diff --git a/webapp/controller/MailController.class.php b/webapp/controller/MailController.class.php
index df06b363..c3b11c77 100644
--- a/webapp/controller/MailController.class.php
+++ b/webapp/controller/MailController.class.php
@@ -17,57 +17,41 @@ class MailController extends BaseAuthedController {
         $this->awardService = new services\AwardService();
     }
 
-    public function getAttachment()
+    public function getAttachmentCb()
     {
-        $mailIds = getReqVal('mail_ids', '');
+        $timestamp = getReqVal('timestamp', '');
+        $signStr = getReqVal('sign', '');
+        $data = file_get_contents('php://input');
+        $dataJson = json_decode($data, true);
 
-        $response = '';
-        {
-            $params = array(
-                'c' => 'Mail',
-                'a' => 'getAttachment',
-                'account_id' => myself()->_getAccountId(),
-                'session_id' => myself()->_getSessionId(),
-                'mail_ids' => $mailIds
-            );
+        $localSignStr = md5($data . MAIL_KEY . $timestamp);
+        if ($localSignStr != $signStr) {
+            myself()->_rspErr(500,  'server internal error 3, url:');
+            return;
+        }
+        if (empty($dataJson)) {
+            myself()->_rspErr(500,  'server internal error 4, url:');
+            return;
+        }
+        if ($dataJson['account_id'] != myself()->_getAccountId()) {
+            myself()->_rspErr(500,  'server internal error 2, url:');
+            return;
+        }
 
-            $url = self::getMailServerUrl();
-            if (!phpcommon\HttpClient::get
-                ($url,
-                 $params,
-                 $response)) {
-                myself()->_rspErr(500,  'server internal error 3, url:' . $url);
-                die();
-                return;
-            }
-        }
-        error_log($mailIds);
-        error_log($response);
-        error_log($url);
-        $rspObj = json_decode($response, true);
-        if ($rspObj && $rspObj['errcode'] == 0) {
-            $this->procAttachments($rspObj['attachments']);
-            $rspObj['award'] = $this->awardService->toDto();
-            $rspObj['property_chg'] = $this->propertyChgService->toDto();
-        }
-        echo json_encode($rspObj);
+        $this->procAttachments($dataJson);
+        myself()->_rspData(array(
+            'award' => $this->awardService->toDto(),
+            'property_chg' => $this->propertyChgService->toDto()
+        ));
     }
 
-    private function procAttachments($attachments)
+    private function procAttachments($dataJson)
     {
-        $mailHash = array();
-        {
-            foreach ($attachments as $item) {
-                if (!array_key_exists($item['mailid'], $mailHash)) {
-                    $mailHash[$item['mailid']] = array();
-                }
-                array_push($mailHash[$item['mailid']], $item);
-            }
-        }
-        foreach ($mailHash as $key => $val) {
-            $mailId = $key;
+        $mailHash = $dataJson['mails'];
+        foreach ($mailHash as $val) {
+            $mailId = $val['mailid'];
             $items = array();
-            foreach ($val as $item) {
+            foreach ($val['attachments'] as $item) {
                 array_push($items, array(
                     'item_id' => $item['itemid'],
                     'item_num' => $item['itemnum'],
@@ -116,9 +100,4 @@ class MailController extends BaseAuthedController {
         }
     }
 
-    private static function getMailServerUrl()
-    {
-        return MAIL_URL;
-    }
-
 }