-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 08:57 AM, Timo Sirainen wrote:
On Tue, 2011-06-07 at 08:52 -0500, Matt Brookings wrote:
/*
vpopmail 5.4 does not understand IPv6
*/
if (!(strcmp(host, "::1")))
host = "127.0.0.1";
Does this code really matter? Wouldn't SMTP relay be open from localhost always anyway?
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
/* Matt Brookings <matt@inter7.com> GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uMUEACgkQIwet2/rgZyxdcwCfYtq3lkGoFTlviG6t67c8XKMZ 67MAn1ef3Fft0Fpf1W3z3eygPoA5oTwx =neo1 -----END PGP SIGNATURE-----