Re: [courier-users] Preferred OS for Courier mail server

2017-01-10 Thread Hanno Böck
Hi,

I'm more or less maintaining the gentoo packages.

On Sun, 8 Jan 2017 08:44:47 +0100
Dan Johansson <dan.johans...@bluewin.ch> wrote:

> Yes, I agree that normally Gentoo has quite new packages, but some
> packages - like courier - lag somewhat behind.
> E.g. these are the "stable" version in portage at the moment:
> mail-mta/courier  0.75.0  (current is 0.76.3)

I wanted to bump a while ago, but the 0.76.3 had some issues for which
I sent patches (which sam has included, but not released yet).

Sam: Can we have a 0.76.4 or 0.77.0? I can include the patches, but if
possible I try to avoid that and stick with unpatched upstream releases.

> net-libs/courier-unicode  1.3 (current is 1.4)

We have 1.4 in testing. I'll put that into stable together with the
next courier version.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [patch] fix new/delete mismatch

2016-09-19 Thread Hanno Böck
In the file maildrop.C there is a variable n that gets allocated with
char *n=new char [keywords_s - p + 1];
and deallocated with
delete n;

This is not correct, allocations with new (type) [size] must be
deallocated with delete [] name. So it must be "delete [] n" instead.
See attached patch, please apply.

These kinds of issues can be found by testing with address sanitizer
(-fsanitize=address in cflags).

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--- a/libs/maildrop/maildir.C	2015-12-19 18:09:18.0 +0100
+++ b/libs/maildrop/maildir.C	2016-09-19 14:23:44.899471296 +0200
@@ -254,11 +254,11 @@
 
 if (libmail_kwmSetName(, kwm, n) < 0)
 {
-	delete n;
+	delete [] n;
 	libmail_kwmDestroy(kwm);
 	throw strerror(errno);
 }
-delete n;
+delete [] n;
 			}
 
 			char *tmpkname, *newkname;


pgpoU79FgJ4L1.pgp
Description: OpenPGP digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [patch] fix duplicate definition of sqwebmail_content_charset in courier

2016-09-19 Thread Hanno Böck
Hi,

The variable sqwebmail_content_charset is defined twice, in sqwebmail.c
and gpg.c. One of them should be declared as extern.

By default gcc is lax on these things and allows duplicate global
definitions. However it is not correct and gcc can be switched to a
more strict mode with the flag -fno-common.

See attached patch, it'll declare the variable as extern in gpg.c.
Please apply.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--- a/libs/sqwebmail/gpg.c	2015-02-27 20:13:32.0 +0100
+++ b/libs/sqwebmail/gpg.c	2016-09-19 13:54:15.389533196 +0200
@@ -36,7 +36,7 @@
 extern void output_scriptptrget();
 extern void print_attrencodedlen(const char *, size_t, int, FILE *);
 extern void print_safe(const char *);
-const char *sqwebmail_content_charset;
+extern const char *sqwebmail_content_charset;
 
 
 static char gpgerrbuf[1024];


pgpsE5XGTiLUJ.pgp
Description: OpenPGP digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] addcr name collission - can we rename it?

2016-09-19 Thread Hanno Böck
On Tue, 13 Sep 2016 08:29:49 -0400
Sam Varshavchik <mr...@courier-mta.com> wrote:

> courier's addcr was historically intended to replace addcr from
> ucspi-tcp.
> 
> This is not the only binary in Courier that intentionally replaces
> some other tool's functionality.
> 
> Another one is preline, that intentionally provides the same
> functionality as procmail's getline. Why is that not a conflict?

That's much less problematic, because it has another name. (my
procmail installation has no getline, not sure why).

> A solution that's usually used elsewhere is to simply put Courier's
> bindir somewhere else, and then add it to the system shells' default
> PATHs. That's the default configure setting, bindir
> is /usr/lib/courier/bin.
> 
> Would that work here?

I'd find that a very unclean solution, so I'd rather like to avoid it.

Right now we simply don't allow parallel installation of courier and
ucspi-tcp, and if you're set on keeping addcr with this name I think
we'll keep it that way.


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


pgpca5xTE_S9a.pgp
Description: OpenPGP digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] addcr name collission - can we rename it?

2016-09-13 Thread Hanno Böck
Hi,

There's a very old bug in the Gentoo bug tracker that there's a name
collission between the courier and the ucspi-tcp package:
https://bugs.gentoo.org/show_bug.cgi?id=223155

There are similar bug reports in plenty of other distributions:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476489
https://bugs.archlinux.org/task/9116

Debian has solved this with a complicated construction using multiple
alternatives, archlinux and gentoo simply by avoiding to install both
packages in parallel.

From what I can see the main purpose of the addcr command is that it
internally is used by the smtpd code. So I think this could probably be
renamed without causing too much trouble.

Sam, do you think we can change addcr to another name, e.g. caddcr,
addcr-courier, addcr.courier or whatever you feel is most suitable?
ucspi-tcp is very old and I doubt it'll be changed, yet it still seems
popular. And unlike the courier tool I think the ucspi-tcp tool isn't
primarily meant to be used internally, so renaming it would cause more
complications.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


pgpWWPx2_3xID.pgp
Description: OpenPGP digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] MTA STS / transport security

2016-08-14 Thread Hanno Böck
Hi,

In the IETF there is currently some discussion to get new standards on
its way called MTA STS [1] (previously SMTP STS) and MUA STS[2]
(previously DEEP). Their intent is to get authenticated transport
encrypted TLS working for the email ecosystem. I find the MUA part less
interesting, because one can already resolve this manually by enforcing
TLS connections and verifying certificates, but the MTA part could fix
an important loophole of email insecurity.

Right now as you probably all know especially connections between two
mail servers can use encryption via STARTTLS, but the certificates are
often self-signed, don't match the hostname etc. and also the
encryption commands can just be stripped away by an active attacker.

The rough way it works is that a policy URL is published via DNS and
can then be fetched over HTTPS. The details are of course a bit
complicated, as it's a nontrivial problem.


I wanted to bring this up because obviously courier might be a project
interested in implementing this. Also right now would be the right time
if people want to influence the standards process and discuss whether
they have any concerns or ideas about this. The discussions happen in
the TLS UTA working [3].


[1] https://tools.ietf.org/html/draft-brotman-mta-sts-00
[2] https://tools.ietf.org/html/draft-ietf-uta-email-deep-05
[3] https://www.ietf.org/mailman/listinfo/uta

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgp4mviWvZ1GO.pgp
Description: OpenPGP digital signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] avoid invalid memory read in courier-authlib / authgetconfig

2015-11-14 Thread Hanno Böck
Hi,

I tested courier and courier-authlib compiled with address sanitizer.
This uncovered an out of bounds memory access in the file
authgetconfig.c in courier-authlib:

if (memcmp(p, env, l) == 0 &&

The problem here is that p might actually be shorter than l and thus
this reads invalid memory.

