$Id: FAQ.OnlineUI.txt,v 1.50 2025/01/31 23:32:48 gilles Exp gilles $
This document is also available online at
https://imapsync.lamiral.info/FAQ.d/
https://imapsync.lamiral.info/FAQ.d/FAQ.OnlineUI.txt
=====================================================================
Imapsync tips about the online visual user interfaces
https://imapsync.lamiral.info/X/
=====================================================================
Questions answered in this FAQ are:
Q. Can I launch several imap synchronizations on the visual
user interface /X?
Q. How secure is the online visual user interface /X?
Q. Does the online service store any sensitive information
like my passwords?
Q. Where is the entered data on the website be stored?
Q. I want to switch from the visual interface /X to the
imapsync command line or to the script examples
https://imapsync.lamiral.info/#DOC_BASIC
What should I know?
Q. I want to add extra parameters to the online interface,
like the parameters used on the command line.
How can I do?
Q. Shall I have issues when the browser times out?
What happens if the browser connection is closed for whatever reason?
Q. Shall I have issues when the webserver times out? What happens
if the web server closes the connection for whatever reason?
Q. The sync stalls at the beginning, just after a line like:
"Host1: xxx says it has CAPABILITY for AUTHENTICATE LOGIN"
What is the problem?
Q. The synchronization fails with the error message like:
Err 1/1: Host1 failure: Error login on [10.1.161.155] with user [webmaster] auth [LOGIN]: 2 NO [ALERT] LOGIN DENIED -- COUNTRY IS BLACKLISTED
Now the questions again with their answers.
=====================================================================
Q. Can I launch several imap synchronizations on the visual
user interface /X?
A. Yes. Open several tabs/windows on your browser and fill each one
with different credentials.
=====================================================================
Q. How secure is the online visual user interface /X?
A0. Well, I don't know if asking the provider whether his online
service is secure or not would be of any interest.
Let's do it anyway, you'll be the judge.
A1. Some figures
Date of this report: 20 February 2023
with some parts updated later, with dates mentioned.
The online imapsync service /X started 9 January 2017,
6 years ago (2233 days of service, days_since_first_use_all_times).
On average in 2022, /X has 138 users per day, each user lunches on average
3 account migrations, from just one launch to many (hundreds).
The total volume /X transferred in 2022 is around 102 TiB coming
from nearly 164 000 imap account migrations and 306 million email messages.
Data provided from commands "summary_display 2022" and "stat_all 2022".
A2. Pros & Cons
The online imapsync service /X runs on HTTPS only, with a letsencrypt
certificate, an up to date certificate overall rated green "A" at
https://www.ssllabs.com/ssltest/analyze.html?d=imapsync.lamiral.info
Because of the HTTPS usage, what the users enter in their browser, the
imap logins and passwords, can't be eavesdropped on the network.
The imapsync website has a mixed history
https://observatory.mozilla.org/analyze/imapsync.lamiral.info
From F to A+ to F to A+ (30 December 2023).
Imapsync itself takes care of encryption for the imap sessions, if
possible. First, imapsync tries to use SSL on port 993, then TLS on
port 143 if the servers announce TLS, then no encryption at all.
Concerning encryption, what is done with the source imap server host1
is independent of what is done with the destination imap server host2.
On the date of 20 February 2023, there is no security problem detected
or reported to me (Gilles LAMIRAL), so far.
Concerning the Log4j threats, the imapsync server doesn't use Log4j at
all, so it should be safe about this issue.
Feel free to attack the service and feel free to report any hole
encountered. Have in mind that I can watch what you do from the
server-side, and then take measures if the service suffers from your
acts. Droping me a note before will be fair play and I will let you act
as harsh as you can.
As the owner of the service, it could have been 700 000 pairs of
credentials collected and nearly 340 terabytes of email messages.
That's massive. I haven't kept them but I can't prove I haven't. It's
just trust, like nearly every online service in the universe.
Concerning imapsync transfers, the imap server certificates are not
checked for authenticity by default because too many imap servers are
crappy configured regarding their certified certificates.
This default behavior is chosen like this because users of /X
want their emails transferred, instead of being not transferred
because of an incompetent or absent imap server sysadmin.
