[imp] May be our horde installation was used for spam
Hi, since saturday we got about 40 reports from spamcom.net and other mailserver providers, that 'we' are sending or are used for sending spam. The MX is 193.196.129.3 So far I received about 7.000 returned mail bounces from our system and all reported messages do have User-Agent: Internet Messaging Program (IMP) H3 (4.3.9) in the mailheader. Or something like Received: from switchde.switchvpn.com (switchde.switchvpn.com [178.162.182.142]) by mail.filmakademie.de (Horde Framework) with HTTP; Our mailserver is a Red Hat EL 5.x server with sendmail 8.13.8, apache httpd 2.2.3, php 5.2.11, mysql 5.0.77 and latest horde webmailedition. My questions: What is the best way to find the leak? What may I configure in horde/imp/apache/php ... to make it harder to be compromised? This is the first time in 10 years ... so far our setup was not that bad. Thanks a lot and best regards hor any hint! Götz Reinicke -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Citeren Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de: My questions: What is the best way to find the leak? What may I configure in horde/imp/apache/php ... to make it harder to be compromised? If you're using SMTP AUTH for sending mail, the mailserver might have logged the userid that has been used to send these messages. This is the first time in 10 years ... so far our setup was not that bad. Consider the possibility that this isn't a bug in Horde, but that one of your user accounts has been compromised. There is virtually nothing you as an administrator can do to prevent that users are careless with their credentials. The only thing you can do to limit the impact, is to setup quotas on the number of messages a user can sent per hour/day/week. Since you have received over 7000 bounces, chances are that you don't use this right now (which is highly recommended). Best regards, Arjen -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
How may I limit the number of messages a user may send? :-) for example google 'policyd' -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Am 23.05.11 10:30, schrieb azurIt: How may I limit the number of messages a user may send? :-) for example google 'policyd' not for sendmail as far as I know. /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
uuhm, sendmail users still exists ? ;) __ Od: Götz Reinicke - IT-Koordinator Komu: imp@lists.horde.org Dátum: 23.05.2011 10:36 Predmet: Re: [imp] May be our horde installation was used for spam Am 23.05.11 10:30, schrieb azurIt: How may I limit the number of messages a user may send? :-) for example google 'policyd' not for sendmail as far as I know. /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] show receipts in horde
Hi, Thanks everyone, your answers helped me a lot. I activated the maillog and the message appears, but still without confirmation to the sender. Can you keep helping me? Regards El 19 de mayo de 2011 18:28, Miguel Ángel García Jiménez mangel.garci...@gmail.com escribió: Hi, Thanks for the answers, but in my prefs.php I have this part of code : $_prefs['disposition_send_mdn'] = array( 'value' = 0, 'locked' = false, 'shared' = false, 'type' = 'checkbox', 'desc' = _(Send read receipt when requested by the sender?), 'help' = 'prefs-disposition_send_mdn' ); But it doesnt work, Do you know if something's wrong? Thats this code enable this preference in viewing options? Regards l 19 de mayo de 2011 17:15, Miguel Ángel García Jiménez mangel.garci...@gmail.com escribió: Hi, When you send an email from MUA (like thunderbird, Outlook, etc) with return receipt requested and tath email is open in Horde not show alerts or messages tath tell you received a read receipt. Tell me If you need more information about config files Regards -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Am 20:59, schrieb Götz Reinicke - IT-Koordinator: Hi, since saturday we got about 40 reports from spamcom.net and other mailserver providers, that 'we' are sending or are used for sending spam. The MX is 193.196.129.3 It's not widely listed at http://multirbl.valli.org/dnsbl-lookup/193.196.129.3.html so you should check in the MTA logfile if indeed this machine is sending out spam. So far I received about 7.000 returned mail bounces from our system and all reported messages do have User-Agent: Internet Messaging Program (IMP) H3 (4.3.9) in the mailheader. Or something like Received: from switchde.switchvpn.com (switchde.switchvpn.com [178.162.182.142]) by mail.filmakademie.de (Horde Framework) with HTTP; As said, first check if you are really the origin. Headers are easily spoofed. Our mailserver is a Red Hat EL 5.x server with sendmail 8.13.8, apache httpd 2.2.3, php 5.2.11, mysql 5.0.77 and latest horde webmailedition. My questions: What is the best way to find the leak? What may I configure in horde/imp/apache/php ... to make it harder to be compromised? This is the first time in 10 years ... so far our setup was not that bad. Horde/IMP per se is beside some long ago fixed bugs not usable to send Spam by default. You have to find out if some user-account is hacked or if some other web accessible scripts are abused. Beside this there is some hardening which can be done to lower the impact if a user account is phished: - Disable the user preference for setting the sender address - Use maillog and the rate-limits built into Horde - Use secure access to the Webmail server with https at least for mobile users Regards Andreas -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
