[courier-users] Received lines and trailing spaces --PATCH
Sam and anybody interested, rfc3848 compliant with clause, opaque authentication address in Received, and trailing spaces on SMTP commands. *rfc3848 compliant with clause* This is the use of ESMTP, ESMTPA, ESMTPS, ESMTPSA instead of the module name in Received lines. Complying with a standard may improve clarity. For example, SpamAssassin can cope with non-standard Received lines, such as Courier, but then would fail to match in those rare cases where an IDENT id is also present besides the AUTH. *opaque authentication address in Received* This is the AUTH: u...@example.com snippet of the Received line. This patch provides an option to avoid disclosing that address, by reusing the /fullname/ field, that is not otherwise used in STMP-AUTH. Before enabling this option, the relevant auth modules have to be configured so as to fill this field with an ASCII token, e.g. the record number. Possibly, users concerned with privacy never filled that field anyway. At any rate, some modules allow to select different data according to the service. When the option is enabled, invalid fullname values cause a fall back to the address and a log line. *trailing spaces on SMTP commands* It is known that some clients write DATA and QUIT . The reason to fix Courier rather than those buggy clients is that they may be installed on cameras or similar devices that don't provide for easy upgrades. The patch discards all trailing whitespace received on the command. I can see no cases where trailing spaces may be relevant; if there are any, we should file an errata for rfc5321. -- --- ./courier/module.esmtp/esmtpd.dist.original.in 2010-04-11 21:20:29.0 +0200 +++ ./courier/module.esmtp/esmtpd.dist.in 2010-10-10 17:33:37.0 +0200 @@ -72,6 +72,19 @@ NOADDDATE=1 +##NAME: NOAUTHADDRINRECEIVED:0 +# +# Normally, Courier reports AUTH and IDENT details in Received lines, +# thereby disclosing the address used for authentication. Setting this +# variable to 1, the user's fullname is set instead of the address. +# NOTE: for this to work, the fullname field (at least for service esmtpd) +# MUST BE COMPOSED OF ALPHANUMERIC ASCII, @, -, and . CHARS ONLY. +# In case a fullname does not satisfy that requirement, the address will be +# used instead. The authentication library setup may need to be revised in +# order to return a suitable opaque token in this case. + +NOAUTHADDRINRECEIVED=0 + ##NAME: ESMTP_LOG_DIALOG:0 # # If set, log the esmtp dialog. --- ./courier/submit.original.C 2009-02-22 17:24:25.0 +0100 +++ ./courier/submit.C 2010-10-10 13:29:29.0 +0200 @@ -61,6 +61,8 @@ const char *authname=0; +static const char *rfc3848_receivedwith=0; + const char *msgsource=0; int suppressbackscatter=0; @@ -79,6 +81,7 @@ {src, msgsource}, {delay, submitdelay}, {auth, authname}, + {rfc3848, rfc3848_receivedwith}, {0} } ; @@ -1566,9 +1569,13 @@ line += config_me(); line += with ; - - line += mf-module-name; + + if (rfc3848_receivedwith *rfc3848_receivedwith) + line += rfc3848_receivedwith; + else + line += mf-module-name; line += ; ; + line += rfc822_mkdate(submit_time); // Add unique id here. --- ./courier/module.esmtp/courieresmtpd.original.c 2010-02-02 23:30:00.0 +0100 +++ ./courier/module.esmtp/courieresmtpd.c 2010-10-11 10:21:26.0 +0200 @@ -44,7 +44,10 @@ static const char rcsid[]=$Id: courieresmtpd.c,v 1.57 2010/02/02 22:30:00 mrsam Exp $; static char helobuf[256]; -static char authuserbuf[256]; +static char authuserbuf[320]; +static struct authuserbufinfo /* content reliable if authuserbuf[0] != 0 */ + { char *va, *address, *fullname; } authuserbufinfo; +static int extended; static char tlsbuf[128+NUMBUFSIZE]; static unsigned long sizelimit; @@ -146,8 +149,7 @@ } while (*banner); } -static void ehlo(const char *heloname, int hastls, int tls, -int extended) +static void ehlo(const char *heloname, int hastls, int tls) { static const char e[]= COURIER_EXTENSIONS @@ -287,12 +289,18 @@ fclose(fromsubmit); } +static int noauthaddrinreceived(void) +{ + static char *noaddr = getenv(NOAUTHADDRINRECEIVED); + return noaddr *noaddr == '1'; +} + static void startsubmit(int tls) { -char *argv[13]; +char *argv[14]; const char *ident; char *identbuf=0; -intn; +intn, exid_ndx = 0; const char *host; char *buf; @@ -303,22 +311,30 @@ argv[1]=getenv(RELAYCLIENT) ? -src=authsmtp:-src=smtp; n=2; - if (authuserbuf[0]) + if (authuserbuf[0] *authuserbufinfo.address) { - char *p; - static char authbuf[sizeof(authuserbuf)+sizeof(-auth=)]; + strcat(strcpy(authbuf, -auth=), authuserbufinfo.address); +
