aboutsummaryrefslogtreecommitdiffstats
path: root/design-notes.html
blob: fc4a2c3b25f07892cd9eef085b591e6d4a4d0219 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Updated design notes on fetchmail</title>
<link rev="made" href="mailto:matthias.andree@gmx.de" />
<meta name="description" content="Updated design notes on fetchmail." />
<meta name="keywords" content="fetchmail, POP, POP2, POP3, IMAP, ETRN, ODMR, remote mail" />
<style type="text/css">
/*<![CDATA[*/
 h1.c1 {text-align: center}
/*]]>*/
</style>
</head>
<body>
<table width="100%" cellpadding="0" summary="Canned page header">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a></td>
<td width="30%" align="right">$Date$</td>
</tr>
</table>

<hr />
<h1 class="c1">Design Notes On Fetchmail</h1>

<h2>Introduction</h2>

<p>This document's contents were last updated in 2006, around fetchmail 6.3.4/6.3.5 time.
It is supposed to complement <a
    href="esrs-design-notes.html">Eric S. Raymond's (ESR's)
    design notes.</a> The new maintainers don't agree with some of the decisions
ESR made previously, and the differences and new directions will be laid
out in this document. It is therefore a sort of a TODO document, until
the necessary code revisions have been made.</p>

<h2>Security</h2>

        <p>
                Fetchmail 6.2.x was handed over in a pretty poor shape, security-wise. It would happily talk to the network with root privileges, used sscanf() to read remotely received data into fixed-length stack-based buffers without length limitation and so on. A full audit is required and security concepts will have to be applied. Random bits are:
        </p>
<ul>
    <li>code talking to the network does not require root privileges and
    needs to run without root permissions</li>
    <li>all input must be validated, all strings must be length checked,
    all integers range checked</li>
    <li>all types will need to be reviewed whether they are signed or
    unsigned</li>
</ul>

<h2>SMTP forwarding</h2>

<p>Fetchmail's multidrop and rewrite options will process addresses
received from remote sites. Special care must be taken so these
features cannot be abused to relay mail to foreign sites.</p>

<p>ESR's attempt to make fetchmail use SMTP exclusively failed,
fetchmail got LMTP and --mda options &ndash; the latter has a lot of
flaws unfortunately, is inconsistent with the SMTP forwarder and needs
to be reviewed and probably bugfixed. --mda doesn't properly work with
multiple recipients, it cannot properly communicate errors and is best
avoided for now.</p>

<h2>Server-side vs. client-side state.</h2>

<h3>Why we need client-side tracking</h3>

<p>ESR asserted that server-side state were essential and those persons
responsible for removing the LAST command from POP3 deserved to
suffer. ESR is right in stating that the POP3 UID tracks which messages
have been read <em>by this client</em> &ndash; and that is exactly what
we need to do.</p>

<p>If fetchmail is supposed to retrieve all mail from a mailbox
reliably, without being disturbed by someone occasionally using another
client on another host, or a webmailer, or similar, then
<em>client</em>-side tracking of the state is indispensable. This is
also needed to match behavior to ETRN and ODMR or to support read-only
mailboxes in --keep mode.</p>

<h3>Present and future</h3>

<p>Fetchmail supports client-side state in POP3 if the UIDL option is
used (which is strongly recommended). Similar effort needs to be made to
track IMAP state by means of UIDVALIDITY and UID.</p>

<p>This will also mean that the UID handling code be revised an perhaps
use one file per account or per folder.</p>

<h2>Concurrent queries/concurrent fetchmail instances</h2>

<p>ESR refused to make fetchmail query multiple hosts or accounts
concurrently, on the grounds that finer-grained locks would be hard to
implement portably.</p>

<p>The idea of using one file per folder or account to track UIDs on the
client-side will make solving this locking problem easy &ndash; the lock can
be placed on the UID file instead.</p>

<h2>Multidrop issues</h2>

<p>Fetchmail tries to guess recipients from headers that are not routing
relevant, for instance, To:, Cc:, or Resent-headers (which are rare
anyways). It is important that fetchmail insists on the real envelope
operation for multidrop. This is detailed in <a
    href="http://home.pages.de/~mandree/mail/multidrop">my
    article &quot;Requisites for working multidrop
    mailboxes&quot;</a>.</p>

<p>As Terry Lambert pointed out in the FreeBSD-arch mailing list on
2001-02-17 under the subject "UUCP must stay; fetchmail sucks",
fetchmail performs DNS MX lookups to determine domains for which
multidrop is valid, on the assumption that the receiving SMTP host
upstream were the same as the IMAP or POP3 server.</p>

<hr />
<table width="100%" cellpadding="0" summary="Canned page footer">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a></td>
<td width="30%" align="right">$Date$</td>
</tr>
</table>

