perl API for eboks.dk ===================== This is perl interface for http://eboks.dk/, Danish national email system. Included a simple POP server for proxying e-boks for read-only mail access and a simple downloader. You shall need your CPR# and password. You can get the password from the e-Boks website. For the POP3 login, the username is be your CPR code, such as f.ex: 0123456-7890. The password is your mobile pincode. How it works ============ The module need to be authenticated using MitID as all other clients to the danish services. The only difference is that this module is not an official client, (I'd love to make it official but I guess that costs an arm and a leg, plus bureaucratic hassles, so this is not planned so far). You would need to run the authentication (see below) where you would provide your Eboks password and confirm the Eboks login using your MitID app. After this is done, the module stores the RSA public key on the eboks server, and this is the same hardcoded public key used for all accesses. You may supply your own RSA keypair by generating it yourself and inserting it in the code. After the public key is uploaded, the module can login and fetch mails using the public key authentication. It would still need to ask for your CPR and Eboks password though. You most probably want to either read these mails on the same machine that fetches them, or forward them to your email. See below how to do that. Installation ============ Unix/Linux ---------- * Install this module by opening command line and typing `cpan Net::Eboks` (with `sudo` if needed) Windows ------- * You'll need `perl`. Go to [strawberry perl](http://strawberryperl.com/) and fetch one. * Install this module by opening command line and typing `cpan Net::Eboks` * Open command line and run `eboks-install-win32` that will fire up a browser-based install wizard. Click "Install", then login witn eBoks password and MitID. * Set up your favourite desktop mail reader so it connects to a POP3 server running on server localhost, port 8110. Username and password are your CPR# and eBoks mobile password. * Optionally, if you want to forward the mails, you can choose from numerous programs that can forward mails from a POP3 server to another mail account [(list of examples)](https://blogs.technet.microsoft.com/brucecowper/2005/03/18/pop-connectors-pullers-for-exchange/). If you use Outlook it [can do that too](https://www.laptopmag.com/articles/how-to-set-up-auto-forwarding-in-outlook-2013). Upgrading --------- * Windows: run `eboks-install-win32` and stop the server in the browser-based setup. Quit the setup. * Install the dev version from github. Download/clone the repo, then run ``` perl Makefile.PL make make install ``` (or `sudo make install`, depending); `gmake` instead of `make` for Windows. * Windows: run `eboks-install-win32` and start the server in the browser-based setup. Quit the setup. * Linux: restart `eboks2pop` using your system tools. Upgrading from NemID to MitID ----------------------------- Versions v0.08 and before used NemID authentication, which is deprecated now and doesn't work anymore. You don't need to do another round of MitID authentication, as the hardcoded RSA keypair can still be reused. One-time MitID authentication ----------------------------- For each user, you will need to go through the initial authentication, once. `eboks-auth-mitid` will start a small webserver on `http://localhost:9999/`, where you will need to connect to with a browser. There, it will ask for your password (from e-boks Menu/Mobiladgang) and will try to show a standard MitID window. You will need to confirm the login with your MitID app. If that works, the script will register the pseudo device Net-Eboks for future logins (you would see the device entry in Menu/Mobiladgang/Aktiverede enheder; you can also disable it from there). **Important**: The authentication step proxies some requests and that doesn't go well with the [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) policy. That's why if you try to start the authentication in a normal browser window, you will not be able to see the MitID login window, but get an error instead. To sidestep that, the authentication must be done with some browser security settings lowered. You may want to use a standalone instance of a browser so it doesn't mess with your main security settings. * Chrome on Windows: create a folder f.ex `C:\chrome.nosec` and run `"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\chrome.nosec"` (also see `examples/chrome.bat`) * Chrome on Linux: basically same, `mkdir /tmp/chrome` and `chrome --disable-web-security --user-data-dir=/tmp/chrome` * Firefox: apparently it cannot do this, but some extentions claim that they can (simple-modify-headers etc). I didn't succeed to setup a single one so if you know how to hack Firefox to add `Access-Control-Allow-Origin: *` to all responses, kindly ping me back. * Other browsers: I didn't care but again patches to this text are welcome. **Security note**: *No data is stored on the computer in the process, the only record is stored on the eBoks server itself*. The authentication step should be done only once per user, not per installation. after the registration you can access eBoks from any server that has this module installed. Operations ========== Download your mails as a mailbox -------------------------------- Note: You probably don't need it, this script is mostly for testing that the access works. On command line, type `eboks-dump`, enter your passwords, and wait until it downloads all into eboks.mbox. Use your favourite mail agent to read it. Use eboks.dk as a POP3 server ----------------------------- You may want this setup if you don't have a dedicated server, or don't want to spam your mail by eBoks. You can run everything on a single desktop. 1) On command line, type `eboks2pop`. On windows, this is done autmatically and is not needed if you performed installation using the `eboks-install-win32` script. 2) Connect your mail client to POP3 server at localhost, where username is your CPR code such as f.ex: 0123456-7890 and password is your mobile password. Use on mail server ------------------ This is the setup I use on my own remote server, where I connect to using email clients to read my mail. 1) Create a startup script, f.ex. for FreeBSD see `example/eboks2pop.freebsd`, and for Debian/Ubuntu see `examples/eboks2pop.debian` 2) Install *procmail* and *fetchmail*. Look into `example/procmailrc.local` and and `examples/fetchmail` (the latter needs to have permissions 0600). 3) Add a cron job f.ex. ` 2 2 * * * /usr/local/bin/fetchmail > /dev/null 2>&1` to fetch mails once a day. Only new mails will be fetched. This will also work for more than one user. Automated forwarding -------------------- You might want just to forward your eBoks messages to your mail address. The setup is basically same as in previous section, but see `examples/procmailrc.forward.simple` instead. The problem you might encounter is that the module generates mails as originated from `noreply@e-boks.dk` and f.ex. Gmail won't accept that due to [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework). You can change that *From:* address to another by setting the environment variable `MAILFROM`. Alternatively, see if rewriting the sender as in `examples/procmail.forward.srs` helps. Read the associated eBoks shares -------------------------------- If you have associated mailboxes, that companies open for you, you can access them in two ways. 1) Download them all, by using CPR in a form of 123456-7890:\* . The module will interpret all shared folders as one huge inbox. For the ease of filtering there is a mail header `X-Net-Eboks-Shareid` that contains numeric identifier of the shared folder. 2) Download each of them separately, by using CPR in a form of 123456-7890:SHAREID where `SHAREID` is a numeric identifier of the shared folder. Get it by running `eboks-dump -l`. In both cases the password, authentication etc is the same as if you use only your private eBoks. Enjoy!