mechanisms, save this bit of information in $self->{_auth_mechanisms}. Then, in auth(), instead of calling Qsmtpd::Auth::SASL, respond 504 and return DENY if the authentication method requested is not in $self->{_auth_mechanisms}.Patch:See attachment.Regards,Brian Szymanski[EMAIL PROTECTED
ommand line too long]
501 Syntax error in parameters or arguments
502 Command not implemented
Cheers,
B
On Sep 20, 2006, at 6:22 AM, Brian Szymanski wrote:
Summary:
qpsmtpd tries to get authentication information for methods which
it has no registered hooks. From section 4 of the s
On Sep 20, 2006, at 9:57 AM, John Peacock wrote:
Brian Szymanski wrote:
The fix:
In ehlo(), when we determine the available auth mechanisms, save
this bit of information in $self->{_auth_mechanisms}. Then, in auth
(), instead of calling Qsmtpd::Auth::SASL, respond 504 and return
DENY
On Sep 20, 2006, at 11:11 AM, John Peacock wrote:
Brian Szymanski wrote:
Hmmm... Pardon my ignorance, as I'm new to qpsmtp hacking (as the
following will probably lay bare!) - would having the information
in %auth_mechanisms in a package variable result in that
information st
lf->config('databytes') ? "SIZE ". ($self-
>config('databytes'))[0] : ()),
@capabilities,
+#added by ski 9/21/2006 for compatibility with broken clients
+ (1 ? 'AUTH='.join(' ', keys %auth_mechanisms) : '&#
to determine whether his/her server
will provide the hackish workaround. It's just a binary configuration
value.
Cheers,
Brian
---
Brian Szymanski
[EMAIL PROTECTED]
cell: 202.747.4019
work: 202.546.0777 ext. 114
skype: xbrianskix
aim: xbrianskix
se64) to a list :)
On Sep 22, 2006, at 5:25 PM, Robin Bowes wrote:
Robin Bowes wrote:
John Peacock wrote:
Brian Szymanski wrote:
Summary:
qpsmtpd tries to get authentication information for methods
which it
has no registered hooks.
To follow up, I committed a change based on your patc
hanisms{uc($mechanism)} ) {
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self,
$mechanism, @stuff );
} else {
$self->log(2, "mechanism: $mechanism, avaliable:
".join(" : ", keys %auth_mechanisms)."\n");
Cheers,
Brian
On Sep
message:
From: Brian Szymanski <[EMAIL PROTECTED]>
Date: September 24, 2006 10:20:10 AM EDT
To: qpsmtpd@perl.org
Cc: Robin Bowes <[EMAIL PROTECTED]>
Subject: Re: Subject: patch for correct behavior with unimplemented
auth mechanisms
Actually, I lied, the last patch does not fix the pr
# unique number. The rand() is there in case the user logs
in more than
On Sep 24, 2006, at 6:38 AM, Robin Bowes wrote:
John Peacock wrote:
Brian Szymanski wrote:
The problem is this: $mechanism has been made lowercase, and keys of
%auth_mechanisms have all been made uppercase.
I swear
nism} ) {
+if( exists $auth_mechanisms{uc $mechanism} ) {
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self,
$mechanism, @stuff );
} else {
$self->respond( 504, "Unimplemented authentification
mechanism: $mechanism" );
Cheers,
B
On Sep 24, 2006, at 8:
Please ignore these last two messages, as they have been superseded
by my later forward, and John's svn commit 662.
Sorry for the duplication.
Cheers,
B
On Sep 24, 2006, at 10:20 AM, Brian Szymanski wrote:
Actually, I lied, the last patch does not fix the problem...
Qpsmtpd::Plugin
it to the Wiki.
Regards
James Turnbull
--
James Turnbull <[EMAIL PROTECTED]>
---
Author of Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
Hardening Linux
(http://www.amazon.com/gp/product/159059/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search
TED]
~> From: [EMAIL PROTECTED]
~> Subject: test Mon, 02 Oct 2006 21:12:58 -0400
~> X-Mailer: swaks v20060621.0 jetmore.org/john/code/#swaks
~>
~> This is a test mailing
~>
~> .
<~ 250 Queued! 1159837981 qp 7648 <>
~> QUIT
<~ 221 mailtest closing connection. Have a wonderful day.
=== Connection closed with remote host.
Any ideas?
---
Brian Szymanski
[EMAIL PROTECTED]
On Oct 2, 2006, at 10:18 PM, John Peacock wrote:
Brian Szymanski wrote:
I want to restrict my auth handlers for plain and login to secure
(SSL
or TLS) connections, so that CRAM-MD5 is the only one that can be
used
with plaintext.
The recommended way to deal with that is to run branches
On Oct 3, 2006, at 2:31 PM, John Peacock wrote:
Brian Szymanski wrote:
Unless I'm missing something, this doesn't work with connections
on port 465 (SSL instead of STARTTLS), which is something we need
to support.
