Re: [xmail] Address family fallback bug

2013-10-09 Thread fcxmail 
Hi, thanks for the patch !

Could you publish or send to the list the diffs against 1.27 original for your 
patch, so everybody here could :
1 - check your source code (potential bugs, security holes, ...), its allways 
good to have some 'checkers' validating it
2 - compile on they favorite Platform :)

Thanks in advance :)

Francis


===
 Message d'origine - 14/03/2013 22:44:42
===

Does your patch tries all the mx assigned ips even in -m4 mode (ipv4 only) ?

Yes. I think it's the right thing to do. In most cases, the first 
address will work. And when it doesn't, it seems wrong to ignore 
others if present, because using them might be the only way to 
deliver the message (there's no guarantee that other MXes will work, 
or there may not be other MXes at all).

Do you have binaries available (here for win32) for testing ?
(i don't have vc compiler here)

If you don't fear binaries from untrusted strangers, this is what I 
currently use:

http://web.hisoftware.cz/sob/download/XMail-1.27-af-fix-test1.7z

No problems so far.

-- 

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Address family fallback bug

2013-10-09 Thread fcxmail 

Oups, nevermind, I missed the diff was in your first post !

Sorry

In case, have you made any news changes in this code after initial post ?
(enhancements,...)

Thanks again
Francis

===
 Message d'origine - 09/10/2013 09:55:27
===

Hi, thanks for the patch !

Could you publish or send to the list the diffs against 1.27 original for your 
patch, so everybody here could :
1 - check your source code (potential bugs, security holes, ...), its allways 
good to have some 'checkers' validating it
2 - compile on they favorite Platform :)

Thanks in advance :)

Francis


===
 Message d'origine - 14/03/2013 22:44:42
===

Does your patch tries all the mx assigned ips even in -m4 mode (ipv4 only) ?

Yes. I think it's the right thing to do. In most cases, the first 
address will work. And when it doesn't, it seems wrong to ignore 
others if present, because using them might be the only way to 
deliver the message (there's no guarantee that other MXes will work, 
or there may not be other MXes at all).

Do you have binaries available (here for win32) for testing ?
(i don't have vc compiler here)

If you don't fear binaries from untrusted strangers, this is what I 
currently use:

http://web.hisoftware.cz/sob/download/XMail-1.27-af-fix-test1.7z

No problems so far.

-- 

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Address family fallback bug

2013-04-15 Thread m...@rpzdesign.com 
How to load up aliases.tab, domains.tab so that all email from a given 
domain forward to an internal or external email.


Inside domains.tab

mydomain.org

Inside aliases.tab

mydomain.org [tab] joe [tab] j...@mydomain.org [enter]
mydomain.org [tab] * [tab] j...@externaldomain.com [enter]
* [tab] postmaster [tab] webmas...@specificemail.com [enter]


What I am getting when email to f...@mydomain.org  results in a -550 
Mailbox unavailable error, when

I want the aliases.tab to pick it up and send it to j...@externaldomain.com.

The same for any postmaster emails, I want them sent to 
webmas...@specificemail.com


Anybody got any ideas?

Thanks,

md


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Address family fallback bug

2013-03-14 Thread fcxmail 
Sorry for late response

Does your patch tries all the mx assigned ips even in -m4 mode (ipv4 only) ?

Do you have binaries available (here for win32) for testing ?
(i don't have vc compiler here)

Francis



===
 Message d'origine - 10/02/2013 22:45:09
===

Hi

On my servers, I noticed increasing number of failed deliveries with 
417 Temporary delivery error and Error connecting to remote 
address. I did a little investigation and long story short, XMail 
doesn't handle address family fallback, when connection using 
preferred one does not succeed. It simply tries only one address per 
MX and if it doesn't work, it considers that MX dead and moves to another one.

Now imagine what happens when you use -M7 parameter (use IPV6 records 
if present, or IPV4 records otherwise, for host name lookups), target 
system has both IPv4 and IPv6 records set for all MXes (soon to be 
standard for most servers, well perhaps not so soon, but it's getting 
more and more common) and IPv6 is broken on either side or anywhere 
between. XMail tries connecting using only IPv6 for a while, until it 
finally gives up and returns the message as undeliverable. Which is 
wrong, because if it tried IPv4, it would deliver it just fine.

Relatively safe workaround for now, assuming IPv6 as a new thing is 
going to break more often than IPv4, is to use -M5 instead (Use IPV4 
records if present, or IPV6 records otherwise, for host name 
lookups). But it means that IPv6 won't get used at all, except for 
few rare IPv6-only MXes. Also the problem does not really go away, if 
it happens that IPv6 works while IPv4 does not, it will be back.

Attached is patch with works for me solution, i.e. not tested by 
anyone else nor even necessarily correct. It makes XMail try to 
connect to all addresses of MX before moving to next one. Apart from 
possible unintentional errors, it deliberately ignores -M5 and -M7 
parameters and uses AF_UNSPEC for getaddrinfo() and all results when 
one of them is set. It respects -M4 and -M6 if someone really wants 
to use only one address family.

IMHO -M5 and -M7 are wrong, at least on Windows, where getaddrinfo() 
with AF_UNSPEC returns addresses in best order automatically and 
manual override should not be needed. I think Linux either does that 
too or at least has means to influence it using /etc/gai.conf. So 
even if -M5 and -M7 should stay as useful for someone, adding new -M8 
for AF_UNSPEC order would be good idea.

PSYNC has the same problem. And I guess CtrlClnt connecting to server 
probably too, but it's far from critical.

-- 
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Address family fallback bug

2013-03-14 Thread Sob 



Does your patch tries all the mx assigned ips even in -m4 mode (ipv4 only) ?