One possible fix (and probably the easiest) is to use strncmp instead.
See attached patch.

This is very similar to an issue I reported previously that got fixed
here:
https://github.com/svarshavchik/courier-libs/commit/174541a2e670c0ee70fd2fb3116209f96ecc173e

Please apply patch.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--- a/authgetconfig.c	2013-08-25 20:44:47.0 +0200
+++ b/authgetconfig.c	2015-11-14 19:08:02.909325278 +0100
@@ -76,7 +76,7 @@
 	for (i=0; i<configauth_size; )
 	{
 		p=configauth+i;
-		if (memcmp(p, env, l) == 0 &&
+		if (strncmp(p, env, l) == 0 &&
 			isspace((int)(unsigned char)p[l]))
 		{
 			p += l;


pgp57eEKKIJsH.pgp
Description: OpenPGP digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [patch] disable warnings regarding format string security

2015-05-12 Thread Hanno Böck
Hi,

Current gcc versions have a feature that warns when non-literal
strings are used as format strings (-Wformat-security). Fixing these
warnings can protect against possible format string vulnerabilities.

Such a warning is not by default a sign of a vulnerability, because in
many situations the strings are not attacker-controlled. However it is
still good coding practice to change them all not to throw a warning.

See here for more info:
https://fedoraproject.org/wiki/Format-Security-FAQ

Some distributions plan to enable -Wformat-security by default.

Attached patch will fix two instances of this warning in courier.
Please apply.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur a/libs/sqwebmail/pcp.c b/libs/sqwebmail/pcp.c
--- a/libs/sqwebmail/pcp.c	2013-08-25 20:46:53.0 +0200
+++ b/libs/sqwebmail/pcp.c	2015-05-12 11:46:12.302206143 +0200
@@ -1518,7 +1518,7 @@
 			printf(/span/tdtd width=\30\nbsp;/tdtd width=\100%%\span class=\tt\);
 			if (p-address  strcmp(p-address, @))
 			{
-printf(getarg(CONFLICTERR2));
+printf(%s, getarg(CONFLICTERR2));
 print_safe(p-address);
 			}
 			else
diff -Naur a/libs/sqwebmail/sqwebmail.c b/libs/sqwebmail/sqwebmail.c
--- a/libs/sqwebmail/sqwebmail.c	2013-11-25 03:02:39.0 +0100
+++ b/libs/sqwebmail/sqwebmail.c	2015-05-12 11:46:14.218206288 +0200
@@ -1097,7 +1097,7 @@
 c=strchr(c, '.');
 if (c)
 {
-	printf(sep);
+	printf(%s, sep);
 	print_safe(c+1);
 }
 			}


pgp4WkgJeqnMN.pgp
Description: OpenPGP digital signature
--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] file /usr/include/unicode.h collides with libunicode

2015-02-27 Thread Hanno Böck
Hi Sam,

courier-unicode installs a file
/usr/include/unicode.h

I just got a bug report from a Gentoo user that this causes trouble.
There is a library libunicode that wants to install a file with the
same name:
https://bugs.gentoo.org/show_bug.cgi?id=541422

Can you rename that file to something less generic? This will need some
careful update strategy (should update courier-unicode and everything
that uses it at the same time with the change), but I think it would
avoid trouble in the future.

I propose to just name it courier-unicode.h, that'll probably avoid any
confusion.

cu, Hanno
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgpH2aBE61zzc.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] file /usr/include/unicode.h collides with libunicode

2015-02-27 Thread Hanno Böck
On Fri, 27 Feb 2015 18:46:23 +0100
Hanno Böck ha...@hboeck.de wrote:

 courier-unicode installs a file
 /usr/include/unicode.h

Addition: It's more than that, /usr/lib/libuncode.* also collides. So I
think both should be renamed (something
like /usr/lib/libunicode-courier.* or /usr/lib/libcourier-unicode.*)

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgpeChYou0aTH.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] make testsuite work with user without a default shell

2015-02-16 Thread Hanno Böck
Hi,

I noted that the test suite currently fails in Gentoo. The reason is
that it is executed with a user without a default shell and one of the
maildrop tests will fail with that.

This can be fixed by explicitly setting the SHELL variable in the
respective test to /bin/sh, therefore making the test suite more robust
in uncommon environments. See attached patch, please apply.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--- courier-0.74.1-plain/libs/maildrop/testsuite2	2013-08-30 02:36:07.0 +0200
+++ courier-0.74.1/libs/maildrop/testsuite2	2015-02-16 13:22:37.455698929 +0100
@@ -232,7 +232,8 @@
 
 for f in testsuite?.filter
 do
-echo 'xfilter cat' t
+echo SHELL=/bin/sh  t
+echo 'xfilter cat' t
 cat $f t
 chmod 600 t
 mv -f t $f


pgpqSmuAWpcP1.pgp
Description: OpenPGP digital signature
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] fix implicit declaration in testlookup.c

2015-02-16 Thread Hanno Böck
Hi,

Compiling courier 0.74.1 throws a warning about an implicit declaration
of the function
rfc1035_spf_gettxt_n
in the file testlookup.c.

This can easily be fixed by adding an explicit declaration. See
attached patch, please apply.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--- courier-0.74.1/libs/rfc1035/testlookup.c	2014-11-04 13:15:00.0 +0100
+++ courier-0.74.1-1/libs/rfc1035/testlookup.c	2015-02-16 13:36:14.455760592 +0100
@@ -41,6 +41,9 @@
 
 extern char rfc1035_spf_gettxt(const char *current_domain,
 			   char *buf);
+extern char rfc1035_spf_gettxt_n(const char *current_domain,
+			  char **buf);
+
 
 static void spflookup(const char *current_domain)
 {


pgpK6qo2jLLLf.pgp
Description: OpenPGP digital signature
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Ports, SSL and STARTTLS for ESMTP

2015-02-08 Thread Hanno Böck
On Sun, 08 Feb 2015 15:55:27 -0500
Justin Vallon justinval...@gmail.com wrote:

 I am on this list for courier-imap, but I use postfix for SMTP.
 Postfix has an option to only allow auth over under SSL
 (smtpd_tls_auth_only=yes # only allow auth under ssl).
 
 So, I believe this can be enforced on the (Postfix) server-side.  Is
 there an equivalent for courier smtpd?

There is, but that's not the point. The attacker can still intercept
the connection. It needs to be enforced on the client as well.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgpG69WNmKCc7.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Ports, SSL and STARTTLS for ESMTP

2015-02-08 Thread Hanno Böck
On Sun, 08 Feb 2015 16:39:17 -0500
Justin Vallon justinval...@gmail.com wrote:

 AUTH is only allowed under SSL.  Mail can only be sent (relayed) after
 AUTH.  Therefore, if the MITM prevents the client from STARTTLS'ing,
 the server will not allow mail to be sent.  Unencrypted mail will not
 be sent.

The attacker can speak STARTTLS to the server and plain text to the
client. And has a full MitM-attack.

