This is perl interface for http://eboks.dk/, Danish national email system.
Included a simple POP server for proxying e-boks for read-only mail access and a simple downloader.
You shall need your CPR# and password. You can get the password from the e-Boks website. For the POP3 login, the username is be your CPR code, such as f.ex: 0123456-7890. The password is your mobile pincode.
The module need to be authenticated using MitID as all other clients to the danish services. The only difference is that this module is not an official client, (I'd love to make it official but I guess that costs an arm and a leg, plus bureaucratic hassles, so this is not planned so far). You would need to run the authentication (see below) where you would provide your Eboks password and confirm the Eboks login using your MitID app. After this is done, the module stores the RSA public key on the eboks server, and this is the same hardcoded public key used for all accesses. You may supply your own RSA keypair by generating it yourself and inserting it in the code.
After the public key is uploaded, the module can login and fetch mails using the public key authentication. It would still need to ask for your CPR and Eboks password though. You most probably want to either read these mails on the same machine that fetches them, or forward them to your email. See below how to do that.
- Install this module by opening command line and typing
cpan Net::Eboks
(withsudo
if needed)
-
You'll need
perl
. Go to strawberry perl and fetch one. -
Install this module by opening command line and typing
cpan Net::Eboks
-
Open command line and run
eboks-install-win32
that will fire up a browser-based install wizard. Click "Install", then login witn eBoks password and MitID.
-
Set up your favourite desktop mail reader so it connects to a POP3 server running on server localhost, port 8110. Username and password are your CPR# and eBoks mobile password.
-
Optionally, if you want to forward the mails, you can choose from numerous programs that can forward mails from a POP3 server to another mail account (list of examples). If you use Outlook it can do that too.
-
Windows: run
eboks-install-win32
and stop the server in the browser-based setup. Quit the setup. -
Install the dev version from github. Download/clone the repo, then run
perl Makefile.PL
make
make install
(or sudo make install
, depending); gmake
instead of make
for Windows.
-
Windows: run
eboks-install-win32
and start the server in the browser-based setup. Quit the setup. -
Linux: restart
eboks2pop
using your system tools.
Versions v0.08 and before used NemID authentication, which is deprecated now and doesn't work anymore. You don't need to do another round of MitID authentication, as the hardcoded RSA keypair can still be reused.
For each user, you will need to go through the initial authentication, once.
eboks-auth-mitid
will start a small webserver on http://localhost:9999/
,
where you will need to connect to with a browser. There, it will ask for your
password (from e-boks Menu/Mobiladgang) and will try to show a standard MitID
window. You will need to confirm the login with your MitID app. If that works,
the script will register the pseudo device Net-Eboks for future logins (you
would see the device entry in Menu/Mobiladgang/Aktiverede enheder; you can also
disable it from there).
Important: The authentication step proxies some requests and that doesn't go well with the CORS policy. That's why if you try to start the authentication in a normal browser window, you will not be able to see the MitID login window, but get an error instead.
To sidestep that, the authentication must be done with some browser security settings lowered. You may want to use a standalone instance of a browser so it doesn't mess with your main security settings.
-
Chrome on Windows: create a folder f.ex
C:\chrome.nosec
and run"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\chrome.nosec"
(also seeexamples/chrome.bat
) -
Chrome on Linux: basically same,
mkdir /tmp/chrome
andchrome --disable-web-security --user-data-dir=/tmp/chrome
-
Firefox: apparently it cannot do this, but some extentions claim that they can (simple-modify-headers etc). I didn't succeed to setup a single one so if you know how to hack Firefox to add
Access-Control-Allow-Origin: *
to all responses, kindly ping me back. -
Other browsers: I didn't care but again patches to this text are welcome.
Security note: No data is stored on the computer in the process, the only record is stored on the eBoks server itself.
The authentication step should be done only once per user, not per installation. after the registration you can access eBoks from any server that has this module installed.
Note: You probably don't need it, this script is mostly for testing that the access works.
On command line, type eboks-dump
, enter your passwords, and wait until it downloads
all into eboks.mbox. Use your favourite mail agent to read it.
You may want this setup if you don't have a dedicated server, or don't want to spam your mail by eBoks. You can run everything on a single desktop.
-
On command line, type
eboks2pop
. On windows, this is done autmatically and is not needed if you performed installation using theeboks-install-win32
script. -
Connect your mail client to POP3 server at localhost, where username is your CPR code such as f.ex: 0123456-7890 and password is your mobile password.
This is the setup I use on my own remote server, where I connect to using email clients to read my mail.
-
Create a startup script, f.ex. for FreeBSD see
example/eboks2pop.freebsd
, and for systemd-based unices seeexamples/eboks2pop.service
-
Install procmail and fetchmail. Look into
example/procmailrc.local
and andexamples/fetchmail
(the latter needs to have permissions 0600). -
Add a cron job f.ex.
2 2 * * * /usr/local/bin/fetchmail > /dev/null 2>&1
to fetch mails once a day. Only new mails will be fetched. This will also work for more than one user.
You might want just to forward your eBoks messages to your mail address. The
setup is basically same as in previous section, but see
examples/procmailrc.forward.simple
instead.
The problem you might encounter is that the module generates mails as
originated from [email protected]
and f.ex. Gmail won't accept that due to
SPF. You can change
that From: address to another by setting the environment variable MAILFROM
.
Alternatively, see if rewriting the sender as in
examples/procmail.forward.srs
helps.
If you have associated mailboxes, that companies open for you, you can access them in two ways.
-
Download them all, by using CPR in a form of 123456-7890:* . The module will interpret all shared folders as one huge inbox. For the ease of filtering there is a mail header
X-Net-Eboks-Shareid
that contains numeric identifier of the shared folder. -
Download each of them separately, by using CPR in a form of 123456-7890:SHAREID where
SHAREID
is a numeric identifier of the shared folder. Get it by runningeboks-dump -l
.
In both cases the password, authentication etc is the same as if you use only your private eBoks.
Enjoy!