• src/sbbs3/mailsrvr.c

    From rswindell@VERT to CVS commit on Wednesday, April 10, 2019 23:32:30
    src/sbbs3 mailsrvr.c 1.685 1.686
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv26532

    Modified Files:
    mailsrvr.c
    Log Message:
    RFC822 "To" fields can contain multiple names/addresses, so can't use
    strrchr() here to find terminating chars (quotes, parens, brackets).
    e.g. '"Joe Shmoe" <joe@shmoe.com>, "Fred Smith" <fred@smith.org>'
    would be parsed as 'Joe Shmoe" <joe@shmoe.com>, "Fred Smith'.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wednesday, April 10, 2019 23:44:31
    src/sbbs3 mailsrvr.c 1.686 1.687
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv28297

    Modified Files:
    mailsrvr.c
    Log Message:
    Parse the *first* email address found in "To" header fields, not the last.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thursday, April 11, 2019 02:04:56
    src/sbbs3 mailsrvr.c 1.687 1.688
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv16891

    Modified Files:
    mailsrvr.c
    Log Message:
    Set the (new) MIMEATTACH auxattr flag when receiving mail messages that contain MIME-encoded/embedded attachments.
    We probably will want to do this for SMTP-posted messages (to subs) too.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sunday, April 28, 2019 19:02:13
    src/sbbs3 mailsrvr.c 1.689 1.690
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv8474

    Modified Files:
    mailsrvr.c
    Log Message:
    Actually store the SMTP forward-path of received mail messages in the message headers



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sunday, April 28, 2019 19:45:01
    src/sbbs3 mailsrvr.c 1.690 1.691
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    mailsrvr.c
    Log Message:
    Fix GCC warning: pointer targets in assignment differ in signedness



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tuesday, April 30, 2019 22:36:56
    src/sbbs3 mailsrvr.c 1.691 1.692
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv1989

    Modified Files:
    mailsrvr.c
    Log Message:
    Bug-fix: if the forward-path is in "<address>" notation, don't include the angle brackets in the "RCPT TO" command sent to the SMTP server. This is an old bug but now appears because we are now (recently) actually storing the SMTP forward-path in the message header.




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tuesday, April 30, 2019 22:44:03
    src/sbbs3 mailsrvr.c 1.692 1.693
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv4314

    Modified Files:
    mailsrvr.c
    Log Message:
    Don't auto-exempt "<<address>>", just "<address>"



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thursday, May 02, 2019 18:00:12
    src/sbbs3 mailsrvr.c 1.694 1.695
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv27392

    Modified Files:
    mailsrvr.c
    Log Message:
    Set the MSG_SENT netattr attribute flag after sending an email via SMTP but after sending via POP3 (the MSG_READ attribute flag is already indicating that).


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, May 10, 2019 23:23:50
    src/sbbs3 mailsrvr.c 1.695 1.696
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv5274

    Modified Files:
    mailsrvr.c
    Log Message:
    Fix most likely cause of new crashes seen in mailsrvr, calls to smb_freemsgmem():
    bounce() is using a strange method of copying a message header in memory
    (not using smb_copymsgmem) and when it frees the message, ends up with a double-free of the 2 new smbmsg_t members (not header fields): text_subtype
    and text_charset.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thursday, May 23, 2019 17:02:57
    src/sbbs3 mailsrvr.c 1.696 1.697
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv8254

    Modified Files:
    mailsrvr.c
    Log Message:
    Don't read the spamblock.cfg unnecessarily:
    We don't store (findable) hostnames in the file, so don't search for them. Don't search file if the host is listed in the spamblock_exempt.cfg file.
    If you have a really large spamblock.cfg file, this could result in the unnecessary reading of potential many megabytes of data for each inbound
    SMTP connection. We might want to read this file even less frequently and
    store the list in a searchable str_list_t or something.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, June 21, 2019 22:19:41
    src/sbbs3 mailsrvr.c 1.698 1.699
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv14834

    Modified Files:
    mailsrvr.c
    Log Message:
    MIME-encoded headers (header field values with RFC 2047 "encoded-words") are getting kind of crazy common now and being employed even when totally unnecessary (e.g. encoding strings that contain just plain ASCII):
    - normalize message header fields, when possible
    - normalize UTF-8 encoded characters, when possible (e.g. special punctuation
    chars)

    This allows text filters (e.g. subject.can, name.can) to work on MIME-encoded header fields and notifications about received e-mails are legible to humans.