The TLS level authentication is only in one direction - the server
authenticates itself to the client, but not the other way round (there
are in theory TLS client certificates, but usually nobody uses them).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgptVJPY5ZU6F.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Ports, SSL and STARTTLS for ESMTP

2015-02-07 Thread Hanno Böck
On Sat, 7 Feb 2015 09:54:43 -0500
Jeff Potter jpotter-cour...@codepuppy.com wrote:

 I’d support such a project, but based on my experience with my users,
 the ones for whom it would help wouldn’t care about it or understand
 the need. I’ve started recommending to my clients to use port 465 by
 default.

I'm not talking about educating users. I talk about educating mail
client developers that they ship sane defaults. They should make it
impossible to accidently have an unencrypted connection. Probably they
should even make it impossible to do unencrypted connections at all.

But not sure this is the right place to discuss it, hope we don't annoy
others with offtopic discussions.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgpnBeaRtwE9z.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Ports, SSL and STARTTLS for ESMTP

2015-02-07 Thread Hanno Böck
On Sat, 7 Feb 2015 08:40:07 -0500
Jeff Potter jpotter-cour...@codepuppy.com wrote:

 465 has the benefit that the STARTTLS keyword can’t be MITM stripped.

That's kinda the thing: STARTTLS doesn't really make that much sense
any more in a world where we essentially want to deprecate
non-crypto-logins.

Mail settings with starttls if available should be considered
dangerous. If they use starttls they need to fixate that and make sure
it can't be randomly removed.

(would be worth having a project checking various mailclients for that)

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


pgpkan5C_z16K.pgp
Description: OpenPGP digital signature
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] New versions of courier, courier-imap, sqwebmail, maildrop, and cone packages released

2014-12-13 Thread Hanno Böck
Hi sam,

unfortunately this introduced another linking order issue.
See attached patch. (you probably only need the Makefile.am part and
can auto-generate the Makefile.in part)

To avoid these in the future you could try to build courier with
LDFLAGS=-Wl,--as-needed in the future. (if it helps: you can also ask
me to do so if you're about to release new versions)

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur courier-0.74.0/libs/gpglib/Makefile.am courier-0.74.0-1/libs/gpglib/Makefile.am
--- courier-0.74.0/libs/gpglib/Makefile.am	2014-12-04 03:31:09.0 +0100
+++ courier-0.74.0-1/libs/gpglib/Makefile.am	2014-12-14 02:18:25.599274395 +0100
@@ -18,7 +18,7 @@
 
 testgpg_SOURCES=testgpg.c
 testgpg_DEPENDENCIES=libgpg.la ../numlib/libnumlib.la
-testgpg_LDADD= -lunicode $(testgpg_DEPENDENCIES)
+testgpg_LDADD= $(testgpg_DEPENDENCIES) -lunicode
 testgpg_LDFLAGS=-static
 
 mimegpg_SOURCES=mimegpg.c
diff -Naur courier-0.74.0/libs/gpglib/Makefile.in courier-0.74.0-1/libs/gpglib/Makefile.in
--- courier-0.74.0/libs/gpglib/Makefile.in	2014-12-13 15:26:42.0 +0100
+++ courier-0.74.0-1/libs/gpglib/Makefile.in	2014-12-14 02:18:35.512275143 +0100
@@ -335,7 +335,7 @@
 
 testgpg_SOURCES = testgpg.c
 testgpg_DEPENDENCIES = libgpg.la ../numlib/libnumlib.la
-testgpg_LDADD = -lunicode $(testgpg_DEPENDENCIES)
+testgpg_LDADD = $(testgpg_DEPENDENCIES) -lunicode
 testgpg_LDFLAGS = -static
 mimegpg_SOURCES = mimegpg.c
 mimegpg_LDADD = libgpg.la ../rfc2045/librfc2045.la ../rfc822/librfc822.la \


pgptFl35Vd9Jq.pgp
Description: OpenPGP digital signature
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier and rfc 4408 spf

2014-11-04 Thread Hanno Böck
Am Tue, 4 Nov 2014 13:23:25 +0100
schrieb Matus UHLAR - fantomas uh...@fantomas.sk:

 you should be glad you are receiving neutral, the SPF checker at
 http://www.kitterman.com/spf/validate.html gives something different:
 
 
   Results - PermError SPF Permanent Error: Too many DNS lookups 

I get this for all my domains.
They use a single include for spf. I don't think that's unreasonable.

Looks to me as this tool is broken, not the spf config.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Build 20141122 of courier and courier-imap packages

2014-10-23 Thread Hanno Böck
Am Wed, 22 Oct 2014 23:26:16 -0400
schrieb Sam Varshavchik mr...@courier-mta.com:

 Download: http://www.courier-mta.org/download.html

Quote:
22-Oct-2014 20141122courier-0.73.2.20141122.tar.bz2

20141122? On my calendar it's october. Package from the future? :-)



-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] problems with esmtpd / cert / pem reading after update to latest snapshot (no start line)

2014-09-20 Thread Hanno Böck
On Fri, 19 Sep 2014 20:56:26 -0400
Sam Varshavchik mr...@courier-mta.com wrote:

 I just ran a test, and on a medium-powered server, it took 2 minutes
 to generate a 2048-bit parameter. That's not too bad, I suppose. A
 new install will have to generate that the first time the server gets
 started, and things will pretty much come to a halt, until that's
 done and over with. Will have to make that prominent, somewhere…

If you're worried about generation time:
DH parameters are neither secret nor is there a problem in sharing the
same parameters amongst several hosts.

From a cryptographic perspective there wouldn't be a problem in
pre-generating one set of DH params and shipping them as the default
with all courier installations.

Btw, is there currently a way of using ECDH-ciphersuites with courier?

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Slashdot TV.  Video for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] problems with esmtpd / cert / pem reading after update to latest snapshot (no start line)

2014-09-19 Thread Hanno Böck
Hi,

I recently tried to test the latest courier snapshots (due to the spf
fixes) on one of our servers, however it doesn't really work.

When I try to connect with openssl to the smtp-port (25) via starttls I
seem to get a connection, however it's instantly terminated.

I see this in the logs:
Sep 19 17:56:45 backup1 courieresmtpd: courieresmtpd: STARTTLS failed:
couriertls: /etc/ssl/private/courier.pem: error:0906D06C:PEM
routines:PEM_read_bio:no start line


I saw that just recently someone had the same error and it was caused
by Windows/DOS-style End of Line-Characters:
http://georgik.sinusgear.com/2014/07/24/couriertls-etccourieresmtpd-pem-error0906d06cpem-routinespem_read_biono-start-line/

However I checked, my cert/pem-file has no windows-eol-chars. Is there
anything else that has changed regarding cert parsing? It's just the
cert and the key concatenated, nothing special.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Slashdot TV.  Video for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] problems with esmtpd / cert / pem reading after update to latest snapshot (no start line)

2014-09-19 Thread Hanno Böck
On Fri, 19 Sep 2014 18:50:51 -0400
Sam Varshavchik mr...@courier-mta.com wrote:

 The certificate file is getting rejected by the OpenSSL library.
 That's where this error is coming from.

