Re: compile troubles
Bill, hello! gcc -I. -Icdb -g -O2 -Wall -c vpopmail.c In file included from /usr/include/sys/wait.h:79, from vpopmail.c:30: /usr/include/bits/waitstatus.h:78: duplicate member `__w_retcode' /usr/include/bits/waitstatus.h:79: duplicate member `__w_coredump' /usr/include/bits/waitstatus.h:80: duplicate member `__w_termsig' /usr/include/bits/waitstatus.h:92: duplicate member `__w_stopsig' /usr/include/bits/waitstatus.h:93: duplicate member `__w_stopval' In file included from functions.c:4, from vpopmail.c:42: sha1.c: In function `SHA1_Transform': sha1.c:290: `q' undeclared (first use in this function) sha1.c:290: (Each undeclared identifier is reported only once sha1.c:290: for each function it appears in.) sha1.c:291: `i' undeclared (first use in this function) make[2]: *** [vpopmail.o] Error 1 make[2]: Leaving directory `/var/src/vlad/vpop.4.10.30' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/src/vlad/vpop.4.10.30' make: *** [all-recursive-am] Error 2 This is a RH Linux 7.1 system with gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-81) thank you very mach you leave me a hope to participate in project. I guess all of these errors caused by only one file endian.h. I'm using FreeBSD, and just take this from /usr/inlclude/machine (as used in original sha1.c -- no more corrections done) About Qmail -- my corrections based on cumulative patch found at http://matt.simerson.net/computing/qmail.toaster.shtml (I wish to say Big Thanks to Matt for that toaster). Of course there also were stylistic corrections, It were almost impossible to look and understand anything why looking on that horrible-styled code. So I format modified modules for my own taste. Guess it ok. Modifications (meaningful) done only for two modules: qmail-popup.c and qmail-smtpd.c to provide sending of additional zero-divided control byte to vchkpw-module (to be know which module asking for authentication and which schema were used). For vpopmail: as I said, works based on version 4.10.30, all corrections made by myself, applying new auth schemas, modifying logging and so on. Of course stylistic corrections also had place. I wrote some additional functions placed in functions.c. excepting HMAC_MD5, i just copy there a text I found on Net. base64-related functions adopted from base64-packet found in ports-collections. (Author John Walker, http://www.fourmilab.ch/). It is possible to use SHA-1 after installing just not sure... mcrypt maybe? (libmd, -lmd) Bill, what else should be said to continue integration? I have a little entreaty: give a hint how to use quotas cooperatively with Courier-IMAP quotas, I'm ready to do these corrections too. Vladimir Kabanov.
RE: No user found (4.9.10)
Ok, I feel like a fool now. While browsing through some archives, my eyes caught the tcpserver command which used -u and -g of vpopmail/vchkpw, and it sparked a thought. Low and behold, when I copied over my rc file from the old server to the new server, I forgot the change the uid/gid that tcpserver used, and the vpopmail/vchkpw uid/gid are different on the new server. I feel that this is going to be solved by a very simple fix... - turned out to be true. Shawn
Re[2]: finished vaddaliasdomain() patch
-BEGIN PGP SIGNED MESSAGE- Hello Bill, Monday, September 03, 2001, 9:35:39 PM, you wrote: This now works properly, except for the fact that vget_assign (which many of the vpopmail tools rely on) no longer know about this domain. Vuserinfo and vmoduser, for example, can't find the user. Unless you (or someone else) plan to make some major changes in vpopmail to accommodate this, I recommend that your previous patch (that only removes the sym links) is the one to integrate into vpopmail. IMNSHO, the user tools should NOT operate on user@aliasdomain anyway cause an aliasdomain is an aliasdomain and nothing more, the user is user@masterdomain and thus one should work only on the masterdomain. I