isync

lobo/isync

Fork of isync with filter support

Go to file

Oswald Buddenhagen 639c84ea28 don't ignore RequireSSL for PREAUTHenticated connections such connections don't support STARTTLS. that is reasonable, as whatever makes the connection preauthenticated (typically a Tunnel used to launch imapd via a shell login) must already rely on the connection's security. consequently, we would not try to use STARTTLS with such connections. unfortunately, we'd also skip the RequireSSL check as a side effect. this means that a rogue server (via a MITM attack) could simply offer a preauthenticated connection to make us not use SSL, and thus bypass server authentication. as a result, we could send potentially sensitive data to the attacker: - with Patterns used, we would send a LIST command which reveals the remote Path setting. this isn't very useful to an attacker. also, IMAP Accounts usually rely on the server-provided NAMESPACE to start with. - with Create enabled for the remote Store, we would upload messages from newly appeared local folders. this isn't a very likely situation, unless the attacker manages to convince the victim to move/copy interesting mails to a new folder right before the attack. - with Expunge enabled for the local Store, previously synchronized folders would be wiped. however, this would require the attacker to know the correct UIDVALIDITY of each remote folder, which would require incredible luck or convincing the victim to disclose them. the first mismatch would likely tip off the victim. in practice, someone with the level of technical and social engineering skills required for this attack would very likely find more attractive attack vectors. therefore, i don't consider this a particularly serious issue. configurations with UseIMAPS enabled or using a secure Tunnel were not affected to start with. a side effect of this fix is that most users of Tunnel will now need to explicitly set RequireSSL to false. an alternative approach would be defaulting all SSL-related settings to off when Tunnel is used. this would be too invasive for a patch release, but i'll consider it for 1.2. see also CVE-2014-2567 for the Trojita MUA.		2014-07-06 09:09:54 +02:00
debian	pre-release doc updates	2012-09-01 21:15:53 +02:00
src	don't ignore RequireSSL for PREAUTHenticated connections	2014-07-06 09:09:54 +02:00
.gitignore	ignore coverity state directory	2014-07-06 09:09:54 +02:00
acinclude.m4	update fsf's postal address. i think it's sort of useless nowadays	2006-02-09 17:44:22 +00:00
AUTHORS	reshuffle for "contact priority's" sake	2008-02-23 08:53:39 +00:00
autogen.sh	use autoreconf instead of calling separate tools	2013-12-01 13:36:26 +01:00
configure.ac	bump version	2014-06-28 14:27:04 +02:00
COPYING	added missing files	2000-12-20 22:00:25 +00:00
get-cert	update fsf's postal address. i think it's sort of useless nowadays	2006-02-09 17:44:22 +00:00
isync.spec.in	fix rpm packaging	2012-09-01 21:15:53 +02:00
Makefile.am	update debian packaging	2012-09-01 21:15:53 +02:00
NEWS	pre-release doc updates	2013-12-15 13:46:25 +01:00
README	pre-release doc updates	2013-12-15 13:46:25 +01:00
TODO	remove apparently obsolete item about Mutt's confusion	2013-12-15 14:06:14 +01:00

README

 _                      
(_)___ _   _ _ __   ___ 
| / __| | | | '_ \ / __|
| \__ \ |_| | | | | (__ 
|_|___/\__, |_| |_|\___|
       |___/            
isync/mbsync - free (GPL) mailbox synchronization program
http://isync.sf.net/

See AUTHORS for contact information.

``mbsync'' is a command line application which synchronizes mailboxes;
currently Maildir and IMAP4 mailboxes are supported. New messages, message
deletions and flag changes can be propagated both ways.
``mbsync'' is suitable for use in IMAP-disconnected mode.

Synchronization is based on unique message identifiers (UIDs), so no
identification conflicts can occur (as opposed to some other mail
synchronizers).
Synchronization state is kept in one local text file per mailbox pair;
multiple replicas of a mailbox can be maintained.

isync is the project name, while mbsync is the current executable name; this
change was necessary because of massive changes in the user interface. An
isync executable still exists; it is a compatibility wrapper around mbsync.

* Features

    * Fine-grained selection of synchronization operations to perform
    * Synchronizes single mailboxes or entire mailbox collections
    * Partial mirrors possible: keep only the latest messages locally
    * Trash functionality: backup messages before removing them
    * IMAP features:
	* Supports TLS/SSL via imaps: (port 993) and STARTTLS (RFC2595)
	* Supports CRAM-MD5 (RFC2195) for authentication
	* Supports NAMESPACE (RFC2342) for simplified configuration
	* Pipelining for maximum speed

* Compatibility

    isync should work fairly well with any IMAP4 compliant server;
    servers that support the UIDPLUS and LITERAL+ extensions are most
    efficient.

    Courier 1.4.3 is known to be buggy, version 1.7.3 works fine.

    c-client (UW-IMAP, Pine) is mostly fine, but versions less than 2004a.352
    tend to change UIDVALIDITY pretty often when used with unix/mbox mailboxes,
    making isync refuse synchronization.
    M$ Exchange (up to 2010 at least) occasionally exposes the same problem.
    The "cure" is to simply copy the new UIDVALIDITY from the affected
    mailbox to mbsync's state file. This is a Bad Hack (TM), but it works -
    use at your own risk (if the UIDVALIDITY change was genuine, this will
    delete all messages in the affected mailbox - not that this ever
    happened to me).

* Platforms

    At some point, ``isync'' has successfully run on:
    Linux, Solaris 2.7, OpenBSD 2.8, FreeBSD 4.3.

    Note that Cygwin cannot be reasonably supported due to restrictions
    of the Windows file system.

* Requirements

    Berkley DB 4.2+
    OpenSSL for TLS/SSL support (optional)

* Installation

    ./autogen.sh (only when building from git)
    ./configure
    make
    sudo make install

* Help

    Please see the man page for complete documentation.