[vchkpw] Simscan Crucial matching bug
So an interesting bug in simscan I noticed when at a clients' today. She said that she was getting tons of Spam- a good 20 times what she should rightfully get. All obvious Spam as well. Looking in the headers, it's not being scanned by spamc, despite the domain being in simcontrol.The answer? They were sending mail to [EMAIL PROTECTED] Sending mail to [EMAIL PROTECTED] works as expected, but not in all caps. I'm assuming this matching is case sensitive, and since qmail and as far as I know the RFCs for mail, don't distinguish case, shouldn't that mean that simscan doesn't either?At present, varying case of the domain can disable virus and spam scanning. In theory that could be used to infect PCs who believe that they are safe (though I'm not overly concerned about the security implications as much as the effective working of this).I haven't looked at detail at the code, but will gladly do so first thing next week, unless someone else knows the easy fix.I'm guessing we just need to convert the string to lowercase at the top of per_domain_email_lookup() [and possibly per_domain_lookup() if we don't lowercase the parameter]. Possibly even just set it in set_per_domain?Haven't looked at the bigger picture as I mentioned, but wanted to point that one out. Will investigate and post. Probably a very easy fix.-M
Re: [vchkpw] concurrency
Hello Michael, In theory, ther'es always potential, particularly when dealing with files on disk. One program could in theory do one thing and not another. The MySQL database should deal with its own concurrency. The CDB database has .vpasswd.lock files when updating the password files. You probably don't have to worry about corrupting anything, but in theory one could get system time and do something unexpected on the other, particularly in deleting and creating folders. That's usually not that important. Odds are that's never going to happen that you do two opposite actions on the same [EMAIL PROTECTED] at the same time. Odds are, you won't cause any harm. Thank you for your help. I've been thinking about what you said ... The vpop commands will 1) Insert/Update/Delete the record in SQL table (such as MySQL) or CDB file 2) Create/Update/Delete the folder/file on the local file system. I don't know the order, but it will not matter. As for (1), SQL database and CDB have their own mechanism to serialize the concurrent access, so we will not worry about it. As for (2), there may be a chance of conflict in theory, because vpop commands do not implement the mechanism to avoid the concurrent access. But, in the real world, it is the rare case that the same folder is created/deleted at the same time. For example, at the time when someone is creating /home/vpopmail/domains/foo.com/tom there will be nobody to delete it. So, we need not to worry about the concurrent usage of vpop commands. Is my understanding correct? Have a nice weekend. Jun
Re: [vchkpw] concurrency
[EMAIL PROTECTED] wrote:As for (1), SQL database and CDB have their own mechanism to serialize the concurrent access, so we will not worry about it.Well SQL has its own locking, be it table or row level that will prevent a single domain from being updated at the same time. For example, an update and a delete will either update and then delete, or delete and then fail on an update. Either way, it does the right thing.As for (2), there may be a chance of conflict in theory, because vpop commands do not implement the mechanism to avoid the concurrent access.But, in the real world, it is the rare case that the same folder is created/deleted at the same time.When would you create a user and delete them at the exact same time? Either the user exists or doesn't. Whatever state you end up in is probably sane, and odds are you won't do multiple actions as each depend on the opposite state.So, we need not to worry about the concurrent usage of vpop commands.Is my understanding correct?A big question is what harm can you cause? Concurrency can always lead to unpredictability, unless you lock the whole process. Even then, you could issue a command that negates the command before it (as a whole). Worst case updating a password for an e-mail address fails because the e-mail address is deleted... so it probably doesn't matter what the password is. Worst case you are updating a domain and it gets deleted, so again, who cares about the update- and occurring in the other order is fine too.Vpopmail will prevent corruption of your data, by using locking if needed (or depend on locking of a DB system). It will lock .qmail files when it writes them. Everything else shouldn't really matter. Maildir if it doesn't exist will be created, but you shouldn't get to that state.In a database, concurrency has issues. The textbook example is subtracting from an account balance, where if two programs update the balance at the same time (through two transactions), then they can cause problems (currbal=100, currbal-50, currbal-10 -=- possible outcomes are 90, 50, or 40). In this case, multiple updates to the same datum are uncommon, and any irregularity is still something the user wanted.-M