could, of course, patch vget_assign() to call get_domain_type() first and in case of an aliasdomain simply return dir, uid, gid of the masterdomain, thoughts? Best regards, Gabriel -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQEVAwUBO5TjQcZa2WpymlDxAQHb2Qf/bNH8Af+NQwL7VsJgnoB2URVpHSP/g1JM B644WyfRvuM04hkPFWvp4lKCyVybFHo7cwj1q++PbKnwhDSE+k6PNL/6CxCJJNP3 IUWBqbaixeF8Ju7H73+mC5g5w1/kEAb129YHcnUhzi7bjPqQSshKJRUmsrvcQ734 lvrSHjZaRnNA/AJ8JJEdeyDp1lNa7T0/f4AzHpgBXIna6OiQxohEQ5HnfKM3HAir jBHuIjrnFxnpxLW44RPFUCFAqrnw+dlPp9Jhl6lcRpkKpYRwxEnrgIbcna2tUSSu 1tdzqhPAw1d9WealpHx26hGKpMG+yXeII5PVOzj/1PnTkqkMyRW/1w== =72Yc -END PGP SIGNATURE-
vpopmail-5.0pre1
Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. And Enar's vaddaliasdomain code. What do you folks think? Ken Jones
Re: vpopmail-5.0pre1
- Original Message - From: Ken Jones [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 04, 2001 5:42 PM Subject: vpopmail-5.0pre1 Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. And Enar's vaddaliasdomain code. Ken, I'm willing to take the credit for pushing through the handling of virtualdomains, but please give Gabriel credit for the acctual and nice coding ;-) Sounds like a plan. -- IDG New MediaEinar Bordewich Development Manager Phone: +47 2336 1420 E-Mail: eibo(at)newmedia.no Lat: 59.91144 N Lon: 10.76097 E
Re: vpopmail-5.0pre1
Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. And Enar's vaddaliasdomain code. What do you folks think? Ken Jones Ken, sounds fine! but what about alternative way of password hashes storing, I mean SHA-1 (i guess almost all LDIF exports use this format)? and SMTP-blocking for certain users? these features already done too :)) Best wishes! Vladimir Kabanov.
Re: vpopmail-5.0pre1
Hello , It will be great if you will add spam blocking for certain users. I mean black-lists for certain users. -- Best regards, Yuri mailto:[EMAIL PROTECTED]
Re: vpopmail-5.0pre1
On Tue, 2001-09-04 at 11:31, Vladimir Kabanov wrote: Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. What do you folks think? Ken Jones Ken, sounds fine! but what about alternative way of password hashes storing, I mean SHA-1 (i guess almost all LDIF exports use this format)? and SMTP-blocking for certain users? these features already done too :)) That sounds like a good feature too. Ken
Re: Re[2]: finished vaddaliasdomain() patch
on 9/4/01 10:20 AM, Gabriel Ambuehl at [EMAIL PROTECTED] spake: IMNSHO, the user tools should NOT operate on user@aliasdomain anyway cause an aliasdomain is an aliasdomain and nothing more, the user is user@masterdomain and thus one should work only on the masterdomain. Sounds like I'm in the minority! I could, of course, patch vget_assign() to call get_domain_type() first and in case of an aliasdomain simply return dir, uid, gid of the masterdomain, thoughts? Nah, if people feel strongly that alias domains should not be treated as real accounts, then it's probably best to leave things as they are. Cheers, Bill
Re: vpopmail-5.0pre1
On Tue, 2001-09-04 at 11:55, sec wrote: Hello , It will be great if you will add spam blocking for certain users. I mean black-lists for certain users. we are working on a new filtering project http://www.inter7.com/eps/ That should be the building block for filtering on a site/domain and user basis. Ken
Re: vpopmail-5.0pre1
On Tue, 2001-09-04 at 11:07, Einar Bordewich wrote: - Original Message - From: Ken Jones [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 04, 2001 5:42 PM Subject: vpopmail-5.0pre1 Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. And Enar's vaddaliasdomain code. Ken, I'm willing to take the credit for pushing through the handling of virtualdomains, but please give Gabriel credit for the acctual and nice coding ;-) Hehe, Sorry about that. Ken
Re: vpopmail-5.0pre1