[imp] strange problems with imp ver 5.0.3
Hi, I have two problems with the new version of imp: 1) When I select some messages to delete themand then I press the delete button imp shows me them all correctly set as deleted with a line above the message, but when I click on remove deleted messages not removed them from the folder view. If I go to another screen of imp or horde, and then returned to the Inbox messages the deleted messageshave successfully gone. 2) When I reply to an email, with some senders that happens over email sender in the To: field is also set my email so I get a copy of the email. The strange thing is that does not happen with all email, and it happens with all email accounts on the server. By Obe. -- Oberdan Albertoni --- DIGICOLOR.NET s.r.l. Via Ala Ponzone, 30 - 26100 CREMONA (CR) Tel. +39 (0372) 30669 - 1965101 - 1951509 Fax +39 (0372) 464840 E-mail i...@digicolor.net - Website http://www.digicolor.net C.F / P.IVA 01227520192 - R.E.A. CR n. 153382 - Capitale Sociale € 10.400 i.v. Filiale di Codogno Via Galilei, 17 – 26845 CODOGNO (LO) Tel. +39 (0377) 741006 – 431931 Fax +39 (0372) 464840 E-mail info.codo...@digicolor.net - Website http://www.digicolor.net --- Ai sensi del D.lgs n.196 del 30.06.03 (Codice Privacy) si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie This message, for the D.lgs n.196 / 30.06.03 (Privacy Code), may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. --- -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] strange problems with imp ver 5.0.3
2) When I reply to an email, with some senders that happens over email sender in the To: field is also set my email so I get a copy of the email. The strange thing is that does not happen with all email, and it happens with all email accounts on the server. Add all of your aliasses into Preferences - Personal info - Your alias addresses azur -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] strange problems with imp ver 5.0.3
Sorry, not 'From' header but 'To' header. __ Od: azurIt Komu: Dátum: 23.05.2011 12:19 Predmet: Re: [imp] strange problems with imp ver 5.0.3 This happens when you receive e-mail to address which is not your main address (the one you used for logging into the Horde/IMP) AND which is not added into your aliasses. Just look at the 'From' header of such e-mails. __ Od: o...@digicolor.net Komu: imp@lists.horde.org Dátum: 23.05.2011 12:15 Predmet: Re: [imp] strange problems with imp ver 5.0.3 I do not understand what you mean with my aliases, the email that my customers use do not have aliases. The problem also happens when I reply to the email addresses of other Internet Service Provider. Tank you for your reply. Il 23/05/2011 12:04, azurIt ha scritto: 2) When I reply to an email, with some senders that happens over email sender in the To: field is also set my email so I get a copy of the email. The strange thing is that does not happen with all email, and it happens with all email accounts on the server. Add all of your aliasses into Preferences - Personal info - Your alias addresses azur -- Oberdan Albertoni --- DIGICOLOR.NET s.r.l. Via Ala Ponzone, 30 - 26100 CREMONA (CR) Tel. +39 (0372) 30669 - 1965101 - 1951509 Fax +39 (0372) 464840 E-mail i...@digicolor.net - Website http://www.digicolor.net C.F / P.IVA 01227520192 - R.E.A. CR n. 153382 - Capitale Sociale € 10.400 i.v. Filiale di Codogno Via Galilei, 17 – 26845 CODOGNO (LO) Tel. +39 (0377) 741006 – 431931 Fax +39 (0372) 464840 E-mail info.codo...@digicolor.net - Website http://www.digicolor.net --- Ai sensi del D.lgs n.196 del 30.06.03 (Codice Privacy) si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie This message, for the D.lgs n.196 / 30.06.03 (Privacy Code), may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. --- -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] db migration and sorting