    Encoded-words that contain actual non-ASCII/CP437 chars (e.g. foreign symbols, emojis) are left as encoded-words to be dealt with by whatever displays the message header.

    Special handling of folded normalized field values was necessary because
    "White space between adjacent 'encoded-word's is not displayed." (per RFC 2047)


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, June 21, 2019 22:50:57
    src/sbbs3 mailsrvr.c 1.699 1.700
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    mailsrvr.c
    Log Message:
    Fix warnings from GCC.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, June 28, 2019 14:05:39
    src/sbbs3 mailsrvr.c 1.700 1.701
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    mailsrvr.c
    Log Message:
    Translate UTF-8 "horizontal ellipsis" to 3 ASCII '.'s when normalizing MIME-encoded headers.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, July 05, 2019 22:43:03
    src/sbbs3 mailsrvr.c 1.701 1.702
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv26117

    Modified Files:
    mailsrvr.c
    Log Message:
    Moved normalize_utf8() to src/enocde/utf8.c: utf8_normalize_str().



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, July 05, 2019 23:04:41
    src/sbbs3 mailsrvr.c 1.702 1.703
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    mailsrvr.c
    Log Message:
    Fix GCC warning about signedness.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Saturday, July 06, 2019 13:10:43
    src/sbbs3 mailsrvr.c 1.703 1.704
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv5185

    Modified Files:
    mailsrvr.c
    Log Message:
    Double the size of the tmp buffer in parse_mail_address() (from 128 to 256 chars) so that massize MIME encoded header fields can be parsed successfull. :-|



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wednesday, July 24, 2019 17:19:04
    src/sbbs3 mailsrvr.c 1.705 1.706
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv28008

    Modified Files:
    mailsrvr.c
    Log Message:
    Use new smb_msg_is_utf8() to set default MIME content-type charset to UTF-8 (e.g. for UTF-8 Fido or QWK netmail messages sent over SMTP or POP3).



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thursday, August 01, 2019 23:17:29
    src/sbbs3 mailsrvr.c 1.706 1.707
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv17512

    Modified Files:
    mailsrvr.c
    Log Message:
    Use the RFC822* header fields, only when the actual header fields are MIME-encoded.
    If any RFC822* header field is a MIME-encoded UTF-8 string, then set the
    (new) auxattr MSG_HFIELDS_UTF8 flag. This will be used (soon, hopefully) to display UTF-8 encoded header fields to users. There's a gotchas here:
    - MIME-encoded header fields with other non-ASCII/8-bit charsets (e.g. CP437,
    ISO-8859) are still stored "as decoded", though the MSG_HFIELDS_UTF8 flag
    may be set *later* (which would be weird), resulting in a mixture of valid
    and invalid UTF-8 header fields. One solution would be to UTF-8-transcode all
    the non-UTF-8 header fields if *any* of them are UTF-8, but we wouldn't
    know which charset to translate *from*. Assuming CP437 isn't going to be
    correct 100% of the time - so punt for now and deal with it at display
    time. e.g. if the MSG_HFIELD_UTF8 auxattr flag is set, but an hfield contains
    invalid UTF-8 data, don't display as UTF-8 (e.g. treat as CP437). We don't
    have translations for other charsets (e.g. ISO-8859) setup yet anyway.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Friday, August 02, 2019 05:02:34
    src/sbbs3 mailsrvr.c 1.707 1.708
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    mailsrvr.c
    Log Message:
    Resolve GCC warnings:
    pointer type mismatch in conditional expression
    format '%s' expects argument of type 'char *', but argument 5 has type 'void *'




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wednesday, December 13, 2023 19:11:22
    https://gitlab.synchro.net/main/sbbs/-/commit/a35cb08fb0a5f69bbe11f010
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Better resource (e.g. client thread) management

    My mail server was suddenly and inexplicably creating thousands of SMTPS
    client threads, each with a unique remote IP address, and each eventually failing with the rather obscure log message (from cryptlib):
    dbg 'Cannot read item from object' (-41) setting session active

    Eventually (after not long, really), the server would run out of resources
    and fail in weird and wonderful ways (can't malloc, can't create JS runtime
    or context, etc.). The max_clients limit (100, as I have it set) wasn't being effectively-imposed on SMTPS connections.

    The root-cause: the active_clients (counter) wasn't incremented until *after* the cryptlib/TLS setup for SMTPS connections and SMTPS/TLS connections can
    take a long time to fail, resulting in a vulnerability to an effective denial of service attack.

    Raise the minimum severity of all cryptlib/TLS log messages from Debug to
    Info.

    Create wrappers for smtp_thread() [now smtp_client_thread()] and pop3_thread [now pop3_client_thread()] that handle basic resource management (thread counters, active client counters, the client socket).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wednesday, December 13, 2023 22:26:09
    https://gitlab.synchro.net/main/sbbs/-/commit/7d9c8624f7d9c5e0fd1cd5a7
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix extra decrement of active_clients (added in previous commit)

    And fix some use of CRYPT_UNUSED instead of cryptlib session ID.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, December 14, 2023 16:39:05
    https://gitlab.synchro.net/main/sbbs/-/commit/f43e852a170d27afdf6e33a4
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    SMTP mail server wasn't RFC 4954 compliant for "AUTH PLAIN" logins

    The base64-encoded credentials can either be supplied with the AUTH PLAIN command or in response to a 334 server-challenge. We only supported the
    former form and logged a warning ("Missing AUTH PLAIN argument") when we received the latter. No warning is logged now and the appropriate server-challege is sent and the response accepted and base64-decoded and
    parsed as before.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Saturday, December 16, 2023 23:31:15
    https://gitlab.synchro.net/main/sbbs/-/commit/952a25f17aa96355e4c92e95
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    More commonization of "CLIENT BLOCKED" log messages

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Monday, January 22, 2024 19:40:40
    https://gitlab.synchro.net/main/sbbs/-/commit/62b866c243d9a8201c55b6fa
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    If cryptInit() fails, just disable TLS support

    But continue initializing/running for other non-TLS protocol support.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Wednesday, February 07, 2024 14:00:48
    https://gitlab.synchro.net/main/sbbs/-/commit/fa5ae01239d3488112dae489
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Some more printf formats... mostly off_t but also a size_t and an time_t

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Wednesday, February 07, 2024 14:11:24
    https://gitlab.synchro.net/main/sbbs/-/commit/76055e3d35e795f4ceeefb0e
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Add missing header?

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Wednesday, February 07, 2024 14:20:25
    https://gitlab.synchro.net/main/sbbs/-/commit/f44997570fb796b34f99285f
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Aha! XP_PRIsize_t is a *size*, not a *type*.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Wednesday, February 07, 2024 14:35:39
    https://gitlab.synchro.net/main/sbbs/-/commit/aaa82ca4c9a5aac286603272
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Oh damn, this is an off_t + size_t + 1... talk about the wild west of types!

    Both long long and long are reasonable for some mixes of platforms.

    Just punt, cast the whole thing to int64_t, and forget about it.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, February 15, 2024 22:55:31
    https://gitlab.synchro.net/main/sbbs/-/commit/5cc3767eb1d56bb0db294f86
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Use fnopen() for auto-retry when opening dnsbl_exempt.cfg for append

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net