• src/sbbs3/mailsrvr.c

    From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Apr 24 00:28:03 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/c21d535dc7b127e029c0203a
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix observed crashes at end of pop3_thread() and smtp_thread()

    "startup" was being deref'd after the caller free'd it because these thread functions were calling thread_down() before calling mail_close_socket(), which deref's startup which was subject to a race condition.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jul 31 13:00:34 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/02448be248a5393ec95d4eaa
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    When logging sender address forgeries, log the address being forged

    Helpful for debugging issues with this forgery detection logic (if there are any).

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jul 31 13:00:34 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/56bc209648a1a198b6973384
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Don't allow unauthenticated DNS-blacklisted clients to post on subs

    Eliminate some of the infrequent SPAM posts to the SYNCPROG conference. Maybe make this behavior configurable?

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Nov 16 18:20:55 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/3c55d333a2103630ec874457
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Include twit-listed sender name in quotes in log message

    Since mail server log messages have their white-space condensed, it was not obvious why some sender's name would match a twitlist.cfg line that filters names beginning with a space: "\ *" because the initial space of the sender's name was condensed/combined with space before it in the log message.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thu Dec 30 14:31:31 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/82da48b3887373503a3ee17c
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    If SMTP-transmit-relay is enabled by no relay server, disable

    log an error message and disable the transmit-relay in this detected-misconfiguration case.

    Fixes issue #315 reported by Nelgin.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Feb 7 20:10:13 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/427599b46e19dc809a5fb268
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix compile issue in previous commit. <blush>

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Mar 1 20:30:39 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/bff956a191a7427dc0acafe4
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix host name or IP address-based smtpspy.txt logging

    Caught by Coverity-scan (use of uninitialized variable, 'str') :-)

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Mar 7 17:53:41 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/304f72934c3e401e7cc92ea8
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix issue with smtpspy-listed names added in previous commit

    p (which is used after this) points into 'str', so we can't use 'str' as a temporary variable here.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (in GitKraken)@VERT to Git commit to main/sbbs/master on Tue Feb 21 16:52:12 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/ce90be9ea7fcacddfd60628c
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix corrupted RFC822 msg headers when a header field was > 1024 chars

    When sending an SMB message header via SMTP or POP3, some header fields (lines) could potentially be longer than 1024 and yet sockprintf() was limited to sending 1024 bytes (actually 1022 plus CRLF). This could result in some messages not being sent correctly: header field truncated, not CRLR-terminated, and notably resulting in MIME message contents not being decoded properly in a message viewer/reader. Example (Content-Type is part of the previous header field/line):
    x