Accessing vmail from web

Discussion in 'Tips/Tricks/Mods' started by Yarnell, Mar 5, 2021.

  1. Yarnell

    Yarnell Member

    Hey all,

    I'm trying to access a vmail directory from a php script using the exec command.
    I've tried various different methods but none of them work.
    I am assuming it is because of permissions.

    The line of code simply counts the number of files in the directory. The php code is:
    Code:
    exec("/usr/bin/sudo -S ls /var/vmail/xxxx.ca/yarnell/Maildir/cur | wc -l", $output, $return_var);
            echo $return_var;
    I get the following error
    Code:
    Mar  5 05:08:08 www sudo:     web3 : command not allowed ; TTY=unknown ; PWD=/var/www/clients/client1/web3/web ; USER=root ; COMMAND=/usr/bin/ls /var/vmail/xxxxx.ca/yarnell/Maildir/cur
    Any thoughts?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Why don't you use PHP IMAP commands to access the mailbox via imap?
     
  3. Yarnell

    Yarnell Member

    Perfect, thanks till... much appreciated... here's what I used for anyone interested.
    Code:
    function CountUnreadMail($host, $login, $passwd) {
    $mbox = imap_open($host, $login, $passwd);
    $count = 0;
        if (!$mbox) {
        echo "Error";
        } else {
        $headers = imap_headers($mbox);
            foreach ($headers as $mail) {
            $flags = substr($mail, 0, 4);
            $isunr = (strpos($flags, "U") !== false);
            if ($isunr)
            $count++;
            }
        }
    imap_close($mbox);
    return $count;
    }
    $hostname = '{xx.xxx.xx:993/imap/ssl}INBOX';
    $username = 'xxx';
    $password = 'xxx';
    $count = CountUnreadMail($hostname, $username, $password);
    
     
  4. Yarnell

    Yarnell Member

    Another question for you till. The above code works great but now I need to know if its possible to decode the password in the ispconfig database. the one in the mail_user table. If I can't decode it, is there anyway to use it in my code above?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You can't decode the passwords. If you must access mailboxes without knowing its password, then the file basec approach that you used first is probably better, but it's a security risk as well to open the mail system to the web plus you must configure sudo to limit this as much as possible.
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Curious, what is the problem you're trying to solve? Assuming it's counting the number/size of messages for a usage report, I have used dovecot's http api for exactly that, and that can be secured tolerably well (I used an apache reverse proxy to limit web access, and it communicates with dovecot in the background; then you also restrict what imap commands can be executed via the api).
     
  7. Yarnell

    Yarnell Member

    Ok, I didnt thinks so, can the remote api be used to change a password?
     
  8. Yarnell

    Yarnell Member

    Hmmm, how do I explain.... My clients are able to login to a backend administration panel to make adjustments to their website. I use a CMS called cubecart. While a client is logged in, I'd like them to be notified whenever a new message lands in their inbox. The above snippet of code allows me to acheive that. I just need the figure out how to adapt the password. If that makes sense.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    yes.
     

Share This Page