Yes, you are missing something. The current state of qpsmtpd-
NTS-15}" \
--max-from-ip "${MAXCONNECTIONS-5}" \
--user "${QPUSER-smtpd}"
'
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
---
Brian Szymanski
[EMAIL PROTECTED]
plugins/tls uses only ciphers that openssl considers to be "high
security". While this is a Good Thing, I found that one client I need
(versamail 3.x) needs ciphers not classified by openssl as "high
security" (specifically, it needs either RC4-SHA or RC5-MD5). I
wouldn't be surprised if ot
ld not print
[$line]: $!"), return 0);
+$buf .= "$line\r\n";
}
+ print $buf or ($self->log(LOGERROR, "Could not print [$buf]: $!"),
return 0);
return 1;
}
---
Brian Szymanski
[EMAIL PROTECTED]
e a neat little trick / ugly little hack.
New one on me.
Cheers,
B
On Oct 4, 2006, at 9:42 AM, John Peacock wrote:
Brian Szymanski wrote:
plugins/tls uses only ciphers that openssl considers to be "high
security". While this is a Good Thing, I found that one client I
need (versama
On Oct 4, 2006, at 9:51 AM, John Peacock wrote:
Brian Szymanski wrote:
After much head scratching, I found that TcpServer.pm doesn't
buffer it's output.
Committed in r664. Please send patches as attachments in the
future; both of your recent submissions had to be applie
Oct 4, 2006, at 2:05 PM, Michael C. Toren wrote:
On Wed, Oct 04, 2006 at 04:27:34AM -0400, Brian Szymanski wrote:
After much head scratching, I found that TcpServer.pm doesn't buffer
it's output. This means that each print gets translated into a
separate packet.
Is TCP_NODELAY being se
I mostly agree, but it does add a fair amount of overhead at ehlo
time - 5 extra round trips to someone on a mobile/dialup/lossy
connection would really do horrible things to latency and feel much
slower.
---
Brian Szymanski
[EMAIL PROTECTED]
tcpserver framework.
If you are specifically looking to limit connections, I'm sorry but
I have
no solution.
peter
---
Brian Szymanski
[EMAIL PROTECTED]
What client are you trying to use?
What's in the error log above and below that line? Have you tried to
bump up the logging level by uncommenting the debug constants after
the use IO::Socket::SSL line?
When I did that I found that the issue I was having (this was with
plain old tcpserver,
but I'd be happy to refactor this patch, if other folks think
it is necessary, to re-enable config/tls_before_auth, or at least die
and instruct the admin to use the new format.
auth_secure_conditions.patch
Description: Binary data
config.sample-auth_secure_conditions
Description: Bi
e strace from before it hangs
unfortunatly, and I will keep trying that, was just wondering if
anyone else have seen it, and if you got anywhere with it.
andreas
---
Brian Szymanski
[EMAIL PROTECTED]
have to correct that situation... Perhaps correcting that would also
solve the double-bounce problem, too...
Cheers,
Kjetil
--
Kjetil Kjernsmo
Programmer / Astrophysicist / Ski-orienteer / Orienteer / Mountaineer
[EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BB
2 quick notes about your plugin and then a tangentially related rant:
- Isn't /etc/qpsmtpd a weird place to put configurations? Don't these
belong in $QPSMTPD_HOME/config ?
- Why depend on a full fledged SQL backend, when you have support for
DBD files to deal with various other things? The op
Right, but patches shouldn't assume platform-dependent directory
structure.
It strikes me that if debian (or some other vendor) has patches to
change where the config directory lives, then they can do the same
for this or any other patch.
This brings to mind the recent mention of giving q
Howdy...
Sorry if this is offtopic but the problem is related to this list and
I can't be the only one with it...
My spamassassin install is flagging all emails with patches on my
system because of the binary/octet-stream mime type. I tried skipping
files that match Content-Type\s*:\s*app
connections)
# "port " -> allow any connection to this local port. useful
# when firewalls restrict access to secure networks, or port uses
SSL
# "ip " -> ip address or beginning of subnet to allow
# access to. be wary of trailing dots, as "ip 10" is not the same as
# "ip 10." (you probably want the latter).
# "fallback " - allowable auth mechanisms for
# connections that don't meet the "secure" criteria. if not
specified
# auth is not offered at all over these connections.
ssl
ip 10.
ip 192.168.
ip 127.
fallback CRAM-MD5
Cheers,
Brian Szymanski
[EMAIL PROTECTED]
connections)
# "port " -> allow any connection to this local port. useful
# when firewalls restrict access to secure networks, or port uses
SSL
# "ip " -> ip address or beginning of subnet to allow
# access to. be wary of trailing dots, as "ip 10" is not the same as
# "ip 10." (you probably want the latter).
# "fallback " - allowable auth mechanisms for
# connections that don't meet the "secure" criteria. if not
specified
# auth is not offered at all over these connections.
ssl
ip 10.
ip 192.168.
ip 127.
fallback CRAM-MD5
Cheers,
Brian Szymanski
[EMAIL PROTECTED]
Apologies for the dupe (and extra noise of this response) - my mail
client froze in the midst of sending, and told me it hadn't sent.
