Hello,
we are using roundcube for quite a while now in a city carrier setting, so we are (unfortunately) forced to implement lawful interception measures for webmail services
(v1.1.4 for now, but plan to switch to latest stable around jan/feb next year with a new custoemr frontend) .
Up to now, there has never been a problem, but it seems, the German BNetzA defined some stricter filtering and interception rules:
1. We have to inject the x-originating-ip into the imap stream AFTER login. The dovecot_ident plugin does this, but before logging in.
In theory, it would suffice to send A0002 NOOP <client ip> or A0002_<client ip> as soon as possbile after logging in.
2. If a customer logs into Roundcube, the inbox is listed via header FETCH request for every email (hope I'm right with this). Not included in the response is the message ids.
These are only available in the 2nd and 3rd FETCH request (when a mail is selected for preview). Because of the interception guidelines, the message id must always be present
in the first FETCH for being triggered. It is not possible to drop the first packet from the tcp stream.
Does anyone know, if this was even possible without a major rewrite of the core system? As it is planned to implement several ISO certifactions for our company, we would have a time intensive
development, documentation and change/release cycle for every small security fix, when patching the core system with custom code.
Regards
Marcel