I now found out what is wrong. It seems courier now needs dh params
either in the pem file or separately via TLS_DHPARAMS. We didn't have
them in our config yet.

However, while looking at this I found something worrying:
It seems the mkdhparams script defaults to 768 bit and the mkesmtpd
script defaults to 512 bit DH params. That's completely and utterly
insecure.
It's insecure in a way that this is practically breakable on a normal
home PC these days.

I'd strongly advise to raise these defaults to 2048, which is a
reasonable value these days.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Slashdot TV.  Video for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [patch] fix linking variables in module.esmtp

2014-09-17 Thread Hanno Böck
Hello Sam,

attached is a patch which fixes mostly the same issue as the patch for
lunicode I sent a few days ago. It moves library linking from LDFLAGS
to LDADD where it belongs.

I found this during huting for another issue. It doesn't seem to cause
compile failures at the moment, but it should be fixed nevertheless.

Please apply, patch is against courier git.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur courier-upstream.git/courier/courier/module.esmtp/Makefile.am courier-courier.git/courier/courier/module.esmtp/Makefile.am
--- courier-upstream.git/courier/courier/module.esmtp/Makefile.am	2014-09-17 12:42:08.629144334 +0200
+++ courier-courier.git/courier/courier/module.esmtp/Makefile.am	2014-09-17 12:42:56.087551022 +0200
@@ -93,9 +93,9 @@
 
 courieresmtpd_DEPENDENCIES=$(courieresmtp_DEPENDENCIES) \
 ../../libs/tcpd/libspipe.la
-courieresmtpd_LDADD=$(commonLDADD) ../../libs/tcpd/libspipe.la
-courieresmtpd_LDFLAGS=`@COURIERAUTHCONFIG@ --ldflags` \
-		-lcourierauthsasl -lcourierauth
+courieresmtpd_LDADD=$(commonLDADD) ../../libs/tcpd/libspipe.la \
+			-lcourierauthsasl -lcourierauth
+courieresmtpd_LDFLAGS=`@COURIERAUTHCONFIG@ --ldflags`
 
 addcr_SOURCES=addcr.c
 


signature.asc
Description: PGP signature
--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] fix linking order with -lunicode

2014-09-12 Thread Hanno Böck
Hello,

The current Makefiles of courier add -lunicode to the LDFLAGS variable
at a few places.

This is wrong. Libs should never be added to LDFLAGS. This causes the
build process to proceed with the wrong linking order which will
sometimes fail.

Such bugs usually don't cause issues unless one uses the ld-parameter
--as-needed. Many linux distributions do this by default these days, so
it's better to have the linking order correct.

See attached patch. It's against the courier-libs git repo. Please
apply.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur courier-libs/gpglib/Makefile.am courier-libs1/gpglib/Makefile.am
--- courier-libs/gpglib/Makefile.am	2014-09-12 15:05:52.760628218 +0200
+++ courier-libs1/gpglib/Makefile.am	2014-09-12 15:07:53.739115778 +0200
@@ -17,9 +17,9 @@
 	sign.c tempname.c tempname.h
 
 testgpg_SOURCES=testgpg.c
-testgpg_LDADD=libgpg.la ../numlib/libnumlib.la
+testgpg_LDADD=libgpg.la ../numlib/libnumlib.la -lunicode
 testgpg_DEPENDENCIES=$(testgpg_LDADD)
-testgpg_LDFLAGS=-static -lunicode
+testgpg_LDFLAGS=-static
 
 mimegpg_SOURCES=mimegpg.c
 mimegpg_LDADD=libgpg.la ../rfc2045/librfc2045.la ../rfc822/librfc822.la \
diff -Naur courier-libs/rfc2045/Makefile.am courier-libs1/rfc2045/Makefile.am
--- courier-libs/rfc2045/Makefile.am	2014-09-12 15:05:52.814627543 +0200
+++ courier-libs1/rfc2045/Makefile.am	2014-09-12 15:07:14.767602989 +0200
@@ -31,24 +31,23 @@
 
 reformime_SOURCES=reformime.c
 reformime_LDADD = librfc2045.la ../rfc822/libencode.la ../rfc822/librfc822.la \
-		../numlib/libnumlib.la
+		../numlib/libnumlib.la -lunicode
 reformime_DEPENDENCIES = $(reformime_LDADD)
-reformime_LDFLAGS=-static -lunicode
+reformime_LDFLAGS=-static
 
 makemime_SOURCES=makemime.c
-makemime_LDADD = ../rfc822/libencode.la ../rfc822/librfc822.la librfc2045.la ../numlib/libnumlib.la
+makemime_LDADD = ../rfc822/libencode.la ../rfc822/librfc822.la librfc2045.la ../numlib/libnumlib.la -lunicode
 makemime_DEPENDENCIES=$(makemime_LDADD)
-makemime_LDFLAGS=-static -lunicode
+makemime_LDFLAGS=-static
 
 headercheck_SOURCES=headercheck.c
-headercheck_LDADD=librfc2045.la ../rfc822/librfc822.la ../numlib/libnumlib.la
+headercheck_LDADD=librfc2045.la ../rfc822/librfc822.la ../numlib/libnumlib.la -lunicode
 headercheck_DEPENDENCIES=$(headercheck_LDADD)
-headercheck_LDFLAGS=-static -lunicode
+headercheck_LDFLAGS=-static
 
 testrfc3676parser_SOURCES=testrfc3676parser.c
-testrfc3676parser_LDADD=librfc2045.la
+testrfc3676parser_LDADD=librfc2045.la -lunicode
 testrfc3676parser_DEPENDENCIES=$(testrfc3676parser_LDADD)
-testrfc3676parser_LDFLAGS=-lunicode
 
 if HAVE_SGML
 reformime.html: reformime.sgml ../docbook/sgml2html


signature.asc
Description: PGP signature
--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] OpenSSL crash with STARTTLS in Courier

2014-05-04 Thread Hanno Böck
On Sun, 04 May 2014 13:05:30 -0500
Lindsay Haisley fmouse-cour...@fmp.com wrote:

 So it looks as if the issue here is that courier is using only SSL/TLS
 v2 or v3.  If I spec TLS v1 to couriertls I get, with no errors:

There is no TLS v2 or v3 (only legacy SSL v2/3, but that's not used
in SMTP, because it doesn't know stattls). The later versions are
numbered TLS v1.1 and v1.2.


 I'd like to configure courier to use TLS1 as a fallback in cases such
 as this.  Is this possible? 

This is possible and it is the default. Courier also does that. Every
TLS app that conforms to standards does that.

Usually what happens is something like this:
* Client: Server, I'd like to connect with TLS 1.2
* Server: Sorry, I can't do that, let's use TLS 1.0
* Client: Okay, let's use TLS 1.0

Now what happens sometimes is that servers are unable to proceed if
they're connected with a tls version they don't support. So they don't
answer at all. As far as I can remember, the Facebook-API had such a
problem when TLS 1.2 first appeared in openssl.