on 9/4/01 12:08 PM, Ken Jones at [EMAIL PROTECTED] spake: On Tue, 2001-09-04 at 11:31, Vladimir Kabanov wrote: Hi Folks, The summer is over (here in the US) and it's time we have a new vpopmail-5.0 release to start the year out right. I do not want to add in any new features which require a new round of testing. Any new features can be added to 5.1 (devel version) and later released as a production version 5.2. So I would like to release vpopmail-4.10.36 as vpopmail-5.0pre1. The two features I would like to put in the 5.1 devel version are Vlad's new auth code for pop3 capa pop3 auth login cram-md5 smtp auth login cram-md5 pop3 APOP. What do you folks think? Sounds like a good plan to me. What's up with qmailadmin? and SMTP-blocking for certain users? these features already done too :)) That sounds like a good feature too. SMTP blocking (via vmoduser) is something I wouldn't mind seeing in 5.0.. I just implemented smtp auth in production, and could use that sooner than later. ; ) If I get time today, I'll try to extract those changes from Vladimir's code and submit it as a patch to 5.0pre1. Cheers, Bill Shupp
Re: Re[2]: finished vaddaliasdomain() patch
Will there at least be something like: b.com is aliased to a.com vuserinfo [EMAIL PROTECTED] [EMAIL PROTECTED] is aliased to [EMAIL PROTECTED] -Rich - Original Message - From: Bill Shupp [EMAIL PROTECTED] To: Gabriel Ambuehl [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 04, 2001 13:02 Subject: Re: Re[2]: finished vaddaliasdomain() patch on 9/4/01 10:20 AM, Gabriel Ambuehl at [EMAIL PROTECTED] spake: IMNSHO, the user tools should NOT operate on user@aliasdomain anyway cause an aliasdomain is an aliasdomain and nothing more, the user is user@masterdomain and thus one should work only on the masterdomain. Sounds like I'm in the minority! I could, of course, patch vget_assign() to call get_domain_type() first and in case of an aliasdomain simply return dir, uid, gid of the masterdomain, thoughts? Nah, if people feel strongly that alias domains should not be treated as real accounts, then it's probably best to leave things as they are. Cheers, Bill
Re[4]: finished vaddaliasdomain() patch
-BEGIN PGP SIGNED MESSAGE- Hello Bill, Tuesday, September 04, 2001, 7:02:38 PM, you wrote: on 9/4/01 10:20 AM, Gabriel Ambuehl at [EMAIL PROTECTED] spake: IMNSHO, the user tools should NOT operate on user@aliasdomain anyway cause an aliasdomain is an aliasdomain and nothing more, the user is user@masterdomain and thus one should work only on the masterdomain. Sounds like I'm in the minority! That's why I'm asking. I'm generally not against fixing it but I don't mind if I don't need to cause I'm a lazy (the sales people would call it efficient :-) person... I could, of course, patch vget_assign() to call get_domain_type() first and in case of an aliasdomain simply return dir, uid, gid of the masterdomain, thoughts? Nah, if people feel strongly that alias domains should not be treated as real accounts, then it's probably best to leave things as they are. I mean I don't know what the others involved would like to say about it, but I for myself would leave things the way as they are. Ken, is vget_assign() used anywhere to do something else than getting dir, uid, gid of the domain to work on? If it isn't it would be ok if it simply returns the values for the masterdomain if invented on an aliasdomain, right? Best regards, Gabriel -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQEVAwUBO5UAZ8Za2WpymlDxAQHVywgAjlZYbMqTQoBrpZrKNw0WkvRm2/Kijd/b TuaPfQKUKIUT9mdpLq32ZsdzABpevUuW8j8f+iSeeXUvOC0c6ETDy7UwhmtgSZlz bom8z0tN8xEriIgxD3V6zD/M9sKJBpMC2bJTBMahm7Sv/iS1h5pMt+PVFCNTg0oD qFD+hJFg5+SYGilFoBP+kCXE+ppgnhL4iSI+GXqA+vE2+HafsgcAO4kGpKZnwzx3 6yFPVnVPz2Y7qxOPE304+yyy2BCnBm4UJHJ7diWkkcCti7pRgB3dzn69j7tNvmsk dmsuAXULz9ot471qXMEFJeldWxenNPo1am8oUNgLuYRXfX+ordDRzQ== =mpOs -END PGP SIGNATURE-
Re[4]: finished vaddaliasdomain() patch
