On Fri, 24 May 2013, Ben Morrow wrote:
At 4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote:
I'm in the process of writing some scripts which I want to be able to take actions on my local mailbox. (For example, to move a subset of messages to the trash over time, if unread for a week. To act on messages in my learn-spam folder and then delete them).
http://wiki2.dovecot.org/PreAuth
You can also use doveadm for quite a lot of this sort of administration; this may be easier if you're scripting in shell rather than something more sophisticated.
I'd definitely consider something like an SSH key with a forced command (I do see questions in the FAQ about making dovecot work over a socket connection), but that forgoes using standard imap clients.
Well, I'm not sure what you consider 'standard' here, but there are both Perl and Python IMAP libraries which will connect to a command rather than a socket. If you're using a client which insists on connecting to an (INET) socket, it's a little harder; while you can obviously connect preauthed imap to a listening socket with netcat, that's not remotely secure.
I could also create a dovecot-only user with my UID and no other login privileges, but I'd like this to "just work" for anyone.
I believe with the latest 2.2 you can also do this with Kerberos principals, if you're running Kerberos; I haven't looked into this yet, but I mean to (for much the same reason).
Ben
To access the mail storage on the imap server you can just speak the imap protocol and authenticate against the imap server just like any other mail client would do. If you are using Kerberos and have a ticket granting ticket (after e.g. kinit) then the authentication against a properly configured imap server is done without typing passwords. If the imap server does support pam (and dovecot does) then this is handled there.
As an example I do attach a script that logs a user into an imap server using Kerberos authentication and then displays the mail quota. Any other action on the users mailboxes could be done as well. The script makes use of SASL, therefore by changing the authenticate call and the callback routine any other SASL mechanism could be used as well.
If you intend to perform tasks centrally for more than one user then doveadm is certainly the right choice as was pointed out already
For accessing local mailboxes (i.e. not stored on an imap server) I'd recommend one of the perl modules that can parse and process mailboxes (typically in mbox format)
Wolfgang