<br clear="left" />
<address>Matthias Andree <a
	href="mailto:matthias.andree@gmx.de">&lt;matthias.andree@gmx.de&gt;</a></address>
</body>
</html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 15:12:34 +0000
al cryptographic code.</li> <li>NTLM support under IMAP, so fetchmail can query Microsoft Exchange servers.</li> <li>Expunge option can now be used to break POP3 retrieval into subsessions.</li> <li>Support for AUTH=CRAM-MD5 under IMAP, a la RFC2195.</li> </ul> <h2>Since 4.0:</h2> <ul> <li>The interface and monitor options now work with freeBSD.</li> <li>Fetchmail now sends RFC1894-conformant bouncemail on SMTP and LMTP errors.</li> <li>Full support for LMTP according to RFC2033.</li> <li>True multi-language support using GNU gettext.</li> <li>Support for use of HESIOD with Kerberos.</li> <li>The --bsmtp option supports recording fetched mail as a BSMTP batch.</li> <li>The --limit option can now be used in daemon mode, with oversized-message notifications being mailed to the calling user.</li> <li>Configurable support for the <a href="http://www.demon.net/helpdesk/producthelp/mail/sdps-tech.html/"> SDPS extensions</a> in <a href="http://www.demon.net/">www.demon.net</a>'s POP3 service.</li> <li>There is now an interactive GUI fetchmail configurator, fetchmailconf.</li> <li>Code is 64-bit clean and Y2K-safe.</li> <li>Automatically decodes armored 7-bit MIME into 8 bits (this can be suppressed).</li> <li>You can specify which SMTP error is recognized as a spam block.</li> <li>Support for Kerberos V authentication.</li> <li>Support for IMAP-OTP authentication using Craig Metz's patches for UW IMAP.</li> <li>Support for IPv6</li> <li>Support for IMAP with RFC1731-conformant GSSAPI authentication.</li> <li>Fixed and verified support for Cyrus IMAP server, M$ Exchange, and Post Office/NT.</li> <li>Support for responding with a one-time password when a POP3 server issues an RFC1938-conforming OTP challenge.</li> <li>Support for Compuserve's RPA authentication protocol for POP3 (not compiled in by default, but configurable).</li> </ul> <h2>Since 3.0:</h2> <ul> <li>Support for IMAP RFC 1731 authentication with Kerberos v4.</li> <li>Support for multiple-folder retrieval in a single session under IMAP.</li> <li>Following SMTP 571 response to a From line, fetchmail no longer downloads the bodies of spam messages.</li> <li>Support for a `hunt list' of SMTP hosts.</li> <li>Support for ESMTP 8BITMIME and SIZE options.</li> <li>Support for ESMTP ETRN command.</li> <li>The stripcr &amp; forcecr options to explicitly control carriage-return stripping and LF-&gt;CRLF mapping before mail forwarding.</li> </ul> <h2>Since 2.0:</h2> <ul> <li>Support for secure use with ssh.</li> <li>Mailserver passwords can be parsed out of your .netrc file.</li> <li>When forwarding mail via SMTP, fetchmail respects the 571 "spam filter" response and discards any mail that triggers it.</li> <li>Transaction and error logging may optionally be done via syslog.</li> <li>(Linux only) Security option to permit fetchmail to poll a host only when a point-to-point link to a particular IP address is up.</li> <li>RPOP support (restored; had been removed in 1.8).</li> </ul> <h2>2.0 and earlier versions:</h2> <ul> <li>Support POP2, APOP, RPOP, IMAP2, IMAP2bis, IMAP3, IMAP4, IMAP4rev1. .</li> <li>Support for Kerberos V4 user authentication (either MIT or Cygnus).</li> <li>Host is auto-probed for a working server if no protocol is specified for the connection. Thus you don't need to know what servers are running on your mail host in advance; the verbose option will tell you which one succeeds.</li> <li>Delivery via SMTP to the client machine's port 25. This means the retrieved mail automatically goes to the system default MDA as if it were normal sender-initiated SMTP mail.</li> <li>Configurable timeout to detect if server connection is dropped.</li> <li>Support for retrieving and forwarding from multi-drop mailboxes that is guaranteed not to cause mail loops.</li> <li>Large user community -- fetchmail has a large user base (the author's beta list includes well over two hundred people). This means feedback is rapid, bugs get found and fixed rapidly.</li> <li>Carefully written, comprehensive and up-to-date man page describing not only modes of operation but also how to diagnose the most common kinds of problems and what to do about deficient servers.</li> <li>Rugged, simple, and well-tested code -- the author relies on it every day and it has never lost mail, not even in experimental versions. (In the project's entire history there has only been one recorded instance of lost mail, and that was due to a quirk in some Microsoft code.)</li> <li>Strict conformance to relevant RFCs and good debugging options. You could use fetchmail to test and debug server implementatations.</li> <li>For anybody who cares, fetchmail is Y2K safe.</li> </ul> <h2>Features in common with other remote-mail retrieval programs:</h2> The other programs I have checked include fetchpop1.9, PopTart-0.9.3, get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop. <ul> <li>Support for POP3.</li> <li>Easy control via command line or free-format run control file.</li> <li>Daemon mode -- fetchmail can be run in background to poll one or more hosts at a specified interval.</li> <li>From:, To:, Cc:, and Reply-To: headers are rewritten so that usernames relative to the fetchmail host become fully-qualified Internet addresses. This enables replies to work correctly. (Would be unique to fetchmail if I hadn't added it to fetchpop.)</li> <li>Message and header processing are 8-bit clean.</li> </ul> <hr /> <table width="100%" cellpadding="0" summary="Canned page footer"> <tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a></td> <td width="30%" align="right">$Date$</td> </tr> </table> <br clear="left" /> <address>Eric S. Raymond <a href="mailto:esr@thyrsus.com">&lt;esr@snark.thyrsus.com&gt;</a></address> </body> </html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 15:12:34 +0000