* DONE Email::Valid does not accept UTF-8 emails adresses (e.g., peace@☮.net).
LDAP doesn't allow UTF-8 in the DNs anyway, so maybe convert the
domains/emails to Punycode internally?

* DONE Better check for existing lists (commands).
- When adding a new alias/mailbox 'test', check for existing alias/mailbox 'test', and list 'test'.
- When adding a new alias/mailbox 'test-request', check for existing alias/mailbox 'test-request', list 'test-request' *and* list 'test'. (The same for other list commands.)
- When adding a new list 'test', check for existing alias/mailbox/list 'test', 'test-request',...
- (Lists of the form 'test-request' are forbidden);

* CANCELED Check for cycles when creating new aliases?
CLOSED: [2012-09-29 Thu 16:12]
- CLOSING NOTE [2012-09-29 Thu 16:12] \\
1/ It is impossible to do it properly since the authenticated user may not have full read access on the graph.
2/ Cycles may also be created by catch-alls or mailbox forwarding, or even externally with another server.
3/ Postfix warns the administrator with a
"unreasonable virtual_alias_maps map nesting for test-loop1@fripost.org"
in the logs if there's a loop in the alias resolution.

* DONE Write a script to check every runmode against the W3 validator.
(Cf. cgiapp_postrun);

* DONE Use FastCGI. References
- http://www.cgi-app.org/index.cgi?FastCGI
- http://stackoverflow.com/questions/11771564/nginx-fastcgi-configuration-for-cgiapplication-app

* TODO Use HTML::Template::Pro. Not sure it's really worth it, though.

* DONE Escape reserved characters in URLs:
http://mark.stosberg.com/blog/2010/12/percent-encoding-uris-in-perl.html

* CANCELED How should we encode the URL for internationalized domain names? Punicode vs. unicode vs. HTML entities?
CLOSED: [2012-09-27 Thu 00:03]
- CLOSING NOTE [2012-09-27 Thu 00:03] \\
It's up to the browser (Firefox supports unicode in URLs).

* CANCELED Forbid UTF8 in the domain part of lists? (Test if the list
managers support it at least.)
CLOSED: [2012-09-27 Thu 03:38]
- CLOSING NOTE [2012-09-27 Thu 03:38] \\
Mailman and Schleuder do not support IDNs, but we convert the list name
into punicode first.

* DONE Give the right for domain postmasters to grant the right
to create aliases and lists.

* TODO Give the right to appoint co owners (for list and aliases).

* TODO Make every service use Kerberos, and remove the passphrase on
their GPG private keys.

* DONE Check list names against mailman's and schleuder's regexps?

* DONE What to do when a list creation fails? Set up a new service
to clean out the pending lists and domains if they have not been fixed
within 24h (daemon).
- CLOSING NOTE [2013-01-22 Thu 01:53] \\

* TODO Automatically generated passwords.

* TODO check if amavis{WhiteBlack}listSender supports catchall @example.org

* TODO Improve the CSS. Examples
    http://www.qubesys.com/25-css-form-templates-and-input-styles/
    https://github.com/pmcelhaney/semantic-form.css/blob/master/semantic-form.css
    http://designshack.net/articles/10-css-form-examples/
    http://www.codeproject.com/Tips/170049/Pure-HTML-5-CSS-3-Modal-Dialog-Box-no-JavaScript
    http://www.examiner.com/article/html5-best-practices-table-formatting-via-css3
    http://coding.smashingmagazine.com/2011/09/19/css3-flexible-box-layout-explained/
    http://demo.webtuts.info/popup/
    http://cssbutton.com/forms/
    http://www.urcss.com/design-css-form-submit-button/
    http://css-tricks.com/snippets/css/rounded-corners/
    http://files.christophzillgens.com/form-test.html

  <label>Username</label>
  <input type="text" tabindex="1" class="input" placeholder="Webtuts" required><br><br>
  <label>Password</label>
  <input type="password" class="input" tabindex="2" required><br><br>
  <input type="checkbox" tabindex="3">Keep me logged in
  <input type="submit" id="submitbtn" value="Login" tabindex="4">

  Nicer buttons:
    (darker on hover, depth effect on click)

* TODO Maximum pending entries per user (10).