However, this is always a bug on the server side. Every correct
implementation of TLS 1.0 can handle this gracefully.
So mx.nv.net is using broken hardware or software. Tell them. There's
nothing you can do about it except not supporting newer and better
crypto standards (which really should not be an option if you're
serious).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] StartSSL SHA-2 x509 certificates with Courier

2014-05-01 Thread Hanno Böck
On Thu, 01 May 2014 15:13:29 +0200
Anders Le Chevalier and...@lechevalier.se wrote:

 Are there any limitations to the type of hash or other features of the
 certificates that are supported by courier?

I'm not aware of any and I'm using startssl certs successfuly with my
servers.

 Should I put something else inside the TLS_CERTFILE ? Is the order of
 the key, cert, intermediary CA and root CA important in the PEM file?

The order matters. First Cert, then intermediate. You shouldn't put the
root in at all.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] LOGGEROPT and esmtpd

2014-04-10 Thread Hanno Böck
On Mon, 07 Apr 2014 19:29:58 -0400
Sam Varshavchik mr...@courier-mta.com wrote:

 courierlogger captures error messages from its managed process, and
 sends them to syslog. The entire emstp server talks to syslog
 directly, that's why it's different. This is not something that can
 be changed trivially, since big chunks of code are also used when
 sendmail gets invoked from the command line, where standard error is
 already serving its traditional role, and logging should, truly, go
 to syslog.

I see.
Then probably a different approach might be easier: Providing an option
to change the name under that esmtpd gets logged into syslog.

I think basically changing this line
courieresmtpd.c:clog_open_syslog(courieresmtpd);
from a hardcoded string to something configurable would do, right?

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test  Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] LOGGEROPT and esmtpd

2014-04-10 Thread Hanno Böck
On Thu, 10 Apr 2014 12:48:34 +0200
Hanno Böck ha...@hboeck.de wrote:

 I see.
 Then probably a different approach might be easier: Providing an
 option to change the name under that esmtpd gets logged into syslog.
 
 I think basically changing this line
 courieresmtpd.c:  clog_open_syslog(courieresmtpd);
 from a hardcoded string to something configurable would do, right?

Quick and dirty patch attached that does this.

Sam, do you think you'd commit something like this?

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur courier-0.73.1/courier/module.esmtp/courieresmtpd.c courier-0.73.1-1/courier/module.esmtp/courieresmtpd.c
--- courier-0.73.1/courier/module.esmtp/courieresmtpd.c	2013-09-25 13:05:52.0 +0200
+++ courier-0.73.1-1/courier/module.esmtp/courieresmtpd.c	2014-04-10 12:50:55.454025200 +0200
@@ -1063,7 +1063,11 @@
 		if (p  *p  config_has_vhost(p))
 			config_set_local_vhost(p);
 
-		clog_open_syslog(courieresmtpd);
+		if ( getenv(LOGNAME) ) {
+			clog_open_syslog(getenv(LOGNAME));
+		} else {
+			clog_open_syslog(courieresmtpd);
+		}
 
 		if ((p=getenv(ESMTP_TLS))  atoi(p))
 		{


signature.asc
Description: PGP signature
--
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test  Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] LOGGEROPT and esmtpd

2014-04-07 Thread Hanno Böck
Hello,

I'd like to separate log files from the various esmtpds (25, 465, 587),
so I can see which one gets used how often by my users.

However, I currently don't see any easy way to do so.
The pop3d and imapd config files and start scripts have a variable
LOGGEROPTS in their configfile that gets passed to courierlogger.
However, the esmtpd startup script seems a bit different and doesn't
call the logger directly.

Is there a reason why LOGGEROPTS is not available for esmtpd? Sam,
could this be changed for the next version?

cu,

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature
--
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test  Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] [PATCH] courier should use DESTDIR on test ! -w commands

2012-06-24 Thread Hanno Böck
Sam, attached you'll find a patch that changes all instances of test
-w / test ! -w in couriers Makefiles.

courier-fix-root-check-svn.diff.gz
is against latest courier svn and excludes all files not in svn (that
are generated by autotools)

Can you apply this one?

-- 
Hanno Böck  mail/jabber: ha...@hboeck.de
GPG: BBB51E42   http://www.hboeck.de/


courier-fix-root-check-svn.diff.gz
Description: GNU Zip compressed data


signature.asc
Description: PGP signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] [PATCH] courier should use DESTDIR on test ! -w commands

2012-06-16 Thread Hanno Böck
On Fri, 15 Jun 2012 08:33:22 -0400
Sam Varshavchik mr...@courier-mta.com wrote:

 I don't see how it could possibly work. With the change applied, the
 install command becomes:
 
 /bin/install -c `test `id -u` != 0 || echo -o daemon -g daemon`

I see your point - my fault, I did it correct for Makefile.in, but
wrong for Makefile.am.

See attached patch - rediffed against 0.68.2, tested and this time
hopefully correct.


-- 
Hanno Böck  mail/jabber: ha...@hboeck.de
GPG: BBB51E42   http://www.hboeck.de/
diff -Naur courier-0.68.2-orig/courier/module.esmtp/Makefile.am courier-0.68.2/courier/module.esmtp/Makefile.am
--- courier-0.68.2-orig/courier/module.esmtp/Makefile.am	2012-06-07 17:54:47.0 +0200
+++ courier-0.68.2/courier/module.esmtp/Makefile.am	2012-06-16 23:01:51.363589115 +0200
@@ -32,7 +32,7 @@
 	touch $@
 
 module_PROGRAMS=courieresmtp courieresmtpd addcr
-INSTALL=@INSTALL@ `test ! -w /etc || echo -o @mailuser@ -g @mailgroup@`
+INSTALL=@INSTALL@ `test \`id -u\` != 0 || echo -o @mailuser@ -g @mailgroup@`
 INSTALL_PROGRAM=${INSTALL} -m 550
 
 EXTRA_DIST=courier.config staticlist.c esmtp.authpam.dist esmtpd.cnf.gnutls
diff -Naur courier-0.68.2-orig/courier/module.esmtp/Makefile.in courier-0.68.2/courier/module.esmtp/Makefile.in
--- courier-0.68.2-orig/courier/module.esmtp/Makefile.in	2012-06-07 17:54:50.0 +0200
+++ courier-0.68.2/courier/module.esmtp/Makefile.in	2012-06-16 23:01:51.479587666 +0200
@@ -195,7 +195,7 @@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
 GREP = @GREP@
-INSTALL = @INSTALL@ `test ! -w /etc || echo -o @mailuser@ -g @mailgroup@`
+INSTALL = @INSTALL@ `test \`id -u\` != 0 || echo -o @mailuser@ -g @mailgroup@`
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = ${INSTALL} -m 550
 INSTALL_SCRIPT = @INSTALL_SCRIPT@


signature.asc
Description: PGP signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] [PATCH] courier should use DESTDIR on test ! -w commands

2012-06-15 Thread Hanno Böck
Hi Sam,

On Thu, 07 Jun 2012 19:06:08 -0400
Sam Varshavchik mr...@courier-mta.com wrote:

 Hanno Böck writes:
 
  So the correct way should be another test for root, e.g.
  test `id -u` != 0
 
  I've prepared a patch.
  This is for both Makefile.in and Makefile.am to avoid the need for
  autotools, however the first one gets generated automatically, only
  the second one probably needs to be applied to courier.
  Please note however that this fixes the issue ONLY for
  module.esmtp, although it seems to be
  prevalent all over the couriere Makefile.am files. I wanted first to
  discuss if this is the correct approach to fix it. If you're okay
  with that, I'll send you further patches for the others.
 
