Remote access to a user's mail spool
Matt Juszczak
matt at atopia.net
Tue Jul 5 19:02:13 GMT 2005
Hi all,
We're an ISP, and we are currently looking for a way for our tech support
guys to access customer's email without having shell access to the server,
or knowing the customer's password.
We'd like to install a custom webmail client on our private internal LAN
webserver that would only show the user's inbox and the ability to delete
the messages (couldn't read messages, etc.). The problem is that we would
have to know the user's password in order for my PHP script to go out and
fetch the mail.
Is there a way I can setup and/or patch one of the POP3 clients (of course
I would firewall this and do an SSH tunnel with the pop3d running on
localhost only on the mail server, so I would keep things secure) so that
it could be given any random password and would authenticate?
Or is this some kind of patch I would need to write? Maybe a better
option would be to write a custom client/server interface via ssh to
interact with the mail spool (possibly calling "mail" over ssh remotely,
with public/private key authentication and sudo access to mail for the
remote account)....
Any ideas?
Thanks,
Matt
PS: I can admit that I originally posted this to the dovecot mailing list,
but am now seeing it might be a system-related issue vs. a pop3 daemon
issue.
More information about the freebsd-questions
mailing list