[mailzu-ng] starter

[gnanet]

Starting the complete rewrite of mailzu libs and classes

• refactor code to support PHP7.4+ (using rectorphp/rector)
• refactor code to support up to PHP7.3 (using rectorphp/rector) to maintain backward compatibility
• class-dependencies cleanup, no more cross-including Class-dependencies cleanup #14
• PDO-based DBEngine + DBAuth classes - Rewrite database to use PHP PDO #11
• optimization of SQL-queries if possible
• replace Mail_mimeDecode with the mailparse extension - Rewrite to move away from PEAR packages - Mail_mimeDecode #10
• resolve possible security issues caused by deprecated library-inclusuions Update PHPMailer #13
• investigate the option to show original images of quarantined mail

new goals may be added later

[rbicelli]

Why not use a framework supported by Rector? i.e. Laravel or CodeIgniter?

[gnanet]

@rbicelli what we have is a bunch of code, thrown together, far from ideal, or from structured classes etc. Without the initial code being a framework, Rector cannot do much in that direction.

[rbicelli]

Was asking because looking in sources looks like majority of libraries are now integrated in framework:

• SMTP
• IMAP
• LDAP
  I understand that a rewrite takes much effort, but to me it worth investigating since codebase is not as huge.

[gnanet]

Recreate this from ground up, that is a thing for someone with daily routine, and knowledge in developing PHP and a choosen framework. I am only a sysadmin, who is able to hack some code, change nuts-and-bolts, but my abilities mostly end there, and in the end it's a one-man-show on a project that is not developed by the original author for 8years already.

I also see a lot of parts where improvement is essentiel, but the "core" goal is to allow users to interact with the SQL-based quarantine of amavis, and around that there are authentication, and access control.

I suggest, lets get the core functionality up-to-date, and any functions around the core: i am open for discussion.

[SoniXtrA]

hi,

I just installed and configured the last mailzu-mailzu-ng-php72
I did composer install in the project root

`composer install
Loading composer repositories with package information
Warning from https://repo.packagist.org: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Updating dependencies (including require-dev)
Package operations: 1 install, 0 updates, 0 removals

• Installing phpmailer/phpmailer (v6.5.1): Downloading (100%)
  phpmailer/phpmailer suggests installing hayageek/oauth2-yahoo (Needed for Yahoo XOAUTH2 authentication)
  phpmailer/phpmailer suggests installing league/oauth2-google (Needed for Google XOAUTH2 authentication)
  phpmailer/phpmailer suggests installing psr/log (For optional PSR-3 debug logging)
  phpmailer/phpmailer suggests installing stevenmaguire/oauth2-microsoft (Needed for Microsoft XOAUTH2 authentication)
  phpmailer/phpmailer suggests installing symfony/polyfill-mbstring (To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2))
  Writing lock file
  Generating autoload files`

after I tried to access new mailzu and everything seems to be ok.
No error in apache, no error in mailzu.log

To be clear :) I don't see any differences with the previous version 👍

[gnanet]

@SoniXtrA
I would say, great that you dont see much difference.

Anyway important changes under-the-hood were:

• the latest and secure phpmailer gets loaded, rather than the old and insecure copy, used in the past
• the classes are loaded on demand by the generated autoloader
• i found some problems with the mime parsing, and attachments to quarantined messages were not displayed, now they should show up, if there are any

thank you for the feedback

[SoniXtrA]

Just for information, a thing which has been enhanced :
=> On the screen where I see quarantined emails, before I got some subjects in the list which they were not clickable !
=> Now all emails are clickable and I can enter in every emails.

Other thing, when I want to see headers, everything is correctly displayed and well readable. So it's cool 👍

And the last :) when enter in a quarantined email, all images of the email are displayed as :

=> it could be useful to give the ability to activate (or not) the display of images ... 👍

[gnanet]

I will have to look into it. But the solution was intended to block misleading images, that may compromise your system, for example by opening up unknown xss attack vectors, or leak info by loading remote images. So this has to be implemented with care, if ever.

[gnanet]

I was assuming rectorphp had some bugs with the class property typing, seems i was right, so the 7.4 code-rewrite needs a new run using:
https://github.com/rectorphp/rector/releases/tag/0.12.2

[gnanet]

@SoniXtrA

=> it could be useful to give the ability to activate (or not) the display of images ...

I'm on it, the current status of my tests:

• The option to show remote loadable (src=URL) images: works
• The option to show inline/inline-attached (src=cid: .... ) images: works (edit: could not resist to finish it )

I have to make my testing code clean, and i will push the update soon

[gnanet]

@SoniXtrA just pushed the changes for optional load images (remote + cid-embedded) have a look at it

[SoniXtrA]

@SoniXtrA just pushed the changes for optional load images (remote + cid-embedded) have a look at it

Hi :p,

Great Job !!!
Tested and validated... It's just perfect !
Everything seems to work perfectly and seems to be faster than before...
Wow ! => Thanks for everything :)