 Although the intent seems to be ok, the patch itself does not really
 work.

Can you be more specific? At my local tests, it worked.
What's the issue with it? What do you think the best approach to check
for root would be?


 Also, if you're preparing an automated package build, this isn't
 really needed. Running 'make install-perms' from the top level
 directory produces a very nicely-formatted file, permissions.dat,
 that lists all the files that get installed, and what their
 permissions should be. You should use that to prepare your package.

This seems to me like a workaround rather than a fix. Better than
nothing, but still, I'd rather like see the makefile to check for root
in a more correct way.


-- 
Hanno Böck  mail/jabber: ha...@hboeck.de
GPG: BBB51E42   http://www.hboeck.de/


signature.asc
Description: PGP signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] courier should use DESTDIR on test ! -w commands

2012-06-07 Thread Hanno Böck
Hello,

It just took me some time to dig into an issue I had with courier on
Gentoo.

The problem was that certain executables like courieresmtpd were not
installed with the correct user/group settings.

I found that this line was the cause of the problem:
INSTALL=@INSTALL@ `test ! -w /etc || echo -o @mailuser@ -g @mailgroup@`

(in ./courier/module.esmtp/Makefile.am)

This tests if there's write access to /etc and decides that it can
chown then.

However, the Gentoo sandbox system, although running with root
permissions, prevents write access to /tmp.

So the correct way should be another test for root, e.g.
test `id -u` != 0

I've prepared a patch.
This is for both Makefile.in and Makefile.am to avoid the need for
autotools, however the first one gets generated automatically, only the
second one probably needs to be applied to courier.
Please note however that this fixes the issue ONLY for module.esmtp, although 
it seems to be
prevalent all over the couriere Makefile.am files. I wanted first to
discuss if this is the correct approach to fix it. If you're okay with
that, I'll send you further patches for the others.

-- 
Hanno Böck  mail/jabber: ha...@hboeck.de
GPG: BBB51E42   http://www.hboeck.de/
diff -u courier-0.68.1/courier/module.esmtp/Makefile.am courier-0.68.1-1/courier/module.esmtp/Makefile.am
--- courier-0.68.1/courier/module.esmtp/Makefile.am	2011-04-04 15:01:20.0 +0200
+++ courier-0.68.1-1/courier/module.esmtp/Makefile.am	2012-06-07 13:53:12.846012841 +0200
@@ -32,7 +32,7 @@
 	touch $@
 
 module_PROGRAMS=courieresmtp courieresmtpd addcr
-INSTALL=@INSTALL@ `test ! -w /etc || echo -o @mailuser@ -g @mailgroup@`
+INSTALL=@INSTALL@ `test `id -u` != 0 || echo -o @mailuser@ -g @mailgroup@`
 INSTALL_PROGRAM=${INSTALL} -m 550
 
 EXTRA_DIST=courier.config staticlist.c esmtp.authpam.dist esmtpd.cnf.gnutls
diff -u courier-0.68.1/courier/module.esmtp/Makefile.in courier-0.68.1-1/courier/module.esmtp/Makefile.in
--- courier-0.68.1/courier/module.esmtp/Makefile.in	2011-11-13 02:50:30.0 +0100
+++ courier-0.68.1-1/courier/module.esmtp/Makefile.in	2012-06-07 13:52:51.098284711 +0200
@@ -185,7 +185,7 @@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
 GREP = @GREP@
-INSTALL = @INSTALL@ `test ! -w /etc || echo -o @mailuser@ -g @mailgroup@`
+INSTALL = @INSTALL@ `test \`id -u\` != 0 || echo -o @mailuser@ -g @mailgroup@`
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = ${INSTALL} -m 550
 INSTALL_SCRIPT = @INSTALL_SCRIPT@


signature.asc
Description: PGP signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] Request for a new release?

2010-10-04 Thread Hanno Böck
Hi Sam,

Can you make a new release out of the latest courier snapshot?

(I'm personally mostly interested in the make check fix from 06-28, as this 
is stopping gentoo stabilization - yes, I could backport or just use the snap, 
but it'd be nicer to have a release ;-)

cu, Hanno

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de

http://schokokeks.org - professional webhosting


signature.asc
Description: This is a digitally signed message part.
--
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security 
easier or more difficult to achieve? Read this whitepaper to separate the 
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier-authlib: bundled libltdl contains security issues

2010-03-06 Thread Hanno Böck
Hi,

courier-authlib bundles libltdl version 2.2.6. This version has security 
issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736

This probably does not affect many users, because courier-authlib uses the 
system-wide libltdl if it's available.

Anyway, the bundled version should probably get an update. Alternatively you 
could just throw away the bundled version and require libltdl to be installed 
system wide. Bundling librarys is a bad idea anyway imho (due to security 
issues like this one).

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de

http://schokokeks.org - professional webhosting


signature.asc
Description: This is a digitally signed message part.
--
Download Intel#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] option to disable tarpitting

2010-02-02 Thread Hanno Böck
Courier does so-called tarpitting on connections that are considered spam. 
That means it keeps the tcp connection open for a while and is meant to eat 
ressources from spammers.

We had the problem on our servers that it was eating too much of our 
ressources. Also I'm unsure if this is generally a useful idea. But others may 
have a different opinion on that, so I think this should be made optional.

See attached patch, adds an option TARPIT to esmtpd config.