Yes. I think it's the right thing to do. In most cases, the first 
address will work. And when it doesn't, it seems wrong to ignore 
others if present, because using them might be the only way to 
deliver the message (there's no guarantee that other MXes will work, 
or there may not be other MXes at all).



Do you have binaries available (here for win32) for testing ?
(i don't have vc compiler here)


If you don't fear binaries from untrusted strangers, this is what I 
currently use:


http://web.hisoftware.cz/sob/download/XMail-1.27-af-fix-test1.7z

No problems so far.

--

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] Address family fallback bug

2013-02-10 Thread Sob 

Hi

On my servers, I noticed increasing number of failed deliveries with 
417 Temporary delivery error and Error connecting to remote 
address. I did a little investigation and long story short, XMail 
doesn't handle address family fallback, when connection using 
preferred one does not succeed. It simply tries only one address per 
MX and if it doesn't work, it considers that MX dead and moves to another one.


Now imagine what happens when you use -M7 parameter (use IPV6 records 
if present, or IPV4 records otherwise, for host name lookups), target 
system has both IPv4 and IPv6 records set for all MXes (soon to be 
standard for most servers, well perhaps not so soon, but it's getting 
more and more common) and IPv6 is broken on either side or anywhere 
between. XMail tries connecting using only IPv6 for a while, until it 
finally gives up and returns the message as undeliverable. Which is 
wrong, because if it tried IPv4, it would deliver it just fine.


Relatively safe workaround for now, assuming IPv6 as a new thing is 
going to break more often than IPv4, is to use -M5 instead (Use IPV4 
records if present, or IPV6 records otherwise, for host name 
lookups). But it means that IPv6 won't get used at all, except for 
few rare IPv6-only MXes. Also the problem does not really go away, if 
it happens that IPv6 works while IPv4 does not, it will be back.


Attached is patch with works for me solution, i.e. not tested by 
anyone else nor even necessarily correct. It makes XMail try to 
connect to all addresses of MX before moving to next one. Apart from 
possible unintentional errors, it deliberately ignores -M5 and -M7 
parameters and uses AF_UNSPEC for getaddrinfo() and all results when 
one of them is set. It respects -M4 and -M6 if someone really wants 
to use only one address family.


IMHO -M5 and -M7 are wrong, at least on Windows, where getaddrinfo() 
with AF_UNSPEC returns addresses in best order automatically and 
manual override should not be needed. I think Linux either does that 
too or at least has means to influence it using /etc/gai.conf. So 
even if -M5 and -M7 should stay as useful for someone, adding new -M8 
for AF_UNSPEC order would be good idea.


PSYNC has the same problem. And I guess CtrlClnt connecting to server 
probably too, but it's far from critical.


- xmail-1.27-clean\SMTPUtils.cpp  2010-02-26 04:33:44.0 +0100
+++ xmail-1.27-af-fix\SMTPUtils.cpp 2013-02-10 16:03:44.882282400 +0100
@@ -1212,30 +1212,71 @@
 
SYS_INET_ADDR SvrAddr;
 
-   if (MscGetServerAddress(szAddress, SvrAddr, iPortNo)  0)
+   int iError;
+   struct addrinfo *pCRes, *pRes;
+   struct addrinfo AHints;
+   bool bConnected = false;
+   SYS_SOCKET SockFD;
+
+   ZeroData(AHints);
+   switch (iAddrFamily) {
+   case AF_INET:
+   AHints.ai_family = AF_INET;
+   break;
+   case AF_INET6:
+   AHints.ai_family = AF_INET6;
+   break;
+   default:
+   AHints.ai_family = AF_UNSPEC;
+   }
+
+   if ((iError = getaddrinfo(szAddress, NULL, AHints, pRes)) != 0) {
return INVALID_SMTPCH_HANDLE;
+   }
+   for (pCRes = pRes, iError = ERR_BAD_SERVER_ADDR; pCRes != NULL; pCRes = 
pCRes-ai_next) {
+   if (pCRes-ai_addr-sa_family != AF_INET  
pCRes-ai_addr-sa_family != AF_INET6)
+   continue;
 
-   SYS_SOCKET SockFD = SysCreateSocket(SysGetAddrFamily(SvrAddr), 
SOCK_STREAM, 0);
+   if (pCRes != NULL  sizeof(SvrAddr.Addr) = pCRes-ai_addrlen) 
{
+   ZeroData(SvrAddr);
+   SvrAddr.iSize = pCRes-ai_addrlen;
+   memcpy(SvrAddr.Addr, pCRes-ai_addr, pCRes-ai_addrlen);
+   } else
+   continue;
 
-   if (SockFD == SYS_INVALID_SOCKET)
-   return INVALID_SMTPCH_HANDLE;
+   if (SysSetAddrPort(SvrAddr, iPortNo)  0)
+   continue;
 
-   /*
-* Are we requested to bind to a specific interface to talk to this 
server?
-*/
-   if (pGw-pszIFace != NULL) {
-   SYS_INET_ADDR BndAddr;
+   SockFD = SysCreateSocket(SysGetAddrFamily(SvrAddr), 
SOCK_STREAM, 0);
 
-   if (MscGetServerAddress(pGw-pszIFace, BndAddr, 0)  0 ||
-   SysBindSocket(SockFD, BndAddr)  0) {
+   if (SockFD == SYS_INVALID_SOCKET)
+   continue;
+
+   /*
+* Are we requested to bind to a specific interface to talk to 
this server?
+*/
+   if (pGw-pszIFace != NULL) {
+   SYS_INET_ADDR BndAddr;
+
+   if (MscGetServerAddress(pGw-pszIFace, BndAddr, 0)  0 
||
+   SysBindSocket(SockFD, BndAddr)  0) {
+   SysCloseSocket(SockFD);
+   continue;
+   }
+