I admit that this part, checking imap ssl/tls certificates,
could be improved from my side by including well known
certificates directly in imapsync.
If an imap server doesn't honor ssl nor tls, then logins, passwords
and everything will go clear text during the imap transfers. That's
not good at all! But what "comforts" me is that if an imap server does
only clear text transfers, then it's also true for all the imap
sessions the account owner encounters, imapsync is just one of them;
the imap servers are then always unsecured for any imap software
client.
Last point, who could be sure that no cracker cracked the online hosts
and that he isn't currently sniffing the credentials?
No one! I'm not sure myself, even if I do take care of that
possibility. So changing the imap accounts passwords after
the sync is a safe and recommended practice! You can even
change the password just after imapsync has started its job,
just after a successful login. This way you know the previously
given password is no longer working just after imapsync has
started its job.
=====================================================================
Q. Does the online service store any sensitive information
like my passwords?
A. No. The online passwords are kept by your browser. The goal is that
the next time you run a sync from your browser, all the parameters
are already there without having to re-enter them. The save is
done when you click on the "Sync or resync" green button. So, if
you don't want your browser to keep your password, enter a wrong
one or empty the password field and click on the "Sync or resync"
green button, the wrong password will be saved in your browser and
no sync will be done, since a correct login is mandatory to do
anything on your mailboxes.
=====================================================================
Q. Where is the entered data on the website stored?
A. The logfile of the imapsync session, the output you see along the
sync, also all dumped out at the end of a sync, is kept for a while
in a dedicated temporary directory. It helps me diagnosis what
happened when you contact me for a problem. I also extract data to
calculate statistics at the end of the month.
=====================================================================
Q. I want to switch from the visual interface /X to the
imapsync command line or to the script examples
https://imapsync.lamiral.info/#DOC_BASIC
What should I know?
A. Let's do some ascii art.
The visual interface looks roughly like this, for the textfields input part:
Login (usually an email address) test1 Password secret1 IMAP Server hostname (or its IP address) |
Login (usually an email address) test2 Password secret2 IMAP Server hostname (or its IP address) |
Notice the 6 examples values I put in the previous "picture":
test1.lamiral.info
test2.lamiral.info
The corresponding imapsync command line on Windows is:
imapsync.exe --host1 "test1.lamiral.info" --user1 "test1" --password1 "secret1" ^
--host2 "test2.lamiral.info" --user2 "test2" --password2 "secret2"
The order of the parameters is whatever you want as long as you respect each pair
like: --optionname "value"
There is no need to type this in a command prompt window, just use the example script
https://imapsync.lamiral.info/examples/imapsync_example.bat
The corresponding imapsync command line on Linux is:
imapsync --host1 "test1.lamiral.info" --user1 "test1" --password1 "secret1"
--host2 "test2.lamiral.info" --user2 "test2" --password2 "secret2"
There is no need to type this in a command prompt window, just use the example script
https://imapsync.lamiral.info/examples/imapsync_example.sh
=====================================================================
Q. I want to add extra parameters to the online interface,
like the parameters used on the command line.
How can I do?
A. On the online interface, in the central column, click on the button
labeled "Show / Hide extra parameters". It displays more widgets on
the screen. One is a blank text-field labeled "Enter extra
parameters". It spans the entire page from left to right. In this
text-field, enter parameters the same way as on the command line.
For example:
--search "SENTSINCE 1-Jan-2023"
or
--folder INBOX
or cumulate several options
--search "SENTSINCE 1-Jan-2023" --folder INBOX
or
--search "SENTSINCE 1-Jan-2023" --folder INBOX --blabla pouetpouet
Looking at the last example, there is an unreal option, an unknown
option called --blabla with a rubbish value as pouetpouet.
In the log file, the extra parameters will be echoed like this:
Command line used, run by /usr/bin/perl:
/usr/lib/cgi-bin/imapsync --addheader --automap --extra --search "SENTSINCE 1-Jan-2023" --folder INBOX --blabla pouetpouet --host1 test1.lamiral.info ...