-BEGIN PGP SIGNED MESSAGE- Tuesday, September 04, 2001, 7:15:21 PM, you wrote: Will there at least be something like: b.com is aliased to a.com vuserinfo [EMAIL PROTECTED] [EMAIL PROTECTED] is aliased to [EMAIL PROTECTED] No. Fixing this would most likely involve hacking around in the vuserinfo code which I don't want to do as I haven't got any idea of it cause I've never even used the binary of it. I don't even know whether it does this at the moment with the old aliasdomain scheme? Best regards, Gabriel -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQEVAwUBO5UA78Za2WpymlDxAQGorwf/T0TvKtxTzGDLyz9OJTzP5P3rwGRJTPEd Jky/L7+1/BavxiUcOVJWbIzXE2QCkT2DBnDayb73Yy0VcGfdZmVP1kKpGkBSjPjT 2TzlE4OtHWS2wOVSHGC8A4feIU/uQpqOAnuePzFbKEnGH9o9dgYZeBqlGCG7GC0Z 2kuMtlPWss6C7ryna9qHMXLBeR6eSjaLLxxqhTUhpv4sLWcxg2BPVadscl4hZDAj GuvBuJiC49p9D6OmbdA3NzaPTWBrFh7j5qh2ipOs3QVir0CusAO9Q0p+eOopFvwP 5YoWBCOpu7Rvp9lXa0TTkZzz+YurJyVmSsxm/hW6vvMHDhbXq/sR9w== =pc3/ -END PGP SIGNATURE-
Re: Re[4]: finished vaddaliasdomain() patch
On Tue, 2001-09-04 at 12:25, Gabriel Ambuehl wrote: -BEGIN PGP SIGNED MESSAGE- Hello Bill, Tuesday, September 04, 2001, 7:02:38 PM, you wrote: on 9/4/01 10:20 AM, Gabriel Ambuehl at [EMAIL PROTECTED] spake: IMNSHO, the user tools should NOT operate on user@aliasdomain anyway cause an aliasdomain is an aliasdomain and nothing more, the user is user@masterdomain and thus one should work only on the masterdomain. Sounds like I'm in the minority! That's why I'm asking. I'm generally not against fixing it but I don't mind if I don't need to cause I'm a lazy (the sales people would call it efficient :-) person... I could, of course, patch vget_assign() to call get_domain_type() first and in case of an aliasdomain simply return dir, uid, gid of the masterdomain, thoughts? Nah, if people feel strongly that alias domains should not be treated as real accounts, then it's probably best to leave things as they are. I mean I don't know what the others involved would like to say about it, but I for myself would leave things the way as they are. Ken, is vget_assign() used anywhere to do something else than getting dir, uid, gid of the domain to work on? If it isn't it would be ok if it simply returns the values for the masterdomain if invented on an aliasdomain, right? There is code that uses vget_assign to see if a domain exists, and then get the dir, uid, gid of the domain. It would be okay to return the masterdomain info. How do you know if a domain is aliased? Ken
Re[6]: finished vaddaliasdomain() patch
-BEGIN PGP SIGNED MESSAGE- Hello Ken, Tuesday, September 04, 2001, 7:58:05 PM, you wrote: Ken, is vget_assign() used anywhere to do something else than getting dir, uid, gid of the domain to work on? If it isn't it would be ok if it simply returns the values for the masterdomain if invented on an aliasdomain, right? There is code that uses vget_assign to see if a domain exists, and then get the dir, uid, gid of the domain. It would be okay to return the masterdomain info. How do you know if a domain is aliased? You mean how to tell whether it is an aliasdomain, a normal one or an old alias one? call int get_domain_type(char * domain) and parse the integer it returns. Maybe I should add a char *get_real_domain(char * domain, char * realdomain, int sizeofrealdomain) function, so vget_assign() and everything else can easily get the masterdomain name of every domain? Best regards, Gabriel -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQEVAwUBO5UJ08Za2WpymlDxAQG+bAf8Df53R7oOwfzM8X88G7bxU8Aa3csybFHv UTKLWvtJKexxdLSU8N/Dv1U9iw+FpCHy4PngFTwfcGqj9HwXIWi0wpgzj/QeAOr0 aTTuJ/xhN0k8K7CADJIMbnFDo+NNWh8bRyK9j5q1p0LGhcH/yDt5jT2lvUattUw+ uvDmRvoez904VFxhMHpE5uxjQb2DyjBkkx1jX5JOe8JzWtzFH/UZKzwGTif4WXpm FbeSbdJ4QPZHMhUTPhog+4CuTa9Ykkoy5RrNO4fh6ypjiEip8nEdHSh8STA/5HpL UBS9+nJO12X36AlZ4b4PLP1JwVCg1zGmTFqQFAjNhLBrQUCm1N27hQ== =AC3T -END PGP SIGNATURE-
Advisories
