Add restrictions to FetchMail

Discussion in 'General' started by Jeremyrem, Apr 25, 2020.

  1. Jeremyrem

    Jeremyrem New Member

    Hi there,

    OS version is Ubuntu 16.04.6 LTS
    ISPConfig version is 3.1dev

    I run a catchall email service and I recently had a mail user create a fetch of his own email (the ispconf3 email assigned to him) which caused the whole system to eventually lock up/loop trying to deliver his email to him. They are also a high traffic user 20-40GB traffic a month which just made it worse.

    I went and deleted the fetch config for him and am currently clearing out the queue for all [email protected](thinks the email is a link and wont let me post it) but was wondering is it possible to put domain restrictions on the fetch feature to prevent this from happening in the future?

    Thanks
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Implementing imapsync would resolve that for IMAP accounts.

    I don't see how to implement domain restrictions. Eg. when using fetchmail, usually the username is the same on the old and new server, and usually includes the domain. Limiting the name of the remote server might be of limited use, eg. a mail server could refuse to pull mail if the remote server name is identical to the hostname (or is localhost) and the username = destination the mailbox name. It's pretty easy to think of valid use cases which use the address' domain in the server name, or using IP addresses, or router port forwards that make this less trivial than it might seem at first. But maybe come up with very specific parameters on when to not allow fetchmail, and file a feature request.

    On a related note, dovecot can deduplicate folders which you could do from a cron job. I don't see that it can be done at message delivery time right offhand.
     
    Last edited: Apr 28, 2020
  3. Jeremyrem

    Jeremyrem New Member

    The issue was when the guy was fetching his own inbox
    i.e. fetch [email protected] to [email protected]

    Its working fine for
    [email protected], [email protected], [email protected], [email protected], [email protected] to [email protected]

    I guess I just need to prevent someone from fetching the same email account as the one they are logged into as when the last guy did it I ended up had to purge over 807k emails from queue (stuck in loop and around 25GB).

    I also dont give access to the ispconfig panel but have them use the webmail plugin. If I cant restrict it in ispconfig I might have to look into editing the plugin.

    Will look through the code and see if its possible as I would prefer it on ispconfig end vs the plugin.
     

Share This Page