* TODO Limit what a user can create. Examples
  fripostQuota: what limit [group [address]]
  fripostQuota: list 3 normal @fripost.org    -> users with canCreateList can create at most 3 lists under that domain.
  fripostQuota: alias 15 owner owner@fripost.org    -> this owner can create at most 15 aliases under that domain
  fripostQuota: mailbox 30 postmaster -> the postmaster(s) can create at most 30 mailboxes

* TODO Find a way to grant alias creation to a whole domain except a few
users. (Add new attributes fripostCannotAdd{Domain,Aliases,List}).

* TODO https://en.wikipedia.org/wiki/Tld#Reserved_domains

* TODO Use captions to explain active/pending status and anti-spam
  options.
  http://www.webdesignerdepot.com/2012/10/creating-a-modal-window-with-html5-and-css3/
  http://sixrevisions.com/css/css-only-tooltips/

* TODO Add a a button to allow domains/aliases deletion.

* TODO Redocument the library.

* TODO We need a test-suite for the web application as well. And
  ideally, for the whole library.
  http://search.cpan.org/~hartzell/Test-WWW-Mechanize-CGIApp-0.05/lib/Test/WWW/Mechanize/CGIApp.pm
  http://search.cpan.org/~petdance/Test-WWW-Mechanize-1.44/Mechanize.pm

* TODO Alternative to set user passwords:
  http://search.cpan.org/~marschap/perl-ldap-0.52/lib/Net/LDAP/FAQ.pod#..._in_most_LDAP_servers?
  http://search.cpan.org/~esskar/Crypt-SaltedHash-0.06/lib/Crypt/SaltedHash.pm
  http://search.cpan.org/~zefram/Authen-Passphrase-0.008/lib/Authen/Passphrase.pm
  http://www.openldap.org/faq/data/cache/347.html

  http://www.zytrax.com/books/ldap/ch6/ppolicy.html

* TODO "A DN containing "[" "]" does not expand correctly.", quote from
  http://www.openldap.org/faq/data/cache/1133.html
  Try with an example (e.g., canAddAlias)

* TODO Wildcards (attapt the search method):
   *    => *@*
   xy*  => xy*@*
   *xy  => *@*xy
   x*y  => x*@*y

* TODO: Ensure that the domain and local parts are always lowercase.
  (we're doing a naive DN check)

* TODO: check the list commands with recipient_delimiter (-bounces+*,
-confirm+*), cf https://www.gnu.org/software/mailman/mailman-install.txt

* TODO add options -destination/-forward/-catchall to the search methods
to filter on these values as well.

* TODO bug: new user "very.(),:;<>[]\".VERY.\"very@\\ * \"very\".unusual"@☮.net, upon error
   - check every unusual mail (maildrop, canAdd{list,alias}, alias, user).
   - check injection of code: in forms, upon login (escape forms).

* TODO Close the connection upon error at login and rest. (Maybe with cgiapp_postrun)

* TODO Explore untaint
  http://search.cpan.org/~wonko/HTML-Template-2.94/lib/HTML/Template.pm#Error_Detection_Options
  http://gunther.web66.com/FAQS/taintmode.html
  http://perldoc.perl.org/perlsec.html

* TODO Try to factorize the templates. Maybe with cgiapp_postrun (output_ref)

* TODO Add -welcome options to all add methods, to send welcome mails.

* TODO Hide the SpamAssassin form
  http://dev.opera.com/articles/view/css3-show-and-hide/
  http://www.webdeveloper.com/forum/showthread.php?168061-Hide-Show-div-on-mouseclick-with-CSS-(no-JS)
  http://stackoverflow.com/questions/5593500/html5-and-css3-show-form-hints-on-element-focus

* TODO check selfread access for canAdd{List,Alias} permission
  https://www.rfc-editor.org/rfc/rfc3876.txt

* TODO unlock accounts:
  ldapmodify -Y EXTERNAL -H ldapi:///
    dn: fvl=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev
    changetype: modify
    delete: pwdAccountLockedTime

* TODO template filters
  http://www.perl.com/pub/2006/11/30/html-template-filters.html
  http://comments.gmane.org/gmane.comp.lang.perl.modules.html-template/2004

* TODO domain validation...
  https://en.wikipedia.org/wiki/Certificate_authority