I'd like to comment on the advisory posted below. First of all, this issue is as old as databases and programs that interface with them automatically. Changes to file and library permissions fixes any problems people might have with this as stated in my advisory about valias. The point in my advisory, which the author of this advisory clearly missed, was that binaries/libraries with permissions fixes on what he has stated below, were still vulnerable due to an internal error with vpopmail. I'll restate my advisory briefly here. vauth_getall() does not require authentication of any kind. vauth_getall() loads a db connection in memory, which means, if I cause a segfault while using vauth_getall() (on most systems) I can look at the contents of the core file and read the database password. If they have valias enabled, I can insert information into the valias tables and come up with a SUID vpopmail shell, which can be used from there to gain root priveleges in various ways (trojans, etc). Thats all, folks. :) Forwarded message: -BEGIN PGP SIGNED MESSAGE- - - BUZ.CH Security Advisory 20010831: Inter7 vpopmail - - Subject: local password problem in vpopmail when installed with MySQL module and all programs linked against libvpopmail.a Written by: Gabriel Ambuehl [EMAIL PROTECTED] Impact: - MySQL authentication data can get stolen which means that all the data the respective user has access to is in danger. - Probably remote command execution under the vpopmail user (untested). Affected: All vpopmail = 4.10.35 Setups using MySQL NOT affected: vpopmail setups without DB based authentication Credits: Inter7 (earlier advisory on vpopmail-4.10.34, see below for details) - - I first want to say that Ken Jones of Inter7 was really responsive when I reported the bug and that they fixed the vulnerability fast. I also want to say that vpopmail really does a great job! 1. Introduction - --- Some days ago, Inter7 released a security advisory concerning passwords saved in libvpopmail.a cause they feared people could link against that lib with code that segfaults to steal the authentication data out of the core dump file and thus made the file chmod 400 so that only root has access to the compiled passwords. While this fixes this particular vulnerability, it really only fixes one particular problem with libvpopmail.a. 2. Description of the Problem - - As pointed out above, the passwords to the MySQL server get compiled into libvpopmail.a which is where they belong for various reasons, which basically means that one can get them out of there rather easily (a short description for FreeBSD 4.3/gcc 2.95.2 is below). Now since all the command line utilities link against libvpopmail.a, they all contain the passwords too. This means that there's absolutely no need to write some code that will segfault as all binaries are chmod 755 which means that every user can read their contents, including the passwords. 3. Principal attack - --- On FreeBSD 4.3/gcc 2.95.2 and vpopmail-4.10.35/4.10 (first one is the development snapshot) the username and password is saved in the same line as the error message could not connect to mysql All you have to do now is to open the file in a text editor, search for the string and grab the passwords a few bytes earlier. You now can connect to the DB server and do whatever you like with the data you gained access to. (the following paragraph is based on assumptions, as we don't run the mysql module ourselves) In some versions, this probably involves access to forwards which means that you could be able to spawn an arbitrary executable under the uid vpopmail runs (normally vpopmail, which means that all the email data is in danger, but when the multi Unix user scheme is used root, i.e. complete control of the system). 4. Background - - It's widely known that saving DB passwords anywhere on the system causes a big risk that they will be stolen but there isn't any other solution for daemons to work with databases as it is obviously impossible to run them interactively typing the password every time they are used. There ain't any real solution against this for interpreted code, but for binaries one can at least remove the r bits from the permissions to prevent users stealing the passwords out of the binaries. We suspect that there are many other programs out there that suffer of the same problem. 5. Solution - --- Run # chmod 711 ~vpopmail/bin/* # chmod 400 ~vpopmail/lib/* (substitute the second