Zitat von Janis Eisaks j...@ktf.rtu.lv: Hi! two remaining questions: 1. how can i migrate user's data (adress books, identities, tasks, filters etc) from webmail 1.2.9 to Horde4; http://www.horde.org/apps/horde/docs/UPGRADING 2. what can be done to display folder list in alphabetical order for selected language - for example letter č in Latvian follows c, not z Horde 1.0.8 places national letters before A, 1.2.9 and Horde4/IMP5 - after Z We use strnatcasecmp and strcasecmp for sorting mailboxes. Those have the advantage of correctly sorting mailboxes with numbers and being binary-safe. For better locale-specific sorting, we would have to use strcoll, but this function doesn't support either of the former features. Jan. -- Do you need professional PHP or Horde consulting? http://horde.org/consulting/ -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] strange problems with imp ver 5.0.3
My email is xx...@digicolor.net and this is some of the email header : Message-ID:4dda145d.3070...@boldrinispa.com Disposition-Notification-To: y...@boldrinispa.comy...@boldrinispa.com Date: Mon, 23 May 2011 10:01:33 +0200 From: y...@boldrinispa.comy...@boldrinispa.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: xx...@digicolor.net Subject: Re: References:4dd9ffa2.8070...@boldrinispa.com 20110523095407.horde.qazbx9nflwnn2hkfeje0...@dns.digicolor.net In-Reply-To:20110523095407.horde.qazbx9nflwnn2hkfeje0...@dns.digicolor.net When I reply in the to: filed there are : y...@boldrinispa.com, xx...@digicolor.net The domain boldrinispa.com is not on my server. Il 23/05/2011 12:19, azurIt ha scritto: Sorry, not 'From' header but 'To' header. __ Od: azurIt Komu: Dátum: 23.05.2011 12:19 Predmet: Re: [imp] strange problems with imp ver 5.0.3 This happens when you receive e-mail to address which is not your main address (the one you used for logging into the Horde/IMP) AND which is not added into your aliasses. Just look at the 'From' header of such e-mails. __ Od: o...@digicolor.net Komu: imp@lists.horde.org Dátum: 23.05.2011 12:15 Predmet: Re: [imp] strange problems with imp ver 5.0.3 I do not understand what you mean with my aliases, the email that my customers use do not have aliases. The problem also happens when I reply to the email addresses of other Internet Service Provider. Tank you for your reply. Il 23/05/2011 12:04, azurIt ha scritto: 2) When I reply to an email, with some senders that happens over emailsender in the To: field is also set my email so I get a copy of the email.The strange thing is that does not happen with all email, and it happens with all email accounts on the server. Add all of your aliasses into Preferences - Personal info - Your alias addresses azur -- Oberdan Albertoni --- DIGICOLOR.NET s.r.l. Via Ala Ponzone, 30 - 26100 CREMONA (CR) Tel. +39 (0372) 30669 - 1965101 - 1951509 Fax +39 (0372) 464840 E-mail i...@digicolor.net - Website http://www.digicolor.net C.F / P.IVA 01227520192 - R.E.A. CR n. 153382 - Capitale Sociale € 10.400 i.v. Filiale di Codogno Via Galilei, 17 – 26845 CODOGNO (LO) Tel. +39 (0377) 741006 – 431931 Fax +39 (0372) 464840 E-mail info.codo...@digicolor.net - Website http://www.digicolor.net --- Ai sensi del D.lgs n.196 del 30.06.03 (Codice Privacy) si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie This message, for the D.lgs n.196 / 30.06.03 (Privacy Code), may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. --- -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] strange problems with imp ver 5.0.3
Ok, adesso ho capito , infatti funziona. Non e' che sai dirmi anche il perchè del primo problema ? :-)) Many thanks. Il 23/05/2011 12:32, azurIt ha scritto: Just add xx...@digicolor.net to your aliasses as i said before ;) __ Od: o...@digicolor.net Komu: imp@lists.horde.org Dátum: 23.05.2011 12:30 Predmet: Re: [imp] strange problems with imp ver 5.0.3 My email is xx...@digicolor.net and this is some of the email header : Message-ID: Disposition-Notification-To: y...@boldrinispa.com Date: Mon, 23 May 2011 10:01:33 +0200 From: y...@boldrinispa.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: xx...@digicolor.net Subject: Re: References: In-Reply-To: When I reply in the to: filed there are : y...@boldrinispa.com, xx...@digicolor.net The domain boldrinispa.com is not on my server. Il 23/05/2011 12:19, azurIt ha scritto: Sorry, not 'From' header but 'To' header. __ Od: azurIt Komu: Dátum: 23.05.2011 12:19 Predmet: Re: [imp] strange problems with imp ver 5.0.3 This happens when you receive e-mail to address which is not your main address (the one you used for logging into the Horde/IMP) AND which is not added into your aliasses. Just look at the 'From' header of such e-mails. __ Od: o...@digicolor.net Komu: imp@lists.horde.org Dátum: 23.05.2011 12:15 Predmet: Re: [imp] strange problems with imp ver 5.0.3 I do not understand what you mean with my aliases, the email that my customers use do not have aliases. The problem also happens when I reply to the email addresses of other Internet Service Provider. Tank you for your reply. Il 23/05/2011 12:04, azurIt ha scritto: 2) When I reply to an email, with some senders that happens over emailsender in the To: field is also set my email so I get a copy of the email.The strange thing is that does not happen with all email, and it happens with all email accounts on the server. Add all of your aliasses into Preferences - Personal info - Your alias addresses azur -- Oberdan Albertoni --- DIGICOLOR.NET s.r.l. Via Ala Ponzone, 30 - 26100 CREMONA (CR) Tel. +39 (0372) 30669 - 1965101 - 1951509 Fax +39 (0372) 464840 E-mail i...