#format wiki #language en #pragma section-numbers off #acl IanRiley:read,write,delete,revert,admin All:read,attach,detach #pragma supplementation-page on <> = dropbox_mailimport = == Background and rationale == [[DropBox.py]] was written to allow users to add or remove attachments without needing to have write privileges. It is possible to use the inbuilt mailimport function to attach files sent by email, however, this requires write privileges. A modified version of mailimport.py described here allows the users with restricted privileges to send attachments and notes by email to subfolders of their homepage (!/DropBox and !/MailNotes) and to send messages to a designated contact person. For users with more privileges, access to the inbuilt imported mail processing is still provided. Mail senders must meet more criteria than the standard mailimport.py. The processing of the incoming mail is determined by (1) a task code in the mail subject, (2) group membership of the sender, (3) the existence of the required pages, (4) correct sender and receiver usernames, and (5) a recognised email address. == Description == To integrate receiving mail with [[DropBox.py]] the following procedure is established. The receiving dropbox is required to exist as subpage under a qualified user's homepage (!UserName/DropBox). Attachments received will be added to the !UserName/DropBox subpage and content added as notes to the !UserName/MailNotes page in reverse chronological order (most recent at the top). As [[DropBox.py]] is intended to provide attachment control for users without necessarily providing write privileges, it is also intended to make a !NoteDelete action so users can remove notes without editing their page [watch this space]. To enable incoming mail to be authenticated and its purpose understood the following scheme is followed. * Users are given access by checking their username, email address, the existence of target pages and their inclusion in a user group. * Username (realname in `from:` address) is only checked if wikiconfig.py has {{{ mail_sender_strict = True}}}. Otherwise the username is determined from the sender's email address. If strict checking is imposed, users will need to set the realname in their email client to their username. Checking is done with spaces removed. * The purpose of the email is identified by a subject commencing <>. The <<...>> notation is used to distinguish it from page names specified by [``[...]``] under the standard mailimport processing and to imply that it is a task rather than a location. == Usage == === Valid incoming mail === From: mail(!UserName)@domain; !UserName To: mail(!ReceiverName)@domain; !ReceiverName !UserName in !DropBoxGroup, !ReceiverName/DropBox exists and recognised `from:` address !ReceiverName is !UserName (ie message to self); !ReceiverName is !OtherUser and !UserName in !WikiMailGroup * subject: <> . add attachments to !ReceiverName/DropBox . handle content as <> * subject: <> . add content to !ReceiverName/MailNotes with datetime stamp at top of page . ignore attachments . (!) write delete macro for note for user without write permission * subject: <> . handle as <> but to user specified in wikiconfig.py as {{{ mail_contact = u"UserName" }}}, with default to first superuser if not set . depends on mail_contact having !UserName and !UserName/MailNotes pages. !UserName in !WikiMailGroup and valid `from:` address !ReceiverName is sitename (as set in wikiconfig.py) * subject: <> . process as default incoming mail for MoinMoin . sender must be in !WikiMailGroup === Other incoming mail === Mail with invalid `from:` address, and/or page structure and group membership not in place * reply with "not processed" message and reason == Configuration == '''wikiconfig.py''' * Incoming mail needs xmlrpc to be premitted and secret set * Outgoing mail needs server and account details * Mail contact recipient can be specified, otherwise the first superuser will be the default. {{{#!highlight python #incoming mail #permit xmlrpc, excluded by default in multiconfig.py actions_excluded = multiconfig.DefaultConfig.actions_excluded + [] actions_excluded.remove('xmlrpc') #ProcessMail needs a secret in mailimportconf.py, so do them all secrets = {'action/cache':'some random string 1', 'wikiutil/tickets': 'some random string 2', 'jabberbot': 'some random string 3', 'xmlrpc/ProcessMail': 'some random string 4', 'xmlrpc/RemoteScript': 'some random string 5', } # outgoing mail mail_from = u"WikiName " mail_sendmail = "/usr/sbin/sendmail -t -i" #either this or the next two lines mail_smarthost = "mail.mail_server_domain" mail_login = "username password" # optional setting for dropbox_mailimport.py mail_contact = u"UserName" #if not set, superuser is assumed mail_sender_strict = False #if True, require sender realname to equal username }}} '''mailimportconf.py''' {{{#!highlight python mail_import_secret = "some random string 4" #as secrets for xmlrpc/ProcessMail mail_import_url = u"http://your_moinmoin_domain/?action=xmlrpc2" }}} '''!ProcessMail.py''' Modified to point to a replacement for MoinMoin/mail/mailimport.py as follows: {{{#!highlight python # from MoinMoin.mail import mailimport import dropbox_mailimport as mailimport # an enhanced mailimport }}} The modified copy is placed in wiki/data/plugin/xmlrpc, and in this case the replacement for mailimport.py as well. '''dropbox_mailimport.py''' The replacement for MoinMoin/mail/mailimport.py to be placed in wiki/data/plugin/xmlrpc (or other suitable location, with the import in !ProcessMail.py modified accordingly). == Download & Release Notes == || Download || Release Version || Moin Version || Release Notes || || [[attachment:dropbox_mailimport-1.0.py]] || 1.0 || 1.9.2 || || == Examples == [watch this space] == Copyright == . @copyright: 2011 Ian Riley == License == GNU GPL, see COPYING for details. == Known issues and limitations == * Mail (with no target page) directed to inbuilt mail processing having <<...>> in the subject results in an undeletable/non-renamable page. After this was discovered, the task tag (<>) is now actively removed from the subject. However, this vulnerability exists if such characters occur after the task tag. ----- Hits:: <>