Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Jul 2005 14:57:23 -0400 (EDT)
From:      Matt Juszczak <matt@atopia.net>
To:        freebsd-questions@freebsd.org
Subject:   Remote access to a user's mail spool
Message-ID:  <20050705145350.W37501@neptune.atopia.net>

next in thread | raw e-mail | index | archive | help
Hi all,

We're an ISP, and we are currently looking for a way for our tech support 
guys to access customer's email without having shell access to the server, 
or knowing the customer's password.

We'd like to install a custom webmail client on our private internal LAN 
webserver that would only show the user's inbox and the ability to delete 
the messages (couldn't read messages, etc.).  The problem is that we would 
have to know the user's password in order for my PHP script to go out and 
fetch the mail.

Is there a way I can setup and/or patch one of the POP3 clients (of course 
I would firewall this and do an SSH tunnel with the pop3d running on 
localhost only on the mail server, so I would keep things secure) so that 
it could be given any random password and would authenticate?

Or is this some kind of patch I would need to write?  Maybe a better 
option would be to write a custom client/server interface via ssh to 
interact with the mail spool (possibly calling "mail" over ssh remotely, 
with public/private key authentication and sudo access to mail for the 
remote account)....

Any ideas?

Thanks,

Matt

PS: I can admit that I originally posted this to the dovecot mailing list, 
but am now seeing it might be a system-related issue vs. a pop3 daemon 
issue.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050705145350.W37501>