@digicolor.net - Website http://www.digicolor.net C.F / P.IVA 01227520192 - R.E.A. CR n. 153382 - Capitale Sociale € 10.400 i.v. Filiale di Codogno Via Galilei, 17 – 26845 CODOGNO (LO) Tel. +39 (0377) 741006 – 431931 Fax +39 (0372) 464840 E-mail info.codo...@digicolor.net - Website http://www.digicolor.net --- Ai sensi del D.lgs n.196 del 30.06.03 (Codice Privacy) si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie This message, for the D.lgs n.196 / 30.06.03 (Privacy Code), may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. --- -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
[imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Hi, apache 2.2.16 php 5.3.3 *with suhosin* horde 4.0.3 imp 5.0.3 In my syslog, I have a lot of this message: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') And the search in dimp never respond ! It is the '\0' delimiter char of MAILBOX_PREFIX defined in imp/lib/Search.php which is triggered by suhosin. I suggest you to replace '\0' by '+'. On my server it seems to be ok. Olivier attachment: olivier.vcf-- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Apologies for top posting..
No wonder you have an issue. Install postfix asap and replace sendmail. This
is more secure and less complex (and it sounds like you don't need complex).
In the meantime take that box offline until you establish of it's the server or
a compromised user account. Does your setup even use smtp auth?
Simon
Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de wrote:
htmlheadmeta name=Generator content=Microsoft Exchange Server
!-- converted from text --
style!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left:
#80 2px solid; } --/style/head
body
font size=2div class=PlainTextAm 23.05.11 10:30, schrieb azurIt:br
gt; br
gt;gt; How may I limit the number of messages a user may send? :-)br
gt; br
gt; br
gt; for example google 'policyd'br
br
not for sendmail as far as I know.br
br
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /Götzbr
-- br
Götz Reinickebr
IT-Koordinatorbr
br
Tel. #43;49 7141 969 420br
Faxnbsp; #43;49 7141 969 55 420br
E-Mail goetz.reini...@filmakademie.debr
br
Filmakademie Baden-Württemberg GmbHbr
Akademiehof 10br
71638 Ludwigsburgbr
a href=http://www.filmakademie.de;
target=_BLANKwww.filmakademie.de/abr
br
Eintragung Amtsgericht Stuttgart HRB 205016br
Vorsitzende des Aufsichtsrats:br
Prof. Dr. Claudia Hübnerbr
br
Geschäftsführer:br
Prof. Thomas Schadtbr
br
/div/font
/body
/html
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] db migration and sorting
Quoting Jan Schneider j...@horde.org: 2. what can be done to display folder list in alphabetical order for selected language - for example letter č in Latvian follows c, not z Horde 1.0.8 places national letters before A, 1.2.9 and Horde4/IMP5 - after Z We use strnatcasecmp and strcasecmp for sorting mailboxes. Those have the advantage of correctly sorting mailboxes with numbers and being binary-safe. For better locale-specific sorting, we would have to use strcoll, but this function doesn't support either of the former features. so - resumé - it is not possible to get folders in correct alphabetical order rathen than for ASCII-named, isn't it? Janis This message was sent using IMP, the Internet Messaging Program. -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Quoting Simon Brereton simon.brere...@dada.net: Apologies for top posting.. No wonder you have an issue. Install postfix asap and replace sendmail. This is more secure and less complex (and it sounds like you don't need complex). actually, if one goes to make a secure server, it is not at all so simple. Fortunately, posfix configuration seems much more user-frendly than sendmail's Janis This message was sent using IMP, the Internet Messaging Program. -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Olivier oliv...@ablinux.com: Hi, apache 2.2.16 php 5.3.3 *with suhosin* horde 4.0.3 imp 5.0.3 In my syslog, I have a lot of this message: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') And the search in dimp never respond ! It is the '\0' delimiter char of MAILBOX_PREFIX defined in imp/lib/Search.php which is triggered by suhosin. I suggest you to replace '\0' by '+'. On my server it seems to be ok. Olivier You didn't read docs/INSTALL: 2. The following PHP capabilities: .. Important:: Certain features in IMP 5 will not work with the suhosin **extension** (e.g. search mailboxes). You must disable the suhosin extension to use these features. It is reported that IMP 5 does work the suhosin **patch**. -- mike The Horde Project (www.horde.org) mrubi...@horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
