[Dovecot] Patch for vpopmail roaming users support
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timo, here is a patch against the Mercurial repository that fixes and updates the support for roaming users under the vpopmail module.
Thanks!
/* Matt Brookings matt@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uKwMACgkQIwet2/rgZyyBVACfQJkigTq3dMC9+bk+dhr6UgyW bVIAnA4xtylbGpATJV0f1lgLQMo0RzMS =zrO6 -----END PGP SIGNATURE-----
On Tue, 2011-06-07 at 08:43 -0500, Matt Brookings wrote:
Timo, here is a patch against the Mercurial repository that fixes and updates the support for roaming users under the vpopmail module.
OK, but one question:
/*vpopmail 5.4 does not understand IPv6*/if (!(strcmp(host, "::1")))host = "127.0.0.1";
Does this code really matter? Wouldn't SMTP relay be open from localhost always anyway?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 08:47 AM, Timo Sirainen wrote:
On Tue, 2011-06-07 at 08:43 -0500, Matt Brookings wrote:
Timo, here is a patch against the Mercurial repository that fixes and updates the support for roaming users under the vpopmail module.
OK, but one question:
/*vpopmail 5.4 does not understand IPv6*/if (!(strcmp(host, "::1")))host = "127.0.0.1";Does this code really matter? Wouldn't SMTP relay be open from localhost always anyway?
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
When I have this situation sorted out, I'll send along another patch that either removes this, or uses the new code.
/* Matt Brookings matt@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uLToACgkQIwet2/rgZyxZTQCeI53+ejF6gCGPW+3wlSP75YN2 IUQAn31S+tWcw59QzbRqyvjPf4mIsXLL =QI9m -----END PGP SIGNATURE-----
On Tue, 2011-06-07 at 08:52 -0500, Matt Brookings wrote:
/*vpopmail 5.4 does not understand IPv6*/if (!(strcmp(host, "::1")))host = "127.0.0.1";Does this code really matter? Wouldn't SMTP relay be open from localhost always anyway?
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 08:57 AM, Timo Sirainen wrote:
On Tue, 2011-06-07 at 08:52 -0500, Matt Brookings wrote:
/*vpopmail 5.4 does not understand IPv6*/if (!(strcmp(host, "::1")))host = "127.0.0.1";Does this code really matter? Wouldn't SMTP relay be open from localhost always anyway?
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
/* Matt Brookings matt@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uMUEACgkQIwet2/rgZyxdcwCfYtq3lkGoFTlviG6t67c8XKMZ 67MAn1ef3Fft0Fpf1W3z3eygPoA5oTwx =neo1 -----END PGP SIGNATURE-----
On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote:
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
It still seems safer to me to ignore all IPv6 addresses rather than ::1 specifically. And as I understand it works just as well normally with both ways?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 09:18 AM, Timo Sirainen wrote:
On Tue, 2011-06-07 at 09:10 -0500, Matt Brookings wrote:
Unfortunately, the 5.4 branch does not understand "::1" as the loopback, and it parses the value incorrectly, leading to an open relay situation. Not all systems allow localhost to relay via SMTP without authentication.
Doesn't it also mean that if someone connects via a remote IPv6 address, it again leads to open relay? How about the attached patch instead?
Many systems will be running other qmail and vpopmail services from the ucspi-tcp package which may not be patched to support IPv6. As a result, when connecting to "::1", it will be translated to 127.0.0.1, and as I said before, some systems will not allow localhost to send without authentication.
I understand it's introducing a hackish fix into your project, but I will submit a new patch that updates this block of code when a proper solution that will work across the various system configurations is determined.
It still seems safer to me to ignore all IPv6 addresses rather than ::1 specifically. And as I understand it works just as well normally with both ways?
That will be fine. As long as it doesn't pass the IPv6 strings, and the ifdef name is changed, all should work.
Thanks!
/* Matt Brookings matt@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uiHsACgkQIwet2/rgZyw9PACcDHqW65HrFOn0ICSdOzCDoZRB 4F8AoIbftJIhfH/x8YOf4uKKtIbL3ORs =tskj -----END PGP SIGNATURE-----
participants (2)
-
Matt Brookings
-
Timo Sirainen