public inbox for
Atom feed
From: tidux@sdf•org
Subject: Re: NNCP proxy for Internet mail providers?
Date: Wed, 27 Oct 2021 03:03:38 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Tue, Oct 26, 2021 at 09:39:39PM -0500, John Goerzen wrote:
> You know, as the guy that wrote OfflineIMAP....
> What would be REALLY cool would be a way to do an OfflineIMAP-style
> synchronization over NNCP.  That is, notice that certain changes have
> occurred on the local end, transmit commands via NNCP to cause those changes
> to occur on the IMAP server, and vice-versa.  As far as I know, there is
> nothing out there that can do that right now.  The closest you might come
> would be to use OfflineIMAP on a system with Internet connectivity, and then
> something like Syncthing to share a Maildir tree in an async fashion.
> However, I'm not really sure how reliable that would be. It is entirely
> possible it would have significant drawbacks.
> Syncthing and NNCP are interesting partners.  I wrote about a few of the
> possibilities at
> - John

I thought about that, but it's actually a lot harder than it appears at
first glance.  You'd need something similar to isync/offlineimap to
track the IMAP IDs of individual messages in the maildir on the client
machine and then have a way of communicating, over NNCP, the changes
that should cause server side mutations (message deleted, moved to new
folder, etc.) back to the proxy host for translation into IMAP4 commands
to relay to the Internet mail server.  Even then that behavior has to be
a configuration toggle because sometimes you do just want the mailserver
to archive everything forever even if your client mailbox gets hosed.

That might look like a daemon that uses inotify to watch a maildir on
the client machine and then calls "nncp-file" to drop a file with the
message IDs and actions to be taken on the proxy server, where another
inotify watching daemon looks at the filesystem and translates into
IMAP4 data.  Something like 

/var/lib/nncp2imap/imapfs/{IMAP folder name}/{IMAP message server ID}/{action}

so nncp-file sends a 0 byte file named DELETE to


on the server, and then the watcher daemon sends a message to the IMAP
proxy daemon instructing the IMAP server to delete message ID 12345ABCD
from the user's inbox folder.

The danger of course is that a root exploit on the proxy server or a
rogue peer in your NNCP network can do arbitrary damage to your email
account, but that's not much different than the risks of running your
own mail server.  Key-only SSH with fail2ban and no other public
services except NNCP ought to mitigate most of the attack vectors.

We could call the daemons nncp-maildir-watcher, nncp-imapfs-watcher, 
nncp-imap4-proxy, and nncp-smtpsubmission-proxy.

- Jonathan Lane

  reply	other threads:[~2021-10-27  3:03 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-26 23:25 NNCP proxy for Internet mail providers? tidux
2021-10-27  2:18 ` John Goerzen
2021-10-27  2:39   ` John Goerzen
2021-10-27  3:03     ` tidux [this message]
2021-10-27  8:19   ` Sergey Matveev
2021-10-28  3:46 Koushik Roy
2021-10-28  5:33 ` tidux
2021-10-28  7:47   ` Sergey Matveev