- The following command can be used to compute the SHA-256 digest of a
- certificate's Subject Public Key Info:
-
- openssl x509 -in /path/to/server/certificate.pem -pubkey \
- | openssl pkey -pubin -outform DER \
- | openssl dgst -sha256
-
-*SSL_verify*
-
-: Whether to verify the server certificate chain.
- Note that using *SSL_fingerprint* to specify the fingerprint of the
- server certificate is an orthogonal authentication measure as it
- ignores the CA chain.
- (Default: `YES`.)
-
-*SSL_CApath*
-
-: Directory to use for server certificate verification if
- `SSL_verify=YES`.
- This directory must be in “hash format”, see [`verify`(1ssl)] for
- more information.
-
-*SSL_CAfile*
-
-: File containing trusted certificates to use during server
- certificate authentication if `SSL_verify=YES`.
-
-Control flow
-============
-
-`pullimap` opens the *statefile* corresponding to a given configuration
-*SECTION* with `O_DSYNC` to ensure that written data is flushed to the
-underlying hardware by the time [`write`(2)] returns. Moreover an
-exclusive lock is placed on the file descriptor immediately after
-opening to prevent multiple `pullimap` processes from accessing the
-*statefile* concurrently.
-
-Each *statefile* consists of a series of 32-bits big-endian integers.
-Usually there are only two integers: the first is the *mailbox*'s
-`UIDVALIDITY` value, and the second is the *mailbox*'s last seen
-`UIDNEXT` value (`pullimap` then assumes that all messages with UID
-smaller than this `UIDNEXT` value have already been retrieved and
-delivered).
-The [IMAP4rev1 specification][RFC 3501] does not guaranty that untagged
-`FETCH` responses are sent ordered by UID in response to a `UID FETCH`
-command. Thus it would be unsafe for `pullimap` to update the `UIDNEXT`
-value in its *statefile* while the `UID FETCH` command is progress.
-Instead, for each untagged `FETCH` response received while the `UID
-FETCH` command is in progress, `pullimap` delivers the message `RFC822`
-body to the SMTP or LMTP server (specified with *deliver-method*) then
-appends the message UID to the *statefile*.
-When the `UID FETCH` command eventually terminates, `pullimap` updates
-the `UIDNEXT` value in the *statefile* and truncate the file down to 8
-bytes. Keeping track of message UIDs as they are received avoids
-duplicate in the event of a crash or connection loss while the `UID
-FETCH` command is in progress.
-
-In more details, `pullimap` works as follows:
-
- 1. Issue a `UID FETCH` command to retrieve message `ENVELOPE` and
- `RFC822` (and `UID`) with UID bigger or equal than the `UIDNEXT`
- value found in the *statefile*.
- While the `UID FETCH` command is in progress, perform the following
- for each untagged `FETCH` response sent by the server:
-
- i. if no SMTP/LMTP transmission channel was opened, open one to the
- server specified with *deliver-method* and send an `EHLO` (or
- `LHO`) command with the domain specified by *deliver-ehlo* (the
- channel is kept open and shared for all messages retrieved while
- the `UID FETCH` IMAP command is in progress);
-
- i. perform a mail transaction (using [SMTP pipelining][RFC 2920] if
- possible) to deliver the retrieved message `RFC822` body to the
- SMTP or LMTP session; and
-
- i. append the message UID to the *statefile*.
-
- 2. If an SMTP/LMTP transmission channel was opened, send a `QUIT` command
- to terminate it gracefully.
-
- 3. Issue a `UID STORE` command to mark all retrieved messages (and
- stalled UIDs found in the *statefile* after the eigth byte) as
- `\Seen`.
-
- 4. Update the *statefile* with the new UIDNEXT value (bytes 5-8).
-
- 5. Truncate the *statefile* down to 8 bytes (so that it contains only
- two 32-bits integers, respectively the *mailbox*'s current
- `UIDVALIDITY` and `UIDNEXT` values).
-
- 6. If `--idle` was set, issue an `IDLE` command; stop idling and go
- back to step 1 when a new message is received (or when the `IDLE`
- timeout expires).
-
-Standards
-=========
-
- * M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas and L. Jones,
- _SOCKS Protocol Version 5_,
- [RFC 1928], March 1996.
- * M. Leech, _Username/Password Authentication for SOCKS V5_,
- [RFC 1929], March 1996.
- * J. Myers, _Local Mail Transfer Protocol_,
- [RFC 2033], October 1996.
- * J. Myers, _IMAP4 non-synchronizing literals_,
- [RFC 2088], January 1997.
- * D. Goldsmith and M. Davis,
- _A Mail-Safe Transformation Format of Unicode_,
- [RFC 2152], May 1997.
- * B. Leiba, _IMAP4 `IDLE` command_,
- [RFC 2177], June 1997.
- * C. Newman, _Using TLS with IMAP, POP3 and ACAP_,
- [RFC 2595], June 1999.
- * N. Freed, _SMTP Service Extension for Command Pipelining_,
- [RFC 2920], September 2000.
- * M. Crispin, _Internet Message Access Protocol - Version 4rev1_,
- [RFC 3501], March 2003.
- * M. Crispin,
- _Internet Message Access Protocol (IMAP) - `UIDPLUS` extension_,
- [RFC 4315], December 2005.
- * A. Gulbrandsen, _The IMAP `COMPRESS` Extension_,
- [RFC 4978], August 2007.
- * A. Melnikov and D. Cridland, _IMAP4 Extension to SEARCH Command for
- Controlling What Kind of Information Is Returned_,
- [RFC 4731], November 2006.
- * R. Siemborski and A. Gulbrandsen, _IMAP Extension for Simple
- Authentication and Security Layer (SASL) Initial Client Response_,
- [RFC 4959], September 2007.
- * J. Klensin, _Simple Mail Transfer Protocol_,
- [RFC 5321], October 2008.
-
-[RFC 4315]: https://tools.ietf.org/html/rfc4315
-[RFC 2177]: https://tools.ietf.org/html/rfc2177
-[RFC 2595]: https://tools.ietf.org/html/rfc2595
-[RFC 4959]: https://tools.ietf.org/html/rfc4959
-[RFC 2152]: https://tools.ietf.org/html/rfc2152
-[RFC 2088]: https://tools.ietf.org/html/rfc2088
-[RFC 5321]: https://tools.ietf.org/html/rfc5321
-[RFC 2033]: https://tools.ietf.org/html/rfc2033
-[RFC 2920]: https://tools.ietf.org/html/rfc2920
-[RFC 3501]: https://tools.ietf.org/html/rfc3501
-[RFC 4978]: https://tools.ietf.org/html/rfc4978
-[RFC 1928]: https://tools.ietf.org/html/rfc1928
-[RFC 1929]: https://tools.ietf.org/html/rfc1929
-[RFC 4731]: https://tools.ietf.org/html/rfc4731
-
-[INI file]: https://en.wikipedia.org/wiki/INI_file
-[`fetchmail`(1)]: http://www.fetchmail.info/
-[`getmail`(1)]: http://pyropus.ca/software/getmail/
-[`write`(2)]: http://man7.org/linux/man-pages/man2/write.2.html
-[`ciphers`(1ssl)]: https://www.openssl.org/docs/manmaster/apps/ciphers.html
-[`verify`(1ssl)]: https://www.openssl.org/docs/manmaster/apps/verify.html