[courier-users] pythonfilter error checking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I might have found the reason for those LibClamAV errors which (almost) nobody else seems to have. Today I ran aptitude which also updated all clamav packages. During installation I opted for the standard package configuration - as I didn't make any configuration changes. Soon after that I got another LibClamAV courierfilter: LibClamAV Error: cl_free: engine == NULL error. While trying to find the problem I also tested the pythonfilter clamav.py program i.e. the included python modules. - - --- python Python 2.5.2 (r252:60911, Jan 24 2010, 14:53:14) [GCC 4.3.2] on linux2 Type help, copyright, credits or license for more information. import sys import pyclamav help(pyclamav) pyclamav.version() '0.4.1' pyclamav.get_version() LibClamAV Error: cl_cvdhead: Can't open file /var/lib/clamav//daily.cvd ('0.96.3', 0, 0) - - --- Where I had a /var/lib/clamav/daily.cvd file before there was now a /var/lib/clamav/daily.cld file. It seems that 'daily.cvd' is the compressed version of 'daily.cld'. The clamav-freshclam package's standard configuration contains 'CompressLocalDatabase no'. So, the first database upgrade after the program upgrade downloaded the daily.cld file. Unfortunately pyclamav doesn't seem to understand the uncompressed format. As a result Courier will block all messages to be sent. Would it be possible to include a test for the correct clamav database versionand throw up an error if 'daily.cvd' doesn't exist? This would be very helpful and remove a potential mail disruption. Cheers, Bernd -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkyzGM8ACgkQpYU8M8PbPV4B6wCfUc0WP68hkkMJGTX7lDm9dNVA mMEAn0f0rroxWwu+xjxXRgF3iqe8FTje =NZgl -END PGP SIGNATURE- -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] pythonfilter error checking
Hello, Did you try to use pyclamd instead of pyclamav ? Best regards. Jerome Blion. On Mon, 11 Oct 2010 23:01:51 +0900, Bernd Plagge bpla...@choicenet.ne.jp wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I might have found the reason for those LibClamAV errors which (almost) nobody else seems to have. Today I ran aptitude which also updated all clamav packages. During installation I opted for the standard package configuration - as I didn't make any configuration changes. Soon after that I got another LibClamAV courierfilter: LibClamAV Error: cl_free: engine == NULL error. While trying to find the problem I also tested the pythonfilter clamav.py program i.e. the included python modules. - - --- python Python 2.5.2 (r252:60911, Jan 24 2010, 14:53:14) [GCC 4.3.2] on linux2 Type help, copyright, credits or license for more information. import sys import pyclamav help(pyclamav) pyclamav.version() '0.4.1' pyclamav.get_version() LibClamAV Error: cl_cvdhead: Can't open file /var/lib/clamav//daily.cvd ('0.96.3', 0, 0) - - --- Where I had a /var/lib/clamav/daily.cvd file before there was now a /var/lib/clamav/daily.cld file. It seems that 'daily.cvd' is the compressed version of 'daily.cld'. The clamav-freshclam package's standard configuration contains 'CompressLocalDatabase no'. So, the first database upgrade after the program upgrade downloaded the daily.cld file. Unfortunately pyclamav doesn't seem to understand the uncompressed format. As a result Courier will block all messages to be sent. Would it be possible to include a test for the correct clamav database versionand throw up an error if 'daily.cvd' doesn't exist? This would be very helpful and remove a potential mail disruption. Cheers, Bernd -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkyzGM8ACgkQpYU8M8PbPV4B6wCfUc0WP68hkkMJGTX7lDm9dNVA mMEAn0f0rroxWwu+xjxXRgF3iqe8FTje =NZgl -END PGP SIGNATURE- -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Received lines and trailing spaces --PATCH
Alessandro Vesely writes: *opaque authentication address in Received* This is the AUTH: u...@example.com snippet of the Received line. This patch provides an option to avoid disclosing that address, by reusing the /fullname/ field, that is not otherwise used in STMP-AUTH. This part of the code is a bit hard to follow. Not that the existing code is a model of clarity, but I'd like to think that after ten years my standards have improved… Presumably the message will carry the sender's address anyway, so I don't see the value added that this brings. Furthermore, I just know that, at some point later down the road the issue of using names that have non-Latin 8-bit characters will come up. I don't think now is the right time to tangle this. The other stuff, the change in the received: header format and the space stripping, that looks fine. I rolled it into courier-0.65.1.20101011.tar.bz2 pgpIevJ60SbIJ.pgp Description: PGP signature -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] pythonfilter error checking
On 10/11/2010 07:01 AM, Bernd Plagge wrote: Soon after that I got another LibClamAV courierfilter: LibClamAV Error: cl_free: engine == NULL error. I'm pretty sure that's what happens when you update to a newer clamav than pyclamav supports. The pyclamav maintainer doesn't have support for releases newer than 0.95. Patches are available. Would it be possible to include a test for the correct clamav database versionand throw up an error if 'daily.cvd' doesn't exist? If that's actually the problem: no. pythonfilter doesn't have access to the internals of clamav. -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users