Cheers,
Brian
On Nov 1, 2006, at 4:39 PM, Brian Szymanski wrote:
Ask Bjørn Hansen wrote:
Are there any bug-fix patches we must apply before releasing
ht come in handy?
Cheers,
Brian Szymanski
[EMAIL PROTECTED]
On Jan 4, 2007, at 10:55 AM, [EMAIL PROTECTED]
wrote:
Lo all,
I have a line in my config for check_earlytalker:
check_earlytalker 1 log 0
I've put it to log because it was rejecting connections from
some internal systems, pos
rently using forkserver - is it possible that we'd have better
luck with Apache::Qpsmtpd or pollserver?
Thanks in advance for any ideas!
Brian Szymanski
[EMAIL PROTECTED]
Matt Sergeant wrote:
> On 10-Aug-07, at 9:13 PM, Brian Szymanski wrote:
>
>> Does anyone have any ideas for dealing with a DDOS?
> [snip]
>> We're currently using forkserver - is it possible that we'd have better
>> luck with Apache::Qpsmtpd or pollserver?
&g
ing
a package called "qmail" - we'd have qmail (from djb), net-qmail, and
qmail (new release) or something like that. If you want to hack on it,
just call it qmail-new or something totally different. Problem solved.
Regards,
Brian Szymanski
--
Brian Szymanski
email: [EMAIL PROTECTED]
If we want to migrate from 0.3x forkserver to 0.42 async, do we need to
change our plugins at all?
I seem to remember some discussion of this, but can't find it for the
life of me...
What kinds of things do plugins need to avoid in an asynchronous world?
Thanks & Cheers,
Brian Szymanski
Matt Sergeant wrote:
> On 18-Jan-08, at 3:34 PM, Brian Szymanski wrote:
>
>> Thanks all for your responses. So, to be clear, moving to -async from
>> -forkserver should be a performance win, even if the plugins stay as
>> they are?
>
> Still depends what your p
Guy Hulbert wrote:
> On Fri, 2008-01-18 at 12:19 -0500, Matt Sergeant wrote:
>
>>> What kinds of things do plugins need to avoid in an asynchronous
>>> world?
>>>
>> Blocking. :-)
>>
>
> Could you elaborate a little on this or provide a reference (link not
> biblio).
>
>
Yes, pl
Thanks all for your responses. So, to be clear, moving to -async from
-forkserver should be a performance win, even if the plugins stay as
they are?
Cheers,
Brian
s = `uptime`;
> if ($res =~ /aver\S+: (\d+\.\d+)/)
> {
> return( int( $1 ) );
> }
> }
> else
> {
> my @loads = Sys::CpuLoad::load();
> return( int($loads[0]) );
> }
>
> # fail?
> return undef;
> }
>
> Steve
>
--
Brian Szymanski
email: [EMAIL PROTECTED]
skype: xbrianskix
cell: +1 202 747 4019
jabber: [EMAIL PROTECTED]
aim:xbrianskix
msn:[EMAIL PROTECTED]
of it though, fixing things the right way, since
our mail server is struggling to keep up (only partially a result of
this). Any advice on where to start to tackle this one? And, just to be
clear we're talking about the same bug, this exists in .3x as well, yea?
Cheers,
Brian Szymanski
of retries on the other side on a
non-trivial number of messages. Furthermore, with gmail in particular,
we run into issues where we wind up eating too many of their resources,
because each time they retry and fail, they have a socket open for >5
minutes (until the things times out).
Cheers
Br
Steve Kemp wrote:
> On Mon Jul 28, 2008 at 16:44:08 -0400, John Peacock wrote:
>
>
>> The plugins were not originally intended to be complete Perl scripts but
>> rather are stubs which are loaded by Qpsmptd::Plugins (which includes
>> Qpsmtpd::Constants already). It doesn't actually hurt to
Steve Kemp wrote:
> On Mon Jul 28, 2008 at 17:24:59 -0400, Brian Szymanski wrote:
>
>
>> What real errors would your diffs catch? The one case you showed
>> involved a false positive.
>>
>
> With the assumption that you run "make test" prior to
Robert Spier wrote:
> Matt Sergeant wrote:
>
>> On Mon, 28 Jul 2008 20:47:39 -0400, Brian Szymanski wrote:
>>
>>> Then let's make that diff instead - remove all the "use
>>> Qpsmtpd::Constants" in plugins, and add your test harness?
>&g
Robert Spier wrote:
>> I may have an extreme view on this, but... Systems that re-use the same
>> module in lots of other different modules tend to annoy me, because the
>> author hasn't thought out what needs to be imported when - instead
>> they've just fired a shotgun blast of use statements aro
49 matches
Mail list logo
