Issue 13446: imaplib, fetch: improper behaviour on read-only selected mailboxes (original) (raw)

I would like to report a misbehaviour on the fetch command of imaplib when used with mailboxes that have been opened as read-only. In such cases, when you fetch a message (using for instance RFC822), the mail is not marked as read (i.e., the flag of the respective message is not set to 'seen'). I have only tested with IMAP over SSL with the server of my organization on which I don't have administration permissions and gmail.

System details

Python: 2.5, 2.6, 2.7.2, 3.0, 3.1, 3.2 Server: Cyrus IMAP4 v2.1.18 and imap.gmail.com

Pseudocode to reproduce the problem:

imap = imaplib.IMAP4_SSL(imap_server) imap.connect(user, pass) imap.select(mailbox, readonly=True) imap.search(None, 'Unseen') imap.fetch(mid, 'RFC822') imap.close() imap.logout()

After executing the above code, the message with id mid will not have been marked as read, while it should have been.

Other relevant information:

Access List for my readonly mailbox: group:1 lrsw group:2 p group:3 lrsp group:4 lrswip group:5 lrswipd group:6 lrswipd group:7 lrsw group:8 lrsw group:9 p group:10 p group:11 lrsp group:12 lrsp group:13 lrswip group:14 lrswip group:15 lrswipd group:16 lrswipd group:17 lrswipd group:18 lrswipd

I have to mention that the above access list is the same with the one of another mailbox which is read/write. I mention this just to make clear that the access list does not play any role in this problem.

Hope I haven't forgotten anything. In any case, ask me.

Hi, actually I must have found the real culprit. And this is that imaplib does not include a function for the "EXAMINE" command. What it does is that when a user selects a mailbox as readonly, it executes an EXAMINE command instead of a SELEECT command, which is wrong according to RFC2060 (http://james.apache.org/server/rfclist/imap4/rfc2060.txt) that explicitly states the following:

"Read-only access through SELECT differs from the EXAMINE command in that certain read-only mailboxes MAY permit the change of permanent state on a per-user (as opposed to global) basis. Netnews messages marked in a server-based .newsrc file are an example of such per-user permanent state that can be modified with read-only mailboxes."

As a consequence of the above text, if a mailbox has been selected with the EXAMINE command, fetching a mail does not make the mail as read, which would be done if the mailbox had been selected with the SELECT command even in the case the mailbox had read-only permissions.

A quick patch for imaplib is to have it not raising any exceptions when checking the READ-ONLY state. In this way, one can open a read-only mailbox using the SELECT command as follows:

imap.select(mailbox)

Preventing imaplib from raising exceptions when using the above command with read-only mailboxes, it allows someone to fetch a message and then marked it as seen. After all, the exceptions are of no use, because the IMAP server is responsible for making security checks and not the client.

To have imaplib be compliant with RFC2060, I propose including an examine function which would be like select. Pure and simply.

I attach a patch for imaplib 2.58 (Python 2.6.2) which "solves" this misbehavior by not raising exceptions for READ-ONLY mailboxes when having opened them without "readonly=True".

What are your opinions on this?