Decrypt and access messages in the MailStore Gateway mailbox via curl
MailStore Gateway includes a POP3 server as part of its proxy functionality. This feature allows access to messages in the mailbox, enabling you to inspect messages directly using a tool like curl. This is useful as it allows you to access decrypted messages.
You will need the mailbox’s name and password. As the password is part of the message decryption process, it is not possible to access the mailbox or messages contained within without the password. Additionally, be aware that a password reset is not possible while the mailbox contains messages.
In order to access a message, you first need to get the message number from the message list, so we will start by connecting to the POP3 server and requesting the message list.
Use the following curl command:
curl --ssl-reqd --insecure pop3://msgw.example.com/ -u "mbx-2a20342e96294505a35eb5c8364eb67c"
The response will look like this:
1 91471
Now try doing a UIDL request as well:
curl --ssl-reqd --insecure --request UIDL pop3://msgw.example.com/ -u "mbx-2a20342e96294505a35eb5c8364eb67c"
The response will look like this:
1 f558587b-b6d6-490d-b21e-eaf02172131a
In both cases above, there is a single message in the mailbox, the size is 91471 bytes and UIDL is f558587b-b6d6-490d-b21e-eaf02172131a.
In the POP3 protocol messages are always numbered starting at 1, and message numbers may change between sessions. While the POP3 protocol does not specify how to generate UIDLs it does require that the UIDL is consistent. MailStore Gateway uses the filename on disk as the UIDL making it possible to identify the message in the filesystem.
Once you have the message number, you can download it by adding the message number to the URI:
curl --ssl-reqd --insecure pop3://msgw.example.com/1 -u "mbx-2a20342e96294505a35eb5c8364eb67c"
Technically the message numbers can change from session to session, so if there are new messages coming in and/or messages being deleted you might need to try a few times, and you should verify using the Date header or Received headers of the message to make sure it matches.
Normally in POP3 you would pull the list of messages and then retrieve the message in the same session (numbers are consistent within a session but are allowed to change between sessions) but curl doesn’t support this, so you will need to do it in two steps.
Modern versions of Windows have curl built in, as well as nearly any Linux environment (including WSL) so it is quick and easy to get going, and by default it leaves messages on the server whereas most other POP3 clients default to deleting messages after they’re accessed.
MailStore Gateway’s passwords are generated randomly and include punctuation, so it is easiest to paste it into curl each time. As an example, a password may include punctuation such as qn5x(/.B9M~PsZA92f]VYbIG\q{!1^[8 which would require an understanding of shell escape sequences to enter safely.