* G?tz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de [2011-05-23 04:30]: hmmm... do you have any hint for me gow to find the userid? We use the method described here: http://www.mail-archive.com/imp@lists.horde.org/msg04736.html How may I limit the number of messages a user may send? :-) I wish we had a better solution, but this is what we have now: Our experience is that the bad guys have an unusually large number of recipients per message. We added a check_data rule to sendmail.cf to quarantine such messages. (Quarantining is a relatively recent sendmail feature.) Unfortunately, this quarantines a lot of valid messages too (in our case); some innocent people like to send mail to lots of recipients. So we *also* have mechanisms to auto-dequarantine innocuous messages, saving more suspicious ones for sysadmin inspection. All this took some tuning and scripting. But we were desperate, because way too many of our users aren't very good at detecting phishing. -- -- Paul A. Sand | Three things are certain: -- University of New Hampshire | Death, taxes, and lost data. -- p...@unh.edu | Guess which has occurred. -- http://pubpages.unh.edu/~pas | (David Dixon) -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
My questions: What is the best way to find the leak? What may I configure in horde/imp/apache/php ... to make it harder to be compromised? There are many phishing mails which target webmail accounts. IMHO this is the most comon case for abuse of imp and other webmail software IMP has some Options to limit the impact and show the used account. Have a look at Imp Configuration - Other settings - Outgoing Email Logging Permissions - Imp - max_recipients and max_timelimit You can use the following sql-statement to show the supissius accounts SELECT * FROM ( SELECT sentmail_who, COUNT(sentmail_recipient) AS nrcpt FROM imp_sentmail WHERE sentmail_ts '@BEGIN_TS@' and sentmail_ts '@END_TS@' GROUP BY sentmail_who ORDER BY nrcpt DESC ) AS foo WHERE nrcpt @NRCPT@; Repalce @BEGIN_TS@ and @END_TS@ with the begining and end point timestamp of the timeframe @NRCPT@ with the number of recipients to ignore To find the user you can try to search horde_prefs table for the spam content in the users signature (pref_scope='horde' and pref_name='identities' and pref_value like '%SPAMTEXT%') Regards Michael Menge M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen smime.p7s Description: S/MIME Signatur -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Olivier oliv...@ablinux.com: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. Maybe suhosin should also filter out j, a, v, s, c, r, i, p, and t characters because they can be used to create XSS attacks. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
On Mon, 23 May 2011, Götz Reinicke - IT-Koordinator wrote:
Hi,
since saturday we got about 40 reports from spamcom.net and other
mailserver providers, that 'we' are sending or are used for sending spam.
The MX is 193.196.129.3
So far I received about 7.000 returned mail bounces from our system and
all reported messages do have User-Agent: Internet Messaging Program
(IMP) H3 (4.3.9) in the mailheader.
Or something like
Received: from switchde.switchvpn.com (switchde.switchvpn.com
[178.162.182.142]) by mail.filmakademie.de (Horde Framework) with HTTP;
Our mailserver is a Red Hat EL 5.x server with sendmail 8.13.8, apache
httpd 2.2.3, php 5.2.11, mysql 5.0.77 and latest horde webmailedition.
My questions:
What is the best way to find the leak? What may I configure in
horde/imp/apache/php ... to make it harder to be compromised?
As others have said, most likely one of your user's is compromised. You
can easily place limits on the number of messages that can be sent in a
specified time period to limit the damage. For example, we limit our
users to 500 messages per day from IMP.
To turn this feature on, login to Horde as an administrator and go to the
Administration Setup Mail (imp) Other Settings tab. Configure the
Outgoing Email Logging settings. Here is what we use:
$conf['sentmail']['params']['threshold'] = 30;
$conf['sentmail']['params']['limit_period'] = 24;
$conf['sentmail']['params']['table'] = 'imp_sentmail';
$conf['sentmail']['params']['driverconfig'] = 'horde';
$conf['sentmail']['driver'] = 'sql';
Then, go to Administration Permissions and add a child permission for
Mail (imp) called Maximum Number of Recipients per Time Period
(max_timelimit). Set it to 500 or the value you want for Authenticated
Users.
We keep track of the use/abuse by running a nightly cronjob. It is
attached to this message and named report_senders.pl. All it really does
is run the following SQL query:
SELECT sentmail_who, COUNT(sentmail_who) cc
FROM imp_sentmail
WHERE (sentmail_ts UNIX_TIMESTAMP() - 86400)
GROUP BY sentmail_who
HAVING cc 100
ORDER BY cc DESC
We have a second perl script which will report all the messages that a
particular user sent in the last 24 hours (attached as query-sentmail.pl).
