Is there a Thunderbird extension that passes incoming/outgoing email to a program?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Is there a Thunderbird extension that passes incoming/outgoing email to a program?

cabalamat
I'm looking for a Thunderbird extension that allows incoming an outgoing email to be passed to an arbitrary executable, which may itself modify the message (e.g. by adding headers, changing the body, etc).

For example, Thunderbird could invoke the executable and pass the email to stdin and get the processed result through stdout, e.g.:

   some_executable <incoming_email >modified_incoming_email

Or it could pass the filename of the email to the executable, e.g.:

   some_executable incoming_email modified_incoming_email

And do something similar for outgoing email.

Does an extension exist for this? I imagine it would be useful for things like spam blockers, which suggests to me that something might already have been written. If not, is it possible to write an extension that does this? (I presume yes).

In case you're wondering, the reason I want this is I am writing an encryption program that automatically encrypts email on the way out and automatically decrypts it on the way in. (The idea behind this is that no-one uses encrypted email, because it takes effort to use, so I want to build a system that takes no effort at all, i.e. a zero user interface in normal use).
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is there a Thunderbird extension that passes incoming/outgoing email to a program?

cabalamat
On Wednesday, 24 July 2013 02:19:15 UTC+1, Philip Hunt  wrote:
>
> If not, is it possible to write an extension that does this? (I presume yes).

One reason I suppose that it might not be possible is that an extension that allows the execution of arbitrary code is potentially a security hole, so i am not sure if the Thunderbird extension API allows it (I'd rather know than get into the process of learning to write extensions and then realise what I want to do is impossible).

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is there a Thunderbird extension that passes incoming/outgoing email to a program?

Joshua Cranmer 🐧
In reply to this post by cabalamat
On 7/23/2013 8:19 PM, Philip Hunt wrote:

> I'm looking for a Thunderbird extension that allows incoming an outgoing email to be passed to an arbitrary executable, which may itself modify the message (e.g. by adding headers, changing the body, etc).
>
> For example, Thunderbird could invoke the executable and pass the email to stdin and get the processed result through stdout, e.g.:
>
>     some_executable <incoming_email >modified_incoming_email
>
> Or it could pass the filename of the email to the executable, e.g.:
>
>     some_executable incoming_email modified_incoming_email
>
> And do something similar for outgoing email.
>
> Does an extension exist for this? I imagine it would be useful for things like spam blockers, which suggests to me that something might already have been written. If not, is it possible to write an extension that does this? (I presume yes).

In short, not really. There are ways to divert copies of emails into
other programs via filters, but filters cannot munge the source of
emails. Enigmail does do this sort of stuff, but that works in large
part because the mechanisms it uses are partially hard-coded
specifically for Enigmail.

> In case you're wondering, the reason I want this is I am writing an encryption program that automatically encrypts email on the way out and automatically decrypts it on the way in. (The idea behind this is that no-one uses encrypted email, because it takes effort to use, so I want to build a system that takes no effort at all, i.e. a zero user interface in normal use).
Encrypted mail that takes no effort to use is basically insecure, due to
the inability to trust that the public key is correct. The other reason
why encrypted mail is hard to use is the fact that there is presently no
tenable solution for using encrypted email on webmail.

--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is there a Thunderbird extension that passes incoming/outgoing email to a program?

cabalamat
On Saturday, 27 July 2013 20:44:10 UTC+1, Joshua Cranmer 🐧  wrote:
> > Does an extension exist for this? I imagine it would be useful
> > for things like spam blockers, which suggests to me that something
> > might already have been written. If not, is it possible to write
> > an extension that does this? (I presume yes).
>
> In short, not really. There are ways to divert copies of emails into
> other programs via filters, but filters cannot munge the source of
> emails.

Is this planned to change in future releases of Thunderbird?

> Enigmail does do this sort of stuff, but that works in large
> part because the mechanisms it uses are partially hard-coded
> specifically for Enigmail.

I don't suppose it would be possible for me to make use of the mechanisms
created for Enigmail?

> > In case you're wondering, the reason I want this is I am writing
> > an encryption program that automatically encrypts email on the way
> > out and automatically decrypts it on the way in. (The idea behind
> > this is that no-one uses encrypted email, because it takes effort
> > to use, so I want to build a system that takes no effort at all,
> > i.e. a zero user interface in normal use).
>
> Encrypted mail that takes no effort to use is basically insecure, due to
> the inability to trust that the public key is correct.