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de

http://schokokeks.org - professional webhosting
diff -Naur courier-0.64.0/courier/module.esmtp/courieresmtpd.c courier-0.64.0-1/courier/module.esmtp/courieresmtpd.c
--- courier-0.64.0/courier/module.esmtp/courieresmtpd.c	2009-08-23 12:26:34.0 +0200
+++ courier-0.64.0-1/courier/module.esmtp/courieresmtpd.c	2010-01-31 19:46:52.0 +0100
@@ -81,10 +81,14 @@
 
 static void tarpit()
 {
-	sleep(teergrube);
-	teergrube *= 2;
-	if (teergrube  MAX_TEERGRUBE)
-		teergrube=MAX_TEERGRUBE;
+	const char *p;
+	if ((p=getenv(TARPIT))  atoi(p))
+	{
+		sleep(teergrube);
+		teergrube *= 2;
+		if (teergrube  MAX_TEERGRUBE)
+			teergrube=MAX_TEERGRUBE;
+	}
 }
 
 void iov_logerror(const char *q, const char *p)
diff -Naur courier-0.64.0/courier/module.esmtp/esmtpd.dist.in courier-0.64.0-1/courier/module.esmtp/esmtpd.dist.in
--- courier-0.64.0/courier/module.esmtp/esmtpd.dist.in	2009-08-13 00:25:49.0 +0200
+++ courier-0.64.0-1/courier/module.esmtp/esmtpd.dist.in	2010-01-31 19:41:17.0 +0100
@@ -51,6 +51,12 @@
 
 BOFHNOVRFY=0
 
+##NAME: TARPIT:1
+#
+#  Set TARPIT to 0 to disable tarpitting
+
+TARPIT=1
+
 ##NAME: NOADDMSGID:0
 #
 #  The following environment variables keep Courier from adding
diff -Naur courier-0.64.0/courier/module.esmtp/esmtpd-ssl.dist.in courier-0.64.0-1/courier/module.esmtp/esmtpd-ssl.dist.in
--- courier-0.64.0/courier/module.esmtp/esmtpd-ssl.dist.in	2009-08-13 00:25:49.0 +0200
+++ courier-0.64.0-1/courier/module.esmtp/esmtpd-ssl.dist.in	2010-01-31 19:41:49.0 +0100
@@ -44,6 +44,12 @@
 
 BOFHNOVRFY=0
 
+##NAME: TARPIT:1
+#
+#  Set TARPIT to 0 to disable tarpitting
+
+TARPIT=1
+
 ##NAME: NOADDMSGID:0
 #
 #  The following environment variables keep Courier from adding


signature.asc
Description: This is a digitally signed message part.
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] maxrcpts soft and hard?

2009-10-01 Thread Hanno Böck
Hi,

While investigating a kmail problem, I noticed that our courier server sends 
the error code
431 Too many recipients.
if there are  maxrcpts receipients in a mail.

Now, 4xx error codes are for temporary errors. I found this piece of code in 
courier:
courier/submit.C-   std::cout  (max_bofh_ishard
courier/submit.C:? 531 Too many recipients.
courier/submit.C:: 431 Too many recipients.)
courier/submit.C- std::endl  std::flush;

Now, I don't understand that. It seems one can set hard and soft limits 
for maxrcpts (although I don't find anything documented about it). What should 
that mean? What's a soft limit for maxrcpts?

A 4xx error should mean for the user that just sending the same mail later 
again will work (RFC 2821), so from what I can see, it should always be 531. 
If I'm wrong, please explain me why.

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de

http://schokokeks.org - professional webhosting


signature.asc
Description: This is a digitally signed message part.
--
Come build with us! The BlackBerryreg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9#45;12, 2009. Register now#33;
http://p.sf.net/sfu/devconf___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] disable aNULL-ciphers, maybe enable medium ciphers

2009-08-12 Thread Hanno Böck
Hi,

On some investigation of my servers, I found that my common ssl cipher string 
enables the aNULL-ciphers. Those are ciphers without any authentication of the 
server certificate and their usage is discouraged.

Bernd Wurst told me that our cipher string (we're maintaining the server 
together) got once used as the default for courier, so you probably have that 
problem as well ;-)

Beside, the current default string in courier disables the medium ciphers 
(which are mainly 128 bit ciphers). I think they're perfectly okay and it's 
quite questionable if the high ciphers are an improvement (e.g. the recent 
theoretical aes attacks only work on the 256bit version, not the 128 one).

So I'm providing you two patches and ask that you apply at least one.
courier-0.62.2-sslcipherstring-anull.diff : disable aNULL
courier-0.62.2-sslcipherstring-anull-medium.diff : disable aNULL and enable 
MEDIUM

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de

http://schokokeks.org - professional webhosting
diff -Naur courier-0.62.2/courier/courierd.dist.in courier-0.62.2-sslstring/courier/courierd.dist.in
--- courier-0.62.2/courier/courierd.dist.in	2008-07-13 16:54:48.0 +0200
+++ courier-0.62.2-sslstring/courier/courierd.dist.in	2009-08-12 16:28:52.0 +0200
@@ -269,7 +269,7 @@
 #
 # OpenSSL:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength
 #
 # To enable SSL2, remove the obvious !SSLv2 part from the above list.
 #
diff -Naur courier-0.62.2/courier/module.esmtp/esmtpd.dist.in courier-0.62.2-sslstring/courier/module.esmtp/esmtpd.dist.in
--- courier-0.62.2/courier/module.esmtp/esmtpd.dist.in	2009-06-02 05:04:25.0 +0200
+++ courier-0.62.2-sslstring/courier/module.esmtp/esmtpd.dist.in	2009-08-12 16:28:52.0 +0200
@@ -139,7 +139,7 @@
 # When using the SSL23 protocol setting (see above), the following setting
 # should turn off SSL2 (leaving just SSL3 and TLS1) and all anonymous ciphers:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength
 #
 # GnuTLS:
 #
diff -Naur courier-0.62.2/courier/module.esmtp/esmtpd-ssl.dist.in courier-0.62.2-sslstring/courier/module.esmtp/esmtpd-ssl.dist.in
--- courier-0.62.2/courier/module.esmtp/esmtpd-ssl.dist.in	2008-07-12 22:17:24.0 +0200
+++ courier-0.62.2-sslstring/courier/module.esmtp/esmtpd-ssl.dist.in	2009-08-12 16:28:52.0 +0200
@@ -163,7 +163,7 @@
 #
 # OpenSSL:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength
 #
 # To enable SSL2, remove the obvious !SSLv2 part from the above list.
 #
diff -Naur courier-0.62.2/imap/imapd-ssl.dist.in courier-0.62.2-sslstring/imap/imapd-ssl.dist.in
--- courier-0.62.2/imap/imapd-ssl.dist.in	2008-07-12 22:17:24.0 +0200
+++ courier-0.62.2-sslstring/imap/imapd-ssl.dist.in	2009-08-12 16:28:52.0 +0200
@@ -147,7 +147,7 @@
 #
 # OpenSSL:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength
 #
 # To enable SSL2, remove the obvious !SSLv2 part from the above list.
 #
diff -Naur courier-0.62.2/imap/pop3d-ssl.dist.in courier-0.62.2-sslstring/imap/pop3d-ssl.dist.in
--- courier-0.62.2/imap/pop3d-ssl.dist.in	2008-07-12 22:17:25.0 +0200
+++ courier-0.62.2-sslstring/imap/pop3d-ssl.dist.in	2009-08-12 16:28:52.0 +0200
@@ -134,7 +134,7 @@
 #
 # OpenSSL:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength
 #
 # To enable SSL2, remove the obvious !SSLv2 part from the above list.
 #
diff -Naur courier-0.62.2/tcpd/libcouriertls.c courier-0.62.2-sslstring/tcpd/libcouriertls.c
--- courier-0.62.2/tcpd/libcouriertls.c	2009-06-27 18:32:50.0 +0200
+++ courier-0.62.2-sslstring/tcpd/libcouriertls.c	2009-08-12 16:28:52.0 +0200
@@ -567,7 +567,7 @@
 	SSL_CTX_set_options(ctx, SSL_OP_ALL);
 
 	if (!ssl_cipher_list)
-		ssl_cipher_list=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength;
+		ssl_cipher_list=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!an...@strength;
 
