Web based Cyrus IMAP user admin client.

Installation:

necessary files:

IMAP::Admin-1.4.1.tar.gz or newer (used by funclib.pl version 2.4)
*NOTE* : Don't use version 1.5.1 of IMAP::Admin.  There is a bug in the
getquotaroot function that causes a timeout.

perlsieve-0.4.9b.tar.gz  NOTE: Adds SSL functions - fixes scripts listing
			 - fixed SSL connection problem
funclib.pl (version 2.4)
funclib.cyrus (version 1.1 - optional - uses Cyrus 2.x.x builtin perl modules)
	      IMAP::Admin and perlsieve not required if using funclib.cyrus.
	      NOTE:  You must have the Cyrus 2.x.x perl modules installed.
websieve.pl (version 0.61)
websieve.conf ( for versions 0.57+)
readme.txt
auth.pl (optional - change passwords on an ldap server)
auth-pop.pl (optional - change passwords on Qualcomm poppasswd server)
allfiles.tar.gz (all the files above)

Other files:
	websieve-test.pl: alpha version 0.59-test of websieve
	websieve.frames.tar.gz:
	- This is an example setup of using websieve.pl in a customized frame based menu environment.

- untar,make and install the following modules (if required):
(eg. after untaring the modules  change to the untarred directory, run 'perl Makefile.pl', then 'make', then 'make install' to complete the installation.)

IMAP::Admin from Eric Estabrooks (available locally or on CPAN)
IMAP::Sieve (available locally - from Alain Turbide, filename: perlsieve.x.x.tar.gz)

Note: Version 0.4x+ of websieve requires version 0.4.x+ of IMAP::Sieve.

- copy websieve.pl, websieve.conf and funclib.pl to your cgi directory
- if using ldap for password storage you can also copy auth.pl to your cgi directory and modify the parameters at the start of the module.
  (Alternatively you could use your own custom auth.pl or if using the Qualcomm
poppassd daemon you can use auth-pop.pl)
- change the execute permissions and ownerships of the
  scripts (eg: chmod 555 websieve.pl)
- modify websieve.conf to suit your preferences
- to use this script you must have the timsieved daemon setup as per the
  install instructions in the Cyrus distribution.

Useage:

Point your browser to websieve.pl eg: http://webhost/cgi-bin/websieve.pl.
You will then be greeted with a login screen.  Enter your
Cyrus UID and PASS and you should see the script entry screen
as well as your current mail quota, acl's.
Please note that only plain text (LOGIN) authorization is supported at this
time.  I also recommend that you run this on an SSL enabled server
to avoid sending passwords in the clear. If you need to run the script
on a separate server then the mail server, please remember that the passwords are sent in clear text.  To ensure better security in such scenerio's I recommend using SSL to encrypt the session to the Imap and Sieve daemon's.  I've successfully used Stunnel in these cases.

This cgi module allows full user control of sieve script creation,
as well as acl settings for mailboxes.  It also displays the
current available quota. The basic setting is for easy script
creation with no scripting involved.  The advanced setting allows
direct script access and editing. Please note that the "basic" mode does not
use all of Sieve's features.  If you require more functionality you can use
the "advanced" mode or you can drop me an email if you would like a particular
feature added to "basic" mode.


NOTE1:

To use the "vacation" or "reply with" features of sieve you must
be running deliver in LMTP mode otherwise you will not be able to
save scripts on the server if you try to use these features.
Please consult the Cyrus IMAP sieve docs for more info on the Sieve
language and setting up deliver for LMTP.


NOTE2:

This is BETA software.  There probably are quite a few bugs yet
to fix but it is mostly functional here.
I am not responsible for any loss or damage that can occur to your
system from the use of these scripts.  It is free software and
you may do as you wish with it.  If you make any modifications to it
or need changes made, let me know and I'll apply them to my source
for others to use if possible.
There is still a lot I want to do with it as well as clean up the
source (It's a bit rough at this time - still learning PERL).

Alain Turbide

SSL encryption for remote servers with Websieve
Method 1

You can turn on SSL connections by setting the variables $useimapSSS=1 and $usesieveSSL=1 in websieve.conf.  Also ensure you set the correct SSL'ized ports for $imapport and $sieveports.  You may instead if you have more then one server enter the correct settings in hash %server_hosts in websieve.conf.
This method uses the SSL option in the IMAP::Admin and IMAP::Sieve perl modules.
You must also have Openssl, Net_SSLeay, and IO::Socket::SSL installed on your system.  See the IMAP::Admin SSL section for more info.


Method 2

This is an example setup on using stunnel to encrypt websieve connections
to remote imap/sieve servers using an ssl session.


Imap server

stunnel -d imaps -r localhost:imap
stunnel -d sieves -r localhost:sieve

Websieve client

stunnel -c -d localimapport -r imapserver:imaps
stunnel -c -d localsieveport -r imapserver:sieves

Where "sieves" is a tcp port of your choice since there is no standard SSL'ized
sieve port as far as I know. Just make sure it does'nt conflict with an existing port.

You also have to make sure to point websieve.conf $sieveport->localsieveport and
$imapport->localimapport.  Those 2 ports are also arbitrary ports on the local machine of your choosing.  Again make sure they don't conflict to anything else and also restrict them (tcp wrappers - host.deny, hosts.allow) to access from the localhost only.

See the Stunnel docs for more info.

You can find all the required modules in directory /websieve/ssl

Websieve for Procmail setup.

Here's what you need to do to get websieve to generate procmail rules.

Copy filter.pl, auth.pl and procmail.cyrus (from the procmail subdirectory)
to a directory of your choice.
modify filter.pl's parameters to reflect your local settings as well as
the location of your auth.pl, and user directory structure to store
your user procmail rules.  Don't forget to also set the adminuid and
adminpass of an LDAP user that has read access to the 'matchingrules'
LDAP attribute of all users.
You can copy "procmail.cyrus" to /etc.

Create the directory structure where your users recipes will be stored.
Remember, it must be writeable by the "cyrus" user.

Setup your MTA to deliver to procmail.  This will vary if you're using
sendmail or other MTA.  I use postfix so I'll describe that setup:

Set the following parameters in the corresponding postfix config files:

in main.cf:
mailbox_transport = procmail

in master.cf:
procmail  unix	-	n	n	-	-	pipe
     flags=R user=cyrus argv=/usr/bin/procmail -p /etc/procmail.cyrus CYUSER=${user} EXTENSION=${extension} RECIP=${recipient}


- change the location of the procmail.cyrus file to your location setup.

Set $useprocmail=1 and in websieve.conf (at the bottom in the supplied copy)
Also set the other parameters to suit your location.

Note:  IMPORTANT:  Don't forget to set the secret key in the
X-Customfilters: line to match the one in websieve.conf

Theory of Operation

- when a rule is created and saved, the pseudo rulesets are saved into
the users 'matchingrules' LDAP attribute.
- an email is sent to the 'cyrus' user containing the user id of the user,
and a secret key to identify the server.
- the email is passed through the procmail.cyrus rc file and is caught by
the first rule for the 'cyrus' user.  Upon a match it pipes the email to
the "filter.pl" program which extracts the uid and then connects to the
LDAP server, and extracts the pseudo code from the user's 'matchingrules'
attribute.
- filter.pl then converts the pseudo code to an actual procmail recipe
file, creates the users vacation messages, reply files if needed in the
common recipe directory.  This filter only runs when a user submits
a change to his rules.

- any emails received go through the procmail.cyrus recipe file which then
looks for a matching user recipe file and if found processes that users
recipes or simply calls deliver to send the mail to the user's inbox.