imapwire
imapwire
This periodically attachs to, checks for and grabs new articles in a mailbox on
a remote IMAP server.
Nowadays OAUTH2 is the norm and imapwiressl can be used to access Gmail and
Office 365 accounts with Oauth authentication.
It is normally started by 'iptimer' with FipSeq for the mailbox name, password
etc
The whole document is then left, normally, in spool/xsmtp for 'ipchkmail' to
pull apart the Header etc.
The parameter file, normally tables/wire/IMAP, is read for the the names of the
mailbox to scan.
; comment
mailbox: (mailbox name on the remote IMAP server)
password:(FipSeq/in plain)
no default
delete:(yes/no)
Delete files that have been grabbed - and have the Ok-to-delete flag set (ie
old)
This is the IMAP Expunge command for the mailbox.
default is NO
sendto:(newaddress)
sendto allows you to specify another name for the DA field
IPPOST will use this to route. By default
the Fip Hdr field DA will hold the logon name.
fiphdr:(FipSeq)
Add to the FIP hdr - perhaps the DU field to change the destination.
default: none
inbox: (inbox name)
default INBOX
eg
mailbox:chris password:zongle fiphdr:#XX:here delete:yes
Optional keywords / parameters :
grab-every:(seconds)
Connect, logon and check for news every X seconds.
The default is 600 seconds (5 mins) while the minimum
is 5 seconds.
The '-t' input switch can also be used.
defdest: (default Fip Destination (DU FipHdr field) default: "imap"
chrset: (Source character set ie SC header field) default: ascii
imap-host: (hostname or IP address of the host to attach to) nodefault
(see also -s input switch)
imap-port: (Port number of the host) default: 143
Unless use-tls is set where the default is port 993
(see also -p input switch)
connection-timeout: (timeout in seconds wanting to connect to the remote)
default: 120 secs
connection-retries: (no of connection attempts before erroring default: 5
response-timeout: (timeout in seconds wanting for the remote to respond to a
command) default: 60 secs
extra-fiphdr: (more FipHdr information to add) default: none
archive: yes/no default: yes
Archive the data in log/data
This parameter will override the -Z switch of that is also specified
skip-balance-group: name of a balance group (in tables/sys/BALANCE) to
distribute
the skip file when changed (see doc on 'ipbalan') - for ipftp and webwire.
This is often used where a second system could be used as a redundant server
if the main system fails. (see also -B input switch)
skip-balance-queue: name of queue under /fip/spool default 2balance
proxy-server: If using a proxy, these are the name and port to aim at.
proxy-port:
proxy-logon: This is the logon and password to get thru the firewall
if required. The format is (logon) (colon) (password) and is
converted to base 64.
proxy-logon:Y2hyaXMuaHVnaGpvbmVzOnBhbnRoZXIK=
To generate :
echo -n "logon:password" | sffb64 -i
eg echo -n "chris:sleekpanther" | sffb64 -i
gives Y2hyaXM6c2xlZWtwYW50aGVy
proxy-logon:Y2hyaXM6c2xlZWtwYW50aGVy=
proxy-is-squid:yes/no Is the proxy a Squid ? default: no
For Proxies - Please see note below
use-oauth:yes/no
Use OAUTH to grab/use an access-token or Bearer token eg for Gmail access
default is NO
use-ssl:yes/implicit/explicit/no
use-tls:yes/implicit/explicit/no
The commends are for a ftp running over SSL/TLS on the remote server
default is NO
no - normal, standard FTP on (normally) port 21 for the control
yes or explicit - connect (normally) on port 110 in clear then use SSL for
USER, PASS and data
implicit - connect (normally) on port 993: use SSL for all conversations
tls-auth: (XXX)
AUTH type for TLS/SSL default: TLS
ssl-method: (1,2,3,23,999)
Version number to use for TLS/SSL default: 999 for current default (2 or 3)
ssl-password: (password)
ssl-passwd: (password) default: none
Optional password if the handshake requires a shared secret
ssl-key: (name of a certiticate key file) default: none
ssl-cert: (name of a certificate file) default: none
ssl-root-cert: (name of a root PEM certificate file) defaunt: none
Optional certificates are in tables/ssl unless name starts with '/'
ssl-verify: yes/no verify server certificates default: yes
ssl-ciphers: (list) acceptable ciphers
(use 'openssl ciphers' to list)
default: "HIGH:!aNULL:!kRSA:!SRP:!PSK:!CAMELLIA:!RC4:!MD5:!DSS"
(from feb2021
ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM
ssl-display: yes/no display SSL connection details default: no
output-folder: (folder name)
output-folder1: (folder name)
..