Under cgi context
Umask set with 0077 (was 0022)
Reading or overwriting options from parameter --extra: --search "SENTSINCE 1-Jan-2023" --folder INBOX --blabla pouetpouet
The following options were ignored from parameter --extra: --blabla pouetpouet
You see that the unrecognized option is mentioned in a different line,
as ignored. This unrecognized option won't be applied by imapsync.
The previous options, --search and --folder, and their values, will be
taken into account in the run.
It is possible that good options on the command line are not
recognized in the extra field, in the online context. They will be
mentioned as ignored. In that case, double-check the syntax and if
it's okay, then ask me to add this unrecognized option on the online
service. Not all command line options are accepted in the online
service, for security reasons. I have to think about it before adding
them in imapsync online.
=====================================================================
Q. Shall I have issues with the browser timing out?
What happens if the browser connection is closed for whatever reason?
A. A browser connection closed closes also the imapsync process,
ie, the sync is ended right away.
Further comments on this behavior.
When using the /X interface there are three connections.
One connection is the Browser/WebServer connection,
the two other connections are the WebServer/ImapServers
connections (imapsync stuff).
If the Browser/WebServer connection timeouts or ends,
the imapsync sync is also ended immediately by the remote
Apache HTTPS server. Technically, Apache sends a TERM signal
to the imapsync process, then wait some seconds before
sending a KILL signal if the imapsync process is still alive.
You can relaunch the sync with the "Sync!" button, at any time.
If the "Sync!" button is gray/inactive then just reload
the page (F5 or similar), and reenter the credentials.
If the interface tells you that the sync is already going on,
it may be that the sync is running from another browser or place.
You can stop this sync with the "Abort!" button from any /X
tab/window, even from another browser or place. To be able
to abort with success, you have to give the same account
parameters, same credentials, or imapsync will ignore the demand.
In other words, you can try safely to launch several parallel
runs between the same mailboxes. Open a new tab/windows with /X,
and start the same sync. It's safe, the /X page will say that
there is already one sync running and it will present
the logfile running the sync like a "tail -f" command (isn't that magic?).
=====================================================================
Q. Shall I have issues when the webserver times out? What happens
if the web server closes the connection for whatever reason?
A. If the webserver closes the connection then usually it also
kills the imapsync process and the imap connections as well.
The current webserver timeout at
https://imapsync.lamiral.info/X/
is 3600 secondes, one hour.
=====================================================================
Q. The sync stalls at the beginning, just after a line like:
"Host1: xxx says it has CAPABILITY for AUTHENTICATE LOGIN"
What is the problem?
A. I've seen this issue on /X with the imap server
CommuniGate Pro IMAP Server 6.0.11
The issue looks related to special characters in the password.
Solution for now: change the password, keep only standard (ASCII)
alphanumeric characters ABC-YZ abc-yz 012-89.
=====================================================================
Q. The synchronization fails with the error message like:
Err 1/1: Host1 failure: Error login on [10.1.161.155] with user [webmaster] auth [LOGIN]: 2 NO [ALERT] LOGIN DENIED -- COUNTRY IS BLACKLISTED
A. The message "[ALERT] LOGIN DENIED -- COUNTRY IS BLACKLISTED" comes directly
from the IMAP server at 10.1.161.155
It looks like that the 10.1.161.155 imap server filters incoming
connexions based on their IPS.
In that case, here are the current IPs of the imapsync
online service (October 2024):
myhosts
ks5.lamiral.info has address 91.121.221.224
ks5ipv6.lamiral.info has IPv6 address 2001:41d0:2:84e0::1
ks7.lamiral.info has address 5.135.177.225
ks8.lamiral.info has address 5.135.176.149
i021.lamiral.info has address 213.32.77.44
i050.lamiral.info has address 213.32.72.139
The imapsync online service may contact your imap servers with one
or more of those IP addresses.
CPhulk of Cpannel has a buildin country block that can cause this behavior.
Later on you may encountered issues with maximum sessions per ip.
You can change that within cPannel.
https://support.cpanel.net/hc/en-us/articles/4406663082519-What-is-cPHulk-
https://docs.cpanel.net/whm/security-center/cphulk-brute-force-protection/