Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
I agree with tonix on this one. It is probably better to put the function back into the distribution with the comment that it is depreciated and will be removed in a future version. The last thing we want to do is release a new version of vpopmail that breaks current software. Ken Jones inter7.com On Thursday 04 September 2003 4:41 pm, Charles Sprickman wrote: FWIW, I'm getting a similar error with 5.3.27: ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o ssl_timeoutio.o ndelay.a -L/usr/local/ssl/lib -lssl -lcrypto -L/home/vpopmail/lib -L/usr/local/lib/mysql -lvpopmail -lmysqlclient received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat socket.lib` qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xc51): undefined reference to `vget_real_domain' *** Error code 1 As mentioned below, if I comment out the section referencing vget_real_domain in qmail-smtpd.c, it does compile, but I would think that would affect functionality, no? [EMAIL PROTECTED]/usr/local/src/toaster/vpopmail/vpopmail-5.3.27]# grep vget_real_dom * ChangeLog: - removed the need for vget_real_domain() function ChangeLog: tracked it down to vget_real_domain calling ChangeLog: the vget_real_domain() function to change the domain vpopmail.h:int vget_real_domain(char *domain, int len ); Looks like the function is gone... Charles On Sun, 31 Aug 2003, tonix (Antonio Nati) wrote: Shane, I did not try the last versions of vpopmail. It looks like function vget_real_domain does not exists anymore. Try commenting out these lines of code, and please let me know. /* Check if domain is a real domain */ /* if (!stralloc_0 (domain)) die_nomem(); vget_real_domain(domain.s, domain.a); domain.len = strlen (domain.s); if (domain.len (domain.a - 1)) die_nomem(); */ /* Let's get domain's real path */ Tonino At 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error when trying to use the chkusr patch with the latest version. Below is the error from qmail. I tried compiling again with 5.3.24 successfully so I then tried 5.3.25 and that failed also, with the same error. ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \ `head -1 conf-vpopmail`/lib/libvpopmail.a \ /usr/lib/mysql/libmysqlclient.a -lz qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 Regards Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
There is a sourceforge tracker item open for this issue [800738] I have uploaded a patch there now to restore this function to ensure backwards compatibility with the chkusr patch I added comments to the function to mark it is depreciated Michael. - Original Message - From: Ken Jones [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 06, 2003 2:02 AM Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysql I agree with tonix on this one. It is probably better to put the function back into the distribution with the comment that it is depreciated and will be removed in a future version. The last thing we want to do is release a new version of vpopmail that breaks current software. Ken Jones inter7.com On Thursday 04 September 2003 4:41 pm, Charles Sprickman wrote: FWIW, I'm getting a similar error with 5.3.27: ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o ssl_timeoutio.o ndelay.a -L/usr/local/ssl/lib -lssl -lcrypto -L/home/vpopmail/lib -L/usr/local/lib/mysql -lvpopmail -lmysqlclient received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat socket.lib` qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xc51): undefined reference to `vget_real_domain' *** Error code 1 As mentioned below, if I comment out the section referencing vget_real_domain in qmail-smtpd.c, it does compile, but I would think that would affect functionality, no? [EMAIL PROTECTED]/usr/local/src/toaster/vpopmail/vpopmail-5.3.27]# grep vget_real_dom * ChangeLog: - removed the need for vget_real_domain() function ChangeLog: tracked it down to vget_real_domain calling ChangeLog: the vget_real_domain() function to change the domain vpopmail.h:int vget_real_domain(char *domain, int len ); Looks like the function is gone... Charles On Sun, 31 Aug 2003, tonix (Antonio Nati) wrote: Shane, I did not try the last versions of vpopmail. It looks like function vget_real_domain does not exists anymore. Try commenting out these lines of code, and please let me know. /* Check if domain is a real domain */ /* if (!stralloc_0 (domain)) die_nomem(); vget_real_domain(domain.s, domain.a); domain.len = strlen (domain.s); if (domain.len (domain.a - 1)) die_nomem(); */ /* Let's get domain's real path */ Tonino At 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error when trying to use the chkusr patch with the latest version. Below is the error from qmail. I tried compiling again with 5.3.24 successfully so I then tried 5.3.25 and that failed also, with the same error. ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \ `head -1 conf-vpopmail`/lib/libvpopmail.a \ /usr/lib/mysql/libmysqlclient.a -lz qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 Regards Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
FWIW, I'm getting a similar error with 5.3.27: ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o ssl_timeoutio.o ndelay.a -L/usr/local/ssl/lib -lssl -lcrypto -L/home/vpopmail/lib -L/usr/local/lib/mysql -lvpopmail -lmysqlclient received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat socket.lib` qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xc51): undefined reference to `vget_real_domain' *** Error code 1 As mentioned below, if I comment out the section referencing vget_real_domain in qmail-smtpd.c, it does compile, but I would think that would affect functionality, no? [EMAIL PROTECTED]/usr/local/src/toaster/vpopmail/vpopmail-5.3.27]# grep vget_real_dom * ChangeLog: - removed the need for vget_real_domain() function ChangeLog: tracked it down to vget_real_domain calling ChangeLog: the vget_real_domain() function to change the domain vpopmail.h:int vget_real_domain(char *domain, int len ); Looks like the function is gone... Charles On Sun, 31 Aug 2003, tonix (Antonio Nati) wrote: Shane, I did not try the last versions of vpopmail. It looks like function vget_real_domain does not exists anymore. Try commenting out these lines of code, and please let me know. /* Check if domain is a real domain */ /* if (!stralloc_0 (domain)) die_nomem(); vget_real_domain(domain.s, domain.a); domain.len = strlen (domain.s); if (domain.len (domain.a - 1)) die_nomem(); */ /* Let's get domain's real path */ Tonino At 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error when trying to use the chkusr patch with the latest version. Below is the error from qmail. I tried compiling again with 5.3.24 successfully so I then tried 5.3.25 and that failed also, with the same error. ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \ `head -1 conf-vpopmail`/lib/libvpopmail.a \ /usr/lib/mysql/libmysqlclient.a -lz qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 Regards Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
- Original Message - From: Charles Sprickman [EMAIL PROTECTED] To: tonix (Antonio Nati) [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:41 AM Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysql FWIW, I'm getting a similar error with 5.3.27: qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xc51): undefined reference to `vget_real_domain' *** Error code 1 As mentioned below, if I comment out the section referencing vget_real_domain in qmail-smtpd.c, it does compile, but I would think that would affect functionality, no? [EMAIL PROTECTED]/usr/local/src/toaster/vpopmail/vpopmail-5.3.27]# grep vget_real_dom * ChangeLog: - removed the need for vget_real_domain() function ChangeLog: tracked it down to vget_real_domain calling ChangeLog: the vget_real_domain() function to change the domain vpopmail.h:int vget_real_domain(char *domain, int len ); Looks like the function is gone... That function was removed in 5.3.26 because it was obsoleted quite a while ago (5.1.10 according to the changelog). Before removing, I remember checking through all the vpopmail source and confirmed there was no calls to this function. However I see now that your patch was using this code still. The recommended way to lookup a real domain is now by calling vget_assign like this : vget_assign(somedomain, NULL, 0, NULL, NULL) If somedomain was an alias domain, it will be rewritten as the real domain If somdomain was a real domain, then it will return unchanged. Hope that helps Michael.
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
I studied the code, before suggesting that, and Shane confirmed it works ok. The dead function, has been absorbed by an existing function. The existing function is just following the to be commented lines, so the functionality os ok. [But I think the dead routine could be mantained, inside vpopmail, for compatibility, giving time to people to update various patches.] Ciao, Tonino At 04/09/03 04/09/03 -0400, Charles Sprickman wrote: FWIW, I'm getting a similar error with 5.3.27: ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o ssl_timeoutio.o ndelay.a -L/usr/local/ssl/lib -lssl -lcrypto -L/home/vpopmail/lib -L/usr/local/lib/mysql -lvpopmail -lmysqlclient received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat socket.lib` qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xc51): undefined reference to `vget_real_domain' *** Error code 1 As mentioned below, if I comment out the section referencing vget_real_domain in qmail-smtpd.c, it does compile, but I would think that would affect functionality, no? [EMAIL PROTECTED]/usr/local/src/toaster/vpopmail/vpopmail-5.3.27]# grep vget_real_dom * ChangeLog: - removed the need for vget_real_domain() function ChangeLog: tracked it down to vget_real_domain calling ChangeLog: the vget_real_domain() function to change the domain vpopmail.h:int vget_real_domain(char *domain, int len ); Looks like the function is gone... Charles On Sun, 31 Aug 2003, tonix (Antonio Nati) wrote: Shane, I did not try the last versions of vpopmail. It looks like function vget_real_domain does not exists anymore. Try commenting out these lines of code, and please let me know. /* Check if domain is a real domain */ /* if (!stralloc_0 (domain)) die_nomem(); vget_real_domain(domain.s, domain.a); domain.len = strlen (domain.s); if (domain.len (domain.a - 1)) die_nomem(); */ /* Let's get domain's real path */ Tonino At 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error when trying to use the chkusr patch with the latest version. Below is the error from qmail. I tried compiling again with 5.3.24 successfully so I then tried 5.3.25 and that failed also, with the same error. ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \ `head -1 conf-vpopmail`/lib/libvpopmail.a \ /usr/lib/mysql/libmysqlclient.a -lz qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 Regards Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
RE: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane -Original Message-From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] Sent: Monday, 1 September 2003 5:05 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysqlShane,I did not try the last versions of vpopmail.It looks like function vget_real_domain does not exists anymore.Try commenting out these lines of code, and please let me know./* Check if domain is a real domain */ /*if (!stralloc_0 (domain)) die_nomem();vget_real_domain(domain.s, domain.a);domain.len = strlen (domain.s);if (domain.len (domain.a - 1)) die_nomem();*//* Let's get domain's real path */ ToninoAt 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error whentrying to use the chkusr patch with the latest version. Below is theerror from qmail. I tried compiling again with 5.3.24 successfullyso I then tried 5.3.25 and that failed also, with the same error../load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \datetime.a getln.a open.a sig.a case.a env.a stralloc.a \alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \`head -1 conf-vpopmail`/lib/libvpopmail.a \/usr/lib/mysql/libmysqlclient.a -lzqmail-smtpd.o: In function `realrcpt_check':qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain'collect2: ld returned 1 exit statusmake: *** [qmail-smtpd] Error 1RegardsShane [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane
RE: [vchkpw] 5.3.26 error with chkusr patch + mysql
Title: Message Yes, you should be using some form of tarpitting as well with this patch. There is no need for someone to be connecting xx number of times per minute. Shane -Original Message-From: Brad Dameron [mailto:[EMAIL PROTECTED] Sent: Monday, 1 September 2003 7:38 PMTo: [EMAIL PROTECTED]Subject: Re: [vchkpw] 5.3.26 error with chkusr patch + mysql Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
Just thinking out loud. The approach of tarpitting is to slow down the attacker without impacting your network or requiring additional resources on your end to deal with the cracker. I *think* it does this by analyzing the volume of incoming SMTP requests from the same host. The approach of chkuser is to reduce the amount of incoming messages by denying unknown recipients before the message Data is transmitted. I would hate to see an expanded chkuser that requires extensive database activity to log/monitor/tarpit the username requests. That's throwing more resources at a problem I think its entirely appropriate to respond VERY slowly to an unknown username request. HOWEVER, if I suddenly have a shortage of SMTPD daemons because they are left open to service the chkuser tarpit, and that hurts my email service quality, then I haven't gained anything. I would rather be fast at dumping chkuser denials and let them guess. I guess if there was a child daemon that could handle ALL of the chkuser tarpits (instead of keeping an SMTPD open) then we might have something really great. Sorry if I'm being too utopian, or too vague. Just trying to contribute. D. I thought of this initially, but then I forgot because of the general gain this patch gives. We could introduce a delay for each not existing user, or a limit for the maximum number of rcpt to. But for a massive hacker, that could not be a problem. I'm thinking of a more sophisticated code, but I surely would need of a database where to record every attempt. Let me know general opinions, Tonino At 01/09/03 01/09/03 -0700, Brad Dameron wrote: Speaking of this patch. I think there is a potential of people being able to harvest e-mail accounts using a dictionary, etc. They can connect up and just validate e-mail addresses with this patch to determine if they are valid or not. This could be a spammers dream come true. I have seen this occur on sendmail servers. Brad - Original Message - From: mailto:[EMAIL PROTECTED]Shane Chrisp Tonino, Thanks for the reply. That has fixed the problem. Compiles now, and it works still with the mysql backend. cheers Shane [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
- Original Message - From: [EMAIL PROTECTED] Just thinking out loud. The approach of tarpitting is to slow down the attacker without impacting your network or requiring additional resources on your end to deal with the cracker. I *think* it does this by analyzing the volume of incoming SMTP requests from the same host. The approach of chkuser is to reduce the amount of incoming messages by denying unknown recipients before the message Data is transmitted. I would hate to see an expanded chkuser that requires extensive database activity to log/monitor/tarpit the username requests. That's throwing more resources at a problem I think its entirely appropriate to respond VERY slowly to an unknown username request. HOWEVER, if I suddenly have a shortage of SMTPD daemons because they are left open to service the chkuser tarpit, and that hurts my email service quality, then I haven't gained anything. I would rather be fast at dumping chkuser denials and let them guess. I guess if there was a child daemon that could handle ALL of the chkuser tarpits (instead of keeping an SMTPD open) then we might have something really great. Sorry if I'm being too utopian, or too vague. Just trying to contribute. D. I thought on this whole ordeal for several hours and the best way I could come up with is the following: If so many invalid addresses in one connection then enter ip in tcpserver's tcp.smtp file with a deny of IP. This will be removed every so many minutes by a cron job. This way you could add a dely on how fast they could get the addressess. Thi seems to be the least overhead way that I have come up with. Any thoughts on this? Brad
Re: [vchkpw] 5.3.26 error with chkusr patch + mysql
Shane, I did not try the last versions of vpopmail. It looks like function vget_real_domain does not exists anymore. Try commenting out these lines of code, and please let me know. /* Check if domain is a real domain */ /* if (!stralloc_0 (domain)) die_nomem(); vget_real_domain(domain.s, domain.a); domain.len = strlen (domain.s); if (domain.len (domain.a - 1)) die_nomem(); */ /* Let's get domain's real path */ Tonino At 01/09/03 01/09/03 +0800, Shane Chrisp wrote: Im setting up a new system and I found that there is an error when trying to use the chkusr patch with the latest version. Below is the error from qmail. I tried compiling again with 5.3.24 successfully so I then tried 5.3.25 and that failed also, with the same error. ./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \ timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \ received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \ datetime.a getln.a open.a sig.a case.a env.a stralloc.a \ alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \ socket.lib` -lssl -lcrypto dns.o `cat dns.lib` -lcrypt \ `head -1 conf-vpopmail`/lib/libvpopmail.a \ /usr/lib/mysql/libmysqlclient.a -lz qmail-smtpd.o: In function `realrcpt_check': qmail-smtpd.o(.text+0xf29): undefined reference to `vget_real_domain' collect2: ld returned 1 exit status make: *** [qmail-smtpd] Error 1 Regards Shane [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]