 	SSL_CTX_set_cipher_list(ctx, ssl_cipher_list);
 	SSL_CTX_set_timeout(ctx, session_timeout);
diff -Naur courier-0.62.2/courier/courierd.dist.in courier-0.62.2-sslstring/courier/courierd.dist.in
--- courier-0.62.2/courier/courierd.dist.in	2008-07-13 16:54:48.0 +0200
+++ courier-0.62.2-sslstring/courier/courierd.dist.in	2009-08-12 16:29:57.0 +0200
@@ -269,7 +269,7 @@
 #
 # OpenSSL:
 #
-# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!n...@strength
+# TLS_CIPHER_LIST=SSLv3:TLSv1:!SSLv2

[courier-users] [PATCH] add additional dirs to authmigrate.in

2009-02-22 Thread Hanno Böck
This patch is taken from gentoo linux, adds some additional dirs to 
authmigrate in courier-authlib (against latest 0.62.2), shouldn't hurt to 
apply.

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de
--- courier-authlib-0.62.2-orig/authmigrate.in	2008-07-21 02:37:45.0 +0200
+++ courier-authlib-0.62.2/authmigrate.in	2009-02-22 17:32:44.0 +0100
@@ -18,6 +18,8 @@
 rc=0
 
 for dir in	/etc/courier \
+		/etc/courier/authlib \
+		/etc/courier-imap \
 		/usr/lib/courier/etc \
 		/usr/lib/courier-imap/etc \
 		/usr/local/etc \


signature.asc
Description: This is a digitally signed message part.
--
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] [PATCH] add additional dirs to authmigrate.in

2009-02-22 Thread Hanno Böck
Am Sonntag 22 Februar 2009 schrieb Sam Varshavchik:
 Yes, but I'm shocked that this is even needed in the first place. Who's
 still running 0.48?

I don't know if it is - this patch is probably pretty old and I just want to 
reduce the amount of patches in the package.

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:ha...@hboeck.de


signature.asc
Description: This is a digitally signed message part.
--
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] [PATCH] Add destdir support to authmigrate.in in courier-authlib

2008-07-20 Thread Hanno Böck
Hi,

Attached patch adds the DESTDIR variable to some places so installing into 
DESTDIR works.

Please apply.

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:[EMAIL PROTECTED]
--- authmigrate.in.orig	2008-07-21 01:58:52.0 +0200
+++ authmigrate.in	2008-07-21 02:07:30.0 +0200
@@ -71,11 +71,11 @@
 return $rc
 }
 
-chk_file authdaemonrc @authdaemonrc@
-chk_file authmysqlrc @authmysqlrc@
-chk_file authpgsqlrc @authpgsqlrc@
-chk_file authldaprc @authldaprc@
-chk_file userdb @userdb@
+chk_file authdaemonrc [EMAIL PROTECTED]@
+chk_file authmysqlrc [EMAIL PROTECTED]@
+chk_file authpgsqlrc [EMAIL PROTECTED]@
+chk_file authldaprc [EMAIL PROTECTED]@
+chk_file userdb [EMAIL PROTECTED]@
 
 if test $? = 1
 then


signature.asc
Description: This is a digitally signed message part.
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK  win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[courier-users] courier compilation fails with --as-needed

2007-11-24 Thread Hanno Böck
courier (0.58 and all older versions I've tested) fails with Linking when 
using LDFLAGS=-Wl,--as-needed.

Reproducible with
LDFLAGS=-Wl,--as-needed ./configure
LDFLAGS=-Wl,--as-needed make

--as-needed tells the linker to only link libraries with functions that are 
actually in use. Failure usually means that the linking order is wrong at 
some place. I didn't find a bugtracker for courier, so I'm posting it here.

Output:

make[1]: Entering directory `/tmp/courier-0.58.0/tcpd'
make  all-am
make[2]: Entering directory `/tmp/courier-0.58.0/tcpd'
/bin/sh ./libtool --tag=CC   --mode=link 
gcc  -I./.. -I.. -Wall -g -O2 -static -Wl,--as-needed -o couriertcpd 
argparse.o tcpd.o tcpdaccess.o tcpremoteinfo.o 
libspipe.la ../rfc1035/librfc1035.a ../gdbmobj/libgdbmobj.la 
../liblock/liblock.la ../numlib/libnumlib.la ../waitlib/libwaitlib.a 
../soxwrap/libsoxwrap.a ../md5/libmd5.la ../random128/librandom128.la -Wl,-lgdbm
gcc -I./.. -I.. -Wall -g -O2 -Wl,--as-needed -o couriertcpd argparse.o tcpd.o 
tcpdaccess.o 
tcpremoteinfo.o -Wl,-lgdbm  ./.libs/libspipe.a ../rfc1035/librfc1035.a 
../gdbmobj/.libs/libgdbmobj.a ../liblock/.libs/liblock.a 
../numlib/.libs/libnumlib.a ../waitlib/libwaitlib.a ../soxwrap/libsoxwrap.a 
../md5/.libs/libmd5.a ../random128/.libs/librandom128.a
../gdbmobj/.libs/libgdbmobj.a(gdbmobj.o): In function `gdbm_dofetch':
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:173: undefined reference to `gdbm_fetch'
../gdbmobj/.libs/libgdbmobj.a(gdbmobj.o): In function `gdbmobj_exists':
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:110: undefined reference to 
`gdbm_exists'
../gdbmobj/.libs/libgdbmobj.a(gdbmobj.o): In function `gdbmobj_store':
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:96: undefined reference to `gdbm_store'
../gdbmobj/.libs/libgdbmobj.a(gdbmobj.o): In function `gdbmobj_close':
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:33: undefined reference to `gdbm_close'
../gdbmobj/.libs/libgdbmobj.a(gdbmobj.o): In function `gdbmobj_open':
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:63: undefined reference to `gdbm_open'
/tmp/courier-0.58.0/gdbmobj/gdbmobj.c:70: undefined reference to `gdbm_fdesc'
collect2: ld returned 1 exit status
make[2]: *** [couriertcpd] Error 1
make[2]: Leaving directory `/tmp/courier-0.58.0/tcpd'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/tmp/courier-0.58.0/tcpd'
make: *** [all-recursive] Error 1

-- 
Hanno Böck  Blog:   http://www.hboeck.de/
GPG: 3DBD3B20   Jabber/Mail:[EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users