output-folder9: (folder name)
if the folder does NOT start with a '/', it is assumed to be
Note these override the default and '-o' input switch..
-- For accessing Oauth protected assets
; We need an access token
use-oauth:yes
; which flavour of Oauth2 ? - only the first letter is meaningful
; oauth-flavour: Google (Gmail) or Microsoft (Office365)
oauth-flavour:microsoft for office 365
; Current token file will be saved in /fip/fix/goauth2
oauth-token-file:\OT
; Credentials file in /fip/tables/cert
oauth-credentials-file:\OC
; sffoauth and imapwire
oauth-scope:https://outlook.office365.com/.default
; Script to run when token expires - approximately every 12 hours
oauth-refresh-script: (Script in FipSeq) script to generate the access_token
using a refresh_token
oauth-refresh-script:/fip/bin/sffoauth -z wire/IMAP.O365.OAUTH.SEA -c \OC -t
\OT -H '#WN:\WN' -a
These 5 FipHdrs are use to generate, check, add/renew permissions to access
the remote data - normally Gmail or Office365
oauth-client-fiphdr: (FipHdr) default: IC
oauth-secret-fiphdr: (FipHdr) default: IS
oauth-access-fiphdr: (FipHdr) default: IA
oauth-refresh-fiphdr: (FipHdr) default: IR
oauth-expiry-fiphdr: (FipHdr) default: IX
-- Where sections of FipHdr fields are required or changes to the output style,
use keywords : fixed, partial, combie, optional, repeat, newdate and/or style.
(see The SysAdmin manual for more information).
They are normally specified :
fixed:QZ 1234543
partial:QT ST,3,2,U,<,>
combie:QY ep|na,(0000000)a
option:QE ep,11,7,s
repeat:QK XK,-,3
or repeat:QP PK,,4,#X
style:QS XN,%.03d
replace:QN NN abc=DEF def=GHI
newdate:QT hours+3 "\ZD"
--- Gmail using Oauth and IMAP
--- Gmail using SSL and IMAP
Generally this is being phased out for Oauth - see above
To access a Gmail account :
** beforehand, you must logon to the Gmail account
- select settings
- click on Forwarding and POP3/IMAP
- select enable IMAP
-( select Auto expunge OFF if you have more than one person/program accessing
!)
- you must use imapwiressl
- add the following to the parameter file
; Use TLS
tls-auth:ssl
use-tls:implicit
; Imap Host
imap-host:imap.gmail.com
imap-port:993
--- Using TIMER to kick off
Easy !
1. wire/IMAP.FIP
; Use FipSeq for the attributes
; If using W4 or Prestige, copy WN to another FipHdr field - RU in this case
mailbox:\WN password:\W7 fiphdr:\W3#RU:\WN#
; hostname of the exchange server
imap-host:(hostname here)
; If you have more than one fip - make sure the other system is up-to-date
; ** Add balskips group in sys/BALANCE - for each host: group:balskips
host:(hostname) ignore-localhost: nofiphdr:
skip-balance-group:balskips
; ---------------
2. setup/TIMER_IMAP.FIP
; If you have more than one fip and are running Primary/Secondary :
; ** Add wiresvr to sys/DEST_REDUN (or use an existing entry)
check-primary-server:wiresvr
group:imap
track-status:no
bandwidth-stats:no
; If you have more than one fip - make sure the other system is up-to-date
; ** Add balskips group in sys/BALANCE - for each host: group:balskips
host:(hostname) ignore-localhost: nofiphdr:
skip-balance-group:balskips
; Then for EACH mail address - add this line - emailaddress does not NORMALLY
need a domain
client:(emailaddress) type:imap fiphdr:XX:extraStuff days:X every:1
passwd:(password)
; ---------------
3. sys/SYSTEM
; add the line ...
imap mail iptimer -n timer_imap.fip
; ---------------
4. check sys/BALANCE and sys/DEST_REDUN as above
--- Testing
If things do NOT look like they are working, you can run imapwire manually with
the -1 and -D to run once and display the handshake.