It is pretty obvious when a spammer has control of the account when you
look at the list of recipients. They like to send to the same domain with
a list of alphabetical usernames. If I have any doubt, I open up the
user's mailbox and look at their sent-mail and any bounce messages they
have received. There are usually lots of bounce messages for spam.
Lots of people on this list are recommending dumping sendmail in favor of
postfix. Personally, that sounds like postfix bigotry to me. Postfix is
a nice SMTP server, but sendmail will work fine too. Fix your immediately
problem in IMP first by deploying this sender limits. If you want to mess
with your SMTP server, do it later when you can spend the time to research
and test a solution.
Andy#!/usr/bin/perl -w
use DBI;
if ($#ARGV 0) {
print Usage: $0 username\@domain\n;
print Reports all messages sent via Webmail for\n;
print username\@domain in the last 24 hours.\n;
exit;
}
$who = $ARGV[0];
# Setup some variables
require /private/admin/acct/requires/prefs.pl;
# Connect to db
$dbh = DBI-connect($prefs{'webmail_connect_string'},
$prefs{'migrate_sql_user'},
$prefs{'migrate_sql_pass'},
{ RaiseError = 1, AutoCommit = 1 })
or die($DBI::errstr\n);
# Get total session count
$sth = $dbh-prepare(SELECT sentmail_ts, sentmail_action, sentmail_recipient
FROM imp_sentmail
WHERE (sentmail_ts UNIX_TIMESTAMP() - 86400)
AND sentmail_who = ?
ORDER BY sentmail_ts ASC);
$sth-execute($who);
printf(%-24s %-8s %s\n, Time sent, Action, Recipient);
while (($ts, $action, $recip) = $sth-fetchrow_array) {
$time = localtime($ts);
printf(%-24s %-8s %s\n, $time, $action, $recip);
}
# Cleanup
$sth-finish;
$dbh-disconnect;
#!/usr/bin/perl -w
use DBI;
# Setup some variables
require /private/admin/acct/requires/prefs.pl;
# Connect to db
$dbh = DBI-connect($prefs{'webmail_connect_string'},
$prefs{'migrate_sql_user'},
$prefs{'migrate_sql_pass'},
{ RaiseError = 1, AutoCommit = 1 })
or die($DBI::errstr\n);
# Get total session count
$sth = $dbh-prepare(SELECT sentmail_who, COUNT(sentmail_who) cc
FROM imp_sentmail
WHERE (sentmail_ts UNIX_TIMESTAMP() - 86400)
GROUP BY sentmail_who
HAVING cc 100
ORDER BY cc DESC);
$sth-execute();
print Users with more than 100 messages sent in the last 24 hours:\n\n;
printf(%-30s %s\n, Username, Messages);
while (($user, $count) = $sth-fetchrow_array) {
printf(%-30s %d\n, $user, $count);
}
# Cleanup
$sth-finish;
$dbh-disconnect;
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] May be our horde installation was used for spam
Quoting Andrew Morgan mor...@orst.edu: On Mon, 23 May 2011, Götz Reinicke - IT-Koordinator wrote: Hi, since saturday we got about 40 reports from spamcom.net and other mailserver providers, that 'we' are sending or are used for sending spam -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Rick Romero r...@havokmon.com: Quoting Michael M Slusarz slus...@horde.org: Quoting Olivier oliv...@ablinux.com: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. What if the variable is expected to be numeric and you start doing math on it? But what if the variable ends up being 0. That's a perfectly valid integer, but could cause problems if the application uses it as a divisor. Isn't the purpose of suhosin to try and catch the stuff developers didn't catch? But you can't break things that are supposed to work otherwise. NULL is a perfectly acceptable input in URL parameters. And, e.g. with the 0 value above, the interpreter CAN'T possibly catch/process all valid inputs. That is the duty of the application author. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
this can be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier : suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. What if the variable is expected to be numeric and you start doing math on it? But what if the variable ends up being 0. That's a perfectly valid integer, but could cause problems if the application uses it as a divisor. Isn't the purpose of suhosin to try and catch the stuff developers didn't catch? But you can't break things that are supposed to work otherwise. NULL is a perfectly acceptable input in URL parameters. And, e.g. with the 0 value above, the interpreter CAN'T possibly catch/process all valid inputs. That is the duty of the application author. I dunno. I agree with your last paragraph, it's not suhosin's job to be a substitute for proper input validation. But kinda I think that contradicts 'NULL is a perfectly acceptable input..'. I mean - Do you really design an application and say Yep, we're going to expect a user (or unknown entity) to send a NULL here ? Why not? That may be YOUR belief, or the way that you would code things, but the fact is *BOTH* PHP and the URL specs allow this to happen. So it is broken behavior to disallow this. Period. In our case, we need a way to indicate a mailbox is not an IMAP mailbox. I chose the method of including a null character in the mailbox string since this is the ONLY character not allowed in IMAP mailboxes (yes, all other control characters are allowed). It works great everywhere - as it should because it doesn't violate any spec or API - except when using suhosin. Suhosin = broken. Assuming it's coded 'properly' that variable should have been pre-set in code, and upon receiving a URL param with data outside the expected range (numerical, 0), promptly ignored it. Or am I wrong? You would be wrong. Why do you want to ignore proper URL form data? If someone sends you an encoded null character (%00), that's a character within the allowed range so why should it be treated any differently? What if I have a page that sends the first 16 bytes of an image provided to it to the server to do some kind of MIME Magic testing - preventing the need to send the whole file. This binary data may contain nulls. Who are you to tell me that this is a security violation? Just because null characters can be used for things such as buffer overruns in certain languages does not mean they are evil. You simply can't remove them from a data stream without knowing the context. I would be very wary of running something that supposedly increases security on your machine when the actual theory behind that code is this deeply flawed. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Yes, but is this the only edge effect of suhosin ? Olivier Le 23/05/2011 21:04, azurIt a écrit : this can be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier : suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. What if the variable is expected to be numeric and you start doing math on it? But what if the variable ends up being 0. That's a perfectly valid integer, but could cause problems if the application uses it as a divisor. Isn't the purpose of suhosin to try and catch the stuff developers didn't catch? But you can't break things that are supposed to work otherwise. NULL is a perfectly acceptable input in URL parameters. And, e.g. with the 0 value above, the interpreter CAN'T possibly catch/process all valid inputs. That is the duty of the application author. I dunno. I agree with your last paragraph, it's not suhosin's job to be a substitute for proper input validation. But kinda I think that contradicts 'NULL is a perfectly acceptable input..'. I mean - Do you really design an application and say Yep, we're going to expect a user (or unknown entity) to send a NULL here ? Why not? That may be YOUR belief, or the way that you would code things, but the fact is *BOTH* PHP and the URL specs allow this to happen. So it is broken behavior to disallow this. Period. In our case, we need a way to indicate a mailbox is not an IMAP mailbox. I chose the method of including a null character in the mailbox string since this is the ONLY character not allowed in IMAP mailboxes (yes, all other control characters are allowed). It works great everywhere - as it should because it doesn't violate any spec or API - except when using suhosin. Suhosin = broken. Assuming it's coded 'properly' that variable should have been pre-set in code, and upon receiving a URL param with data outside the expected range (numerical, 0), promptly ignored it. Or am I wrong? You would be wrong. Why do you want to ignore proper URL form data? If someone sends you an encoded null character (%00), that's a character within the allowed range so why should it be treated any differently? What if I have a page that sends the first 16 bytes of an image provided to it to the server to do some kind of MIME Magic testing - preventing the need to send the whole file. This binary data may contain nulls. Who are you to tell me that this is a security violation? Just because null characters can be used for things such as buffer overruns in certain languages does not mean they are evil. You simply can't remove them from a data stream without knowing the context. I would be very wary of running something that supposedly increases security on your machine when the actual theory behind that code is this deeply flawed. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Almost everything (or maybe everything) in suhosin can be disabled. I believe it is possible to tune it so Horde will work ok. __ Od: Olivier Komu: imp@lists.horde.org Dátum: 23.05.2011 21:21 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Yes, but is this the only edge effect of suhosin ? Olivier Le 23/05/2011 21:04, azurIt a écrit : this can be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier : suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. What if the variable is expected to be numeric and you start doing math on it? But what if the variable ends up being 0. That's a perfectly valid integer, but could cause problems if the application uses it as a divisor. Isn't the purpose of suhosin to try and catch the stuff developers didn't catch? But you can't break things that are supposed to work otherwise. NULL is a perfectly acceptable input in URL parameters. And, e.g. with the 0 value above, the interpreter CAN'T possibly catch/process all valid inputs. That is the duty of the application author. I dunno. I agree with your last paragraph, it's not suhosin's job to be a substitute for proper input validation. But kinda I think that contradicts 'NULL is a perfectly acceptable input..'