Hi,
It seems its a bug in vpopmail for quota more than 2GB. While googling, I
found that quota should not be set more than 2GB. Is this issue addressed
in latest QMT?
Vulnerable Systems:
* Vpopmail version 5.50
* QmailAdmin version 1.2.12
There are several functions/files to fix in vpopmail and qmailadmin:
* vpopmail-5.5.0: quota.c, function quota_percent
* vpopmail-5.5.0: vuserinfo.c, function display_user
* qmailadmin-1.2.12: function quota_to_megabytes
* qmailadmin-1.2.12: function maildirquota.c, wrapreaduserquota,
readdomainquota, readuserquota
Proof of Concept:
Just try to set more than 2GB quota to a user ("./vsetuserquota
u...@domain $((3*1024*1024*1024))") and see with ("./vuserinfo
u...@domain") that the user's quota usage is always 100%, or with
qmailadmin the quota never grows, gets stalled at 2048 MB. Put more than 2
GB of data in a mailbox and see that the quota overflows, i.e. -1114.49 /
unlimited.
Patch Availability:
There are no official patches yet, all the sysadmins that use
vpopmail/qmailadmin should be aware of this because vendor has given no
date to release a new version or patch.
To fix that, no "int" neither "long" neither "off_t" should be used, using
a "long long int" the problem is just fixed until the near future. Also,
casting is not a solution when the variable was already overflowed as in
newest version (vpopmail 5.5.0: maildirquota.c line 294).
Disclosure Timeline:
* 20/Apr/2009: Vendor is first notified.
* 20/Apr/2009: Vendor responds that issues was fixed in 5.5 branch.
* 23/Apr/2009: Vendor is notified again that the problem was not fixed.
* 23/Apr/2009: Vendor responds that there is no qmailadmin version
compatible with 5.5 branch yet.
* 29/Apr/2009: Vendor is asked when they are planning to release patch or
new version and no response was received.
* 8/May/2009: Public Disclosure of the vulnerability.
With Regards
Nabin Limbu
Chief Technical Officer
Himal Technologies Pvt. Ltd.
-----Original Message-----
From: "Nabin Limbu" <[email protected]>
To: [email protected]
Date: Thu, 30 Sep 2010 18:39:52 +0545
Subject: [qmailtoaster] message bouncing with quota error without quota
full
> Hi all,
> I am using qmail-toaster-1.03-1.3.20 in centos 5.4 since few years back
> without any issue.
>
> Suddenly, I'm getting mail bouncing message stating "user is over
> quota"
> only for some users in a domain. Amazingly, their quota is not 5%
> utilized
> also. (around 7MB in 4 GB)
>
> # more maildirsize
> 4244635648S
> 7689245 83
>
> When I tried to increase quota to 4 GB via qmailadmin web interface, I
> see
> it updated to 4GB both inside Maildir/maildirsize of user and also
> inside
> vpopmail mysql database, but, I still see old quota when seen from
> qmailadmin.
>
> Could you pls help me to troubleshoot the issue.
>
>
> Bounced message:
>
> Hi. This is the qmail-send program at mail1.domain.com.
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[email protected]>:
> user is over quota
>
>
>
> -----------------------------------------------------------------------
> ----------
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
> Vickers Consulting Group offers Qmailtoaster support and
> installations.
> If you need professional help with your setup, contact them
> today!
> -----------------------------------------------------------------------
> ----------
> Please visit qmailtoaster.com for the latest news, updates, and
> packages.
>
> To unsubscribe, e-mail:
> [email protected]
> For additional commands, e-mail:
> [email protected]
>
>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