So if the line in the SYSTEM file is
imap wires imapwire -s mail.bignastycorp.com -n imap.fip
.. You can test from a terminal/CMD with
imapwire -s mail.bignastycorp.com -n imap.fip -1 -D
or if using ssl
imapwiressl -s mail.bignastycorp.com -n imap.fip -1 -D
To test AND GRAB NOTHING, add the -V switch too
imapwiressl -s mail.bignastycorp.com -n imap.fip -1 -D -V
--- Note Imapwire saves the last item, date and time and UID in a file for each
mailbox in /fip/fix/imapwire
The three items are editable on 3 lines, so you can mess around at your peril
if you need !
::::::::::::::
imap_mail.zingle.com_fip$2011%hoho_inbox
::::::::::::::
408
14-Oct-2011
174223
--- Input switches are :
Mandatory :
-s : Hostname where the IMAP is running. default: none
Optional :
-1 : one single pass and then stop default: continuous
-B : default balance group for skip files default: none
(see skip-balance-group parameter)
-d : display the conversation with the remote server default: no
and pause between files for you to hit return to continue
valid ONLY with the -1 for single shot; used for debugging troublesome
connections
-D : display the conversation with the remote server default: no
-h : extra FipHdr information default: none
This is in FipSeq and should normally be quoted
Note this is the means that 'iptimer' sends variable information to imapwire
eg : -h"SN:hello#TC:200401031"
-k : on Display, send a NOOP instead of a CAPABILITY before LOGON
default: send CAPABILITY
-K : do NOT send anything before LOGON default: send CAPABILITY
-l : do NOT log anything except errors default: log files only
-L : log every file and every connection default: log files only
-n : name of the service def: name of the parameter file
-o : Next fip queue for incoming files default: spool/2go
-p : port number on the remote host default: 143
-t : sleep in seconds between connections/accesses default: 600 secs
-V : do NOT grab any files - used with -D -1 to test only default: run and
grab
-U : restart on this UID default: use last saved in the fix file
-x : Proxy server host or IP address default: none
-X : Proxy server port default: 80
-y : Proxy logon default: none
-Y : Proxy server is Squid default: no
-z : parameter file default: wire/IMAP
-Z : do NOT archive any incoming files default: archive
-v : display version number and exit.
Version Control
;02a-o2 16jun18 fipseq_extras ;b ;c extra SSL details added ;d added defUseSSL
to reset on connect ;e socks4/5 added
;f 1mar22 added oauth2 for gmail plus fixed bug when > 64k of ids on SEARCH
plus TLS remhost added
;g-h 8jul22 DU and SC are notw FipSeq
;i 10nov22 added -Z archive:no
;j-m 20dec22 oauth for MS-Office365 and check expiry too ;n connection
timeout for thru the proxy
;o 26jun23 ssl-ciphers added and tuned display
;01z 31dec08 cleanups ;f note_balance_action ;g-h 16feb11 added TLS
;i-j 31oct11 make sure date is valid and better error msgs
;k-m 02apr12 bugette with tls ;m unlink tmp on singleshot
;n 21jul12 added output-folderX
;o-s 15oct12 bugette - missed first file if folder is reset (or zapped and
remade)
;t-u 26may13 added expunge (finally) ;v added 993 as default for use-tls
;wx 7mar17 send CAPABILITY before LOGIN so we can check if LOGINDISABLED if
-D !
;y 10apr17 made logon,password etc parseable
;z 16jun17 more logging
(copyright) 2025 and previous years FingerPost Ltd.