. I mean - Do you really design an application and say Yep, we're going to expect a user (or unknown entity) to send a NULL here ? Why not? That may be YOUR belief, or the way that you would code things, but the fact is *BOTH* PHP and the URL specs allow this to happen. So it is broken behavior to disallow this. Period. In our case, we need a way to indicate a mailbox is not an IMAP mailbox. I chose the method of including a null character in the mailbox string since this is the ONLY character not allowed in IMAP mailboxes (yes, all other control characters are allowed). It works great everywhere - as it should because it doesn't violate any spec or API - except when using suhosin. Suhosin = broken. Assuming it's coded 'properly' that variable should have been pre-set in code, and upon receiving a URL param with data outside the expected range (numerical, 0), promptly ignored it. Or am I wrong? You would be wrong. Why do you want to ignore proper URL form data? If someone sends you an encoded null character (%00), that's a character within the allowed range so why should it be treated any differently? What if I have a page that sends the first 16 bytes of an image provided to it to the server to do some kind of MIME Magic testing - preventing the need to send the whole file. This binary data may contain nulls. Who are you to tell me that this is a security violation? Just because null characters can be used for things such as buffer overruns in certain languages does not mean they are evil. You simply can't remove them from a data stream without knowing the context. I would be very wary of running something that supposedly increases security on your machine when the actual theory behind that code is this deeply flawed. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Olivier oliv...@ablinux.com: Yes, but is this the only edge effect of suhosin ? Olivier IMHO, suhosin is looking for things that PROBABLY shouldn't be happening. For the most part there won't be any issues, but the only way to guarantee the app works perfectly is to not interfere with it. You have the same risks when using any other web application firewall. Actually, I run suhosin on FreeBSD 7.2-stable and haven't run into any issues. PHP 5.2.14 with Suhosin-Patch 0.9.7 (cli) (built: Aug 29 2010 20:06:55) Rick Le 23/05/2011 21:04, azurIt a écrit : this can be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier : suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security threat. What if the variable is expected to be numeric and you start doing math on it? But what if the variable ends up being 0. That's a perfectly valid integer, but could cause problems if the application uses it as a divisor. Isn't the purpose of suhosin to try and catch the stuff developers didn't catch? But you can't break things that are supposed to work otherwise. NULL is a perfectly acceptable input in URL parameters. And, e.g. with the 0 value above, the interpreter CAN'T possibly catch/process all valid inputs. That is the duty of the application author. I dunno. I agree with your last paragraph, it's not suhosin's job to be a substitute for proper input validation. But kinda I think that contradicts 'NULL is a perfectly acceptable input..'. I mean - Do you really design an application and say Yep, we're going to expect a user (or unknown entity) to send a NULL here ? Why not? That may be YOUR belief, or the way that you would code things, but the fact is *BOTH* PHP and the URL specs allow this to happen. So it is broken behavior to disallow this. Period. In our case, we need a way to indicate a mailbox is not an IMAP mailbox. I chose the method of including a null character in the mailbox string since this is the ONLY character not allowed in IMAP mailboxes (yes, all other control characters are allowed). It works great everywhere - as it should because it doesn't violate any spec or API - except when using suhosin. Suhosin = broken. Assuming it's coded 'properly' that variable should have been pre-set in code, and upon receiving a URL param with data outside the expected range (numerical, 0), promptly ignored it. Or am I wrong? You would be wrong. Why do you want to ignore proper URL form data? If someone sends you an encoded null character (%00), that's a character within the allowed range so why should it be treated any differently? What if I have a page that sends the first 16 bytes of an image provided to it to the server to do some kind of MIME Magic testing - preventing the need to send the whole file. This binary data may contain nulls. Who are you to tell me that this is a security violation? Just because null characters can be used for things such as buffer overruns in certain languages does not mean they are evil. You simply can't remove them from a data stream without knowing the context. I would be very wary of running something that supposedly increases security on your machine when the actual theory behind that code is this deeply flawed. michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Rick Romero r...@havokmon.com: Actually, I run suhosin on FreeBSD 7.2-stable and haven't run into any issues. PHP 5.2.14 with Suhosin-Patch 0.9.7 (cli) (built: Aug 29 2010 20:06:55) The patch has been reported to work fine - apparently, it doesn't much with Zend internals. But this will all be moot soon. In no small part to avoid this whole mess, I have added code to pass around mailbox names base64 encoded in form data. A total PITA, but since a bunch of installations apparently ship suhosin by default, I deemed it worthy enough to (unfortunately) have to work around. This should be implemented by IMP 5.0.5 (it won't make it into the next IMP release since it hasn't been tested thoroughly yet). michael ___ Michael Slusarz [slus...@horde.org] -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
[imp] pdf
Hi! I noticed that during install the Horde PDF library is installed along others - where (and how) it is used? Janis -- IMP mailing list Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