Re: all fixed up vaddaliasdomain() patch (I hope...)
In the future, please post a URL to the patch file instead of posting the patch. Why? Because it eats up our T1 connection deliverying the patch file to everyone on the mailing list. Thanks ken On Tue, 2001-09-04 at 12:59, Gabriel Ambuehl wrote: -BEGIN PGP SIGNED MESSAGE- Hello all, I think I've got together an all working vaddaliasdomain() patch and would appreciate any comments on it. I did not, however, fix the issue Bill raised earlier about vget_assign() not knowing about the aliasdomains and which makes some of the standalone utilities fail to recognize aliasdomains which I personally think is the required behavior as it doesn't make too much sense to me to operate on users off aliasdomains but you're invited to convince me otherwise and I'll try to fix this. Todo: some small script that is able to change the existing, symlink based aliasdomains to the new scheme. For the domains in ~vpopmail/domains/ this is rather easy (i.e. check whether a given entry in that directory is a symlink and if it is, fetch the path it points to, call vdeldomain(entry) followed by vaddaliasdomain(entry, linkdest)). Please note that this isn't ultimately needed as the old aliasdomain scheme should work without any problems even with the new stuff in place. You might also want to check for compatibility with Vladimir's authentication patches, although I highly suspect there won't be any problems as I really tried to have the existing library functions behave like they always did (with the above exception, of course). Someone might also want to check what's going to happen if there are more than 100 aliasdomains for a given domain as I used a 100 entry array of char * to hold the aliasdomains. In theory, the array should get refilled after every time I use it but I wouldn't want to rely on this without having it tested first (I was to lazy to dig into all the realloc() stuff as I ordinarily prefer to use C++ and the STL where memory management is done by the lib which is why there isn't a dynamic array instead). There's one other issue with the whole array too: cause the char[] it is pointing are malloc'ed by the code and not by C itself, they don't get destroyed after the function exits. This isn't a problem for any program that does only one operation at a time but for daemon like code linked against libvpopmail.a it could result in memory leaks. The solution to this is easy: a small function that takes the array and free() all the char[] it points to. Best regards, Gabriel PFià,Ùä -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQEVAwUBO5UIe8Za2WpymlDxAQGuYAgAy8rvuFijAIWbemRyIr4tqXiW78X/h3sz rCs5KoxnMT+9QxF0+1mL2Htx31qE+SSobDIMYkTm256D1AWSfpV9eKczPtTYtAM6 HJIsrJFCrsC5sKpthiUW7pICV59jfOWQMP+m/3AKRfHJToJfpH/Ow7pVLDQI/QS7 7D0JCeBtKPTPGkyFi6cQfvkD9B/eIx9qnRa2bbjUT/rfglG9jV8+hMi2gYGm+7Us MyDVqpXOdRzXXroUpu92Okv4rFI20oREo51f4s99Z3T/kFVP0GZVzk9MRJ9qmIWh kV3ij8mw8d2nB8SERzswGwaaV+FgzSSZxqeQXEfVHN/ImmXAioKK+g== =1+cA
Re: vpopmail-5.0pre1
on 9/4/01 12:09 PM, Bill Shupp at [EMAIL PROTECTED] spake: SMTP blocking (via vmoduser) is something I wouldn't mind seeing in 5.0.. I just implemented smtp auth in production, and could use that sooner than later. ; ) If I get time today, I'll try to extract those changes from Vladimir's code and submit it as a patch to 5.0pre1. Ok, I've been working on this but can't get it right yet. The vmoduser/vuserinfo stuff was easy to adapt. But Vladimir's version uses a lot of new stuff to determine what service is calling vchkpw. I ended up bringing a lot of his code into 5.0. Anyway, it doesn't work yet, and I can't work on it anymore today. I've posted a patch (against 5.0pre1) of where I'm at, if anyone wants to look at it. It's pretty close, probably. ; ) To apply: cd vpopmail-5.0pre1 lynx --source http://shupp.org/patches/vpopmail-5.0p1-nosmtp.patch.gz | patch -p0 ./configure make make install-strip Cheers, Bill Shupp