You're right that the scheme I propose is vulnerable to man-in-the-middle
attacks. While the NSA can apparently store everyone's email, I suspect it
would be harder for them to do an automated MITM attack on everyone,
particularly without anyone knowing.

And there is always the possibility of alternative key transmission
mechanisms as well as the default.

This isn't perfect, but the best is the enemy of the good here.

> The other reason
> why encrypted mail is hard to use is the fact that there is presently no
> tenable solution for using encrypted email on webmail.

The problem with webmail is if it is stored on a centralised server, then
that server will be a point of attack: intelligence agencies will simply require them to hand over all their email.

So if someone wants secure webmail, it should run on their own server, either
on their own PC or perhaps on a cheap home server such as a Raspberry Pi.
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is there a Thunderbird extension that passes incoming/outgoing email to a program?

Patrick Brunschwig-3
On 04.08.13 02:29, Philip Hunt wrote:> On Saturday, 27 July 2013
20:44:10 UTC+1, Joshua Cranmer 🐧  wrote:

>>> Does an extension exist for this? I imagine it would be useful
>>> for things like spam blockers, which suggests to me that something
>>> might already have been written. If not, is it possible to write
>>> an extension that does this? (I presume yes).
>>
>> In short, not really. There are ways to divert copies of emails into
>> other programs via filters, but filters cannot munge the source of
>> emails.
>
> Is this planned to change in future releases of Thunderbird?
>
>> Enigmail does do this sort of stuff, but that works in large
>> part because the mechanisms it uses are partially hard-coded
>> specifically for Enigmail.
>
> I don't suppose it would be possible for me to make use of the mechanisms
> created for Enigmail?

I'd say you could certainly reuse some of the code (starting by the
library that does piping to/from other processes), but there are two
main problems:

1) incoming mails: the way decryption in Enigmail works is that it
listens to a particular content-type. In order to do this I wrote a
component (as part of libmime) that allows Enigmail to register to it. I
originally intended to write a generic component, such that any
extension could register any content-type. But I don't know libmime well
enough, so I simply did the minimum required for Enigmail.

2) outgoing mails: there is currently no API in Thunderbird that would
allow to register for processing outgoing mails. The way it's
implemented in Enigmail is a hack and incompatible to other extensions
doing the same. I know how to fix this, but I didn't find the time to
work on it yet.


-Patrick
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is there a Thunderbird extension that passes incoming/outgoing email to a program?

cabalamat
On Sunday, 4 August 2013 14:35:27 UTC+1, Patrick Brunschwig  wrote:

> On 04.08.13 02:29, Philip Hunt wrote:> On Saturday, 27 July 2013
>
> 20:44:10 UTC+1, Joshua Cranmer 🐧  wrote:
>
> >>> Does an extension exist for this? I imagine it would be useful
>
> >>> for things like spam blockers, which suggests to me that something
>
> >>> might already have been written. If not, is it possible to write
>
> >>> an extension that does this? (I presume yes).
>
> >>
>
> >> In short, not really. There are ways to divert copies of emails into
>
> >> other programs via filters, but filters cannot munge the source of
>
> >> emails.
>
> >
>
> > Is this planned to change in future releases of Thunderbird?
>
> >
>
> >> Enigmail does do this sort of stuff, but that works in large
>
> >> part because the mechanisms it uses are partially hard-coded
>
> >> specifically for Enigmail.
>
> >
>
> > I don't suppose it would be possible for me to make use of the mechanisms
>
> > created for Enigmail?
>
>
>
> I'd say you could certainly reuse some of the code (starting by the
>
> library that does piping to/from other processes), but there are two
>
> main problems:
>
>
>
> 1) incoming mails: the way decryption in Enigmail works is that it
>
> listens to a particular content-type. In order to do this I wrote a
>
> component (as part of libmime) that allows Enigmail to register to it. I
>
> originally intended to write a generic component, such that any
>
> extension could register any content-type. But I don't know libmime well
>
> enough, so I simply did the minimum required for Enigmail.
>
>
>
> 2) outgoing mails: there is currently no API in Thunderbird that would
>
> allow to register for processing outgoing mails. The way it's
>
> implemented in Enigmail is a hack and incompatible to other extensions
>
> doing the same. I know how to fix this, but I didn't find the time to
>
> work on it yet.

Thanks for that Patrick, it's useful information.

What I'm going to do (for now) on PurrCat (my email encryption program) is
implement it by having a proxy for smtp and pop3, so the MUA connects to
my proxies, and then PurrCat talks to the external smtp and pop3 servers.

This has the advantage that it'll work with a wide range of software, not
just Thunderbird.
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird