1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/mailsrvr.c

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sun Jun 4 11:45:29 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/fb11866c6dadbd6a8d861b77
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix potential NULL pointer deref in rblchk(), observed via segfault lately

    I'm not sure why this one only started popping up now, but h_addr_list is a NULL-terminated list and it makes perfect sense that the first entry could
    be the NULL-terminator.

    gethostbyname is obsolete/deprecated and we should address that in a separate commit.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Sun Jun 4 11:46:13 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/1f7cd77aef826d3256ae4e2e
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Check return value of fread()

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wed Nov 1 15:23:13 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/f689169a82124f18d5e4ccd9
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Close socket after logging the "REFUSED SESSION from blacklisted server" msg

    Fixes issue #670

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wed Dec 13 19:11:22 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/a35cb08fb0a5f69bbe11f010
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Better resource (e.g. client thread) management

    My mail server was suddenly and inexplicably creating thousands of SMTPS
    client threads, each with a unique remote IP address, and each eventually failing with the rather obscure log message (from cryptlib):
    dbg 'Cannot read item from object' (-41) setting session active

    Eventually (after not long, really), the server would run out of resources
    and fail in weird and wonderful ways (can't malloc, can't create JS runtime
    or context, etc.). The max_clients limit (100, as I have it set) wasn't being effectively-imposed on SMTPS connections.

    The root-cause: the active_clients (counter) wasn't incremented until *after* the cryptlib/TLS setup for SMTPS connections and SMTPS/TLS connections can
    take a long time to fail, resulting in a vulnerability to an effective denial of service attack.

    Raise the minimum severity of all cryptlib/TLS log messages from Debug to
    Info.

    Create wrappers for smtp_thread() [now smtp_client_thread()] and pop3_thread [now pop3_client_thread()] that handle basic resource management (thread counters, active client counters, the client socket).

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Dec 14 16:39:05 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/f43e852a170d27afdf6e33a4
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    SMTP mail server wasn't RFC 4954 compliant for "AUTH PLAIN" logins

    The base64-encoded credentials can either be supplied with the AUTH PLAIN command or in response to a 334 server-challenge. We only supported the
    former form and logged a warning ("Missing AUTH PLAIN argument") when we received the latter. No warning is logged now and the appropriate server-challege is sent and the response accepted and base64-decoded and
    parsed as before.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat Dec 16 23:31:15 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/952a25f17aa96355e4c92e95
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    More commonization of "CLIENT BLOCKED" log messages

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Mon Jan 22 19:40:40 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/62b866c243d9a8201c55b6fa
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    If cryptInit() fails, just disable TLS support

    But continue initializing/running for other non-TLS protocol support.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 7 14:00:48 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/fa5ae01239d3488112dae489
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Some more printf formats... mostly off_t but also a size_t and an time_t

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 7 14:11:24 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/76055e3d35e795f4ceeefb0e
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Add missing header?

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 7 14:20:25 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/f44997570fb796b34f99285f
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Aha! XP_PRIsize_t is a *size*, not a *type*.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 7 14:35:39 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/aaa82ca4c9a5aac286603272
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Oh damn, this is an off_t + size_t + 1... talk about the wild west of types!

    Both long long and long are reasonable for some mixes of platforms.

    Just punt, cast the whole thing to int64_t, and forget about it.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Feb 15 22:55:31 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/5cc3767eb1d56bb0db294f86
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Use fnopen() for auto-retry when opening dnsbl_exempt.cfg for append

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat Sep 28 01:22:04 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/5564eb67e84e55e8a6dcbb0e
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    MIME-encode words that contain non-ASCII values in text header fields

    (e.g. to, from, subject) ... when transmitting to other hosts (e.g. POP3 clients or other SMTP hosts).

    For messages that contain CP437 or UTF-8 chars in these fields and were *not* imported into the BBS via SMTP or POP3, these header fields would be transmitted to other hosts with the raw CP437 or UTF-8 chars, thus violating POP3 and SMTP protocols and likely resulting in garbage displayed in message readers.

    The fix is to encode (using MIME "encoded words", per RFC 2407) where necessary.

    Since moderm mail clients (e.g. Thunderbird) don't see to support CP437
    charset in MIME encoded header fields, always translate to UTF-8 first.

    We probably should be translating message body text to UTF-8 as well, for maximum compatibilty with modern mail readers, but this commit doesn't address body text issues with CP437-encoded content. That'll come later.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sun Nov 3 03:21:51 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/42e9eb8bf7c0d7f338b46d1c
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Allow email.can to contain email sender/recipient *names* as well as addresses

    Allow filtering/blocking email based on the name portion of email header fields.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Mon Nov 11 18:49:51 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/e6d8053f3457d19d0e456ddb
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Report bigger "size of message" in POP3 LIST response

    For messages that have no body, we'd report 0. But RFC 1939 says this value
    is supposed to be "the exact size of the message in octets" <sigh>. This
    would include header fields, so while we can't know the exact RFC822 size, adding the msg's hdr.length to these values gives size > 0 for messages
    with no body text and this enables the Apple iPhone Mail app to download
    the message (fixing issue #822).

    Part two of this fix is to provide a blank line of message text when there
    is none. This changes the message displayed in the iPhone Mail app from:

    "This message cannot be displayed because of the way it is formatted.
    Ask the sender to send it again using a different format or email program.

    text/plain"

    to (the much nicer):
    "This message has no content".

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Mon Nov 11 18:56:30 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/bb3485a9c4e2c36a07aaf512
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Include the size of the message headers in the POP3 STAT response too

    I suppose if we only had messages with no body text, this value could be 0
    (not accounting for any headers) and thus throw a client off.

    So consider this as part of the fix for issue #822.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Dec 10 16:27:55 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/d8cfb5796705016a316aa670
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Add/use errprintf() to reduce severity of repeated error messages

    Part of solution for issue #619 (for the mail server)

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net