Re: vpopmail-5.0pre1
SMTP blocking (via vmoduser) is something I wouldn't mind seeing in 5.0.. I just implemented smtp auth in production, and could use that sooner than later. ; ) If I get time today, I'll try to extract those changes from Vladimir's code and submit it as a patch to 5.0pre1. Cheers, Bill Shupp Good day friends! of course thats not completing SMTP blocks, its just a possibility to disable user from sending to someone else using our protected smtp-server. I guess there also could be such possibility as block on vdeliver level... but... dont think its good decision, as we will lost contact with that user... or... maybe enable smtp delivery from admin stuff? this a little better. to Bill and Ken: why cant u contact me for additional info what have been done to vpopmail modules in order to implement it faster? I guess it will be a little easier way to work on :) Waiting for news from you. Vladimir Kabanov.
Re: vpopmail-5.0pre1
on 9/4/01 6:27 PM, Vladimir Kabanov at [EMAIL PROTECTED] spake: Good day friends! of course thats not completing SMTP blocks, its just a possibility to disable user from sending to someone else using our protected smtp-server. I guess there also could be such possibility as block on vdeliver level... but... dont think its good decision, as we will lost contact with that user... or... maybe enable smtp delivery from admin stuff? this a little better. to Bill and Ken: why cant u contact me for additional info what have been done to vpopmail modules in order to implement it faster? I guess it will be a little easier way to work on :) Waiting for news from you. Vladimir, I wasn't intending to merge all of your changes, as I figured Inter7 would want to do that to be sure of any design issues. I was just personally interested in the NO_SMTP gid flag for my system. I'm certainly not against any of your changes. While can't speak for them, I think the easiest thing for Inter7 would be for you to provide any additional info you have on your modifications, as well as a patch against the current dev release, as your changes seem pretty substantial. Cheers! Bill
Outbound quota suggestion.
Hi all, Forgive me about my english (it's not quite so good!) My idea is: When a user sucessfully authenticates on vchkpw the same schema used to allow roaming users smtping, may be used to put a 'RELAYCLIENT' tag on the same line of the 'allow' tag on the tcp.smtp file. Example: ro.am.ming.ip:allow,RELAYCLIENT=,DATABYTES='' It may have a default outbound quota for everyone allowing any size and a personal quota size for some emails, having a time period to expire, like roaming users have I'm suggesting this because I have this schema, but to get this working I had to give the station a fixed ip on dhcpd, and edit the tcp.smtp line by line to put the user on the right outbound quota state. Note: as you see, this solution is machine based, since it works only with a determined ip number assigned by a dhcp config, it's stable and useful, but hard to mantaing and very insecure, since user can easily change it's NIC's MAC Address and run away with my smtp rules!) In the future, qmailadmin support may be very very welcome ;) Hope this idea is useful. Best Regards, -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eduardo Augusto Alvarenga - Analista de Suporte - #179653 Blumenau - Santa Catarina. Tel. (47) 9102-3303 http://www.netron.com.br/~eduardo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Outbound quota suggestion.
Eduardo Augusto Alvarenga [EMAIL PROTECTED] wrote: [...] roaming users smtping, may be used to put a 'RELAYCLIENT' tag on the [...] Sorry! Correcting: [...] roaming users smtping, may be used to put a 'DATABYTES' tag on the [...] Now it's right. Best Regards, -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eduardo Augusto Alvarenga - Analista de Suporte - #179653 Blumenau - Santa Catarina. Tel. (47) 9102-3303 http://www.netron.com.br/~eduardo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Outbound quota suggestion.
What?? - Original Message - From: Eduardo Augusto Alvarenga [EMAIL PROTECTED] To: Eduardo Augusto Alvarenga [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 04, 2001 7:58 PM Subject: Re: Outbound quota suggestion. Eduardo Augusto Alvarenga [EMAIL PROTECTED] wrote: [...] roaming users smtping, may be used to put a 'RELAYCLIENT' tag on the [...] Sorry! Correcting: [...] roaming users smtping, may be used to put a 'DATABYTES' tag on the [...] Now it's right. Best Regards, -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eduardo Augusto Alvarenga - Analista de Suporte - #179653 Blumenau - Santa Catarina. Tel. (47) 9102-3303 http://www.netron.com.br/~eduardo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
sqwebmail3.0.0 and vpopmail4.9.10
Hi, I installed the mentionned packages and get the following error when compiling sqwebmail : gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I .. -I./.. -c authvchkpw.c authvchkpw.c: In function `auth_vchkpw_changepass': authvchkpw.c:142: warning: assignment from incompatible pointer type authvchkpw.c:151: dereferencing pointer to incomplete type authvchkpw.c:151: dereferencing pointer to incomplete type make[1]: *** [authvchkpw.o] Error 1 make[1]: Leaving directory `/home/luc/download/sqwebmail-3.0.0/authlib' make: *** [all-recursive] Error 1 [root@josephine sqwebmail-3.0.0]# configure line is : ./configure --enable-cgibindir=/usr/local/httpd/cgi-bin --enable-htmldir=/us r/local/httpd/htdocs --without-authpam --without-authuserdb --enable-webpass=no --without-authpwd --without-authsha dow do you know how to get it working correctly ? thanks Luc
Re: sqwebmail3.0.0 and vpopmail4.9.10
Get vpopmail 4.10.32 Tren. On Tue, 4 Sep 2001, Schiltz Luc wrote: Hi, I installed the mentionned packages and get the following error when compiling sqwebmail : gcc -DHAVE_CONFIG_H -I. -I. -I. -I/home/vpopmail/include -g -O2 -Wall -I .. -I./.. -c authvchkpw.c authvchkpw.c: In function `auth_vchkpw_changepass': authvchkpw.c:142: warning: assignment from incompatible pointer type authvchkpw.c:151: dereferencing pointer to incomplete type authvchkpw.c:151: dereferencing pointer to incomplete type make[1]: *** [authvchkpw.o] Error 1 make[1]: Leaving directory `/home/luc/download/sqwebmail-3.0.0/authlib' make: *** [all-recursive] Error 1 [root@josephine sqwebmail-3.0.0]# configure line is : ./configure --enable-cgibindir=/usr/local/httpd/cgi-bin --enable-htmldir=/us r/local/httpd/htdocs --without-authpam --without-authuserdb --enable-webpass=no --without-authpwd --without-authsha dow do you know how to get it working correctly ? thanks Luc -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - Tren Blackburn - Ownermailto:[EMAIL PROTECTED] = = End of Time Networks http://www.eotnetworks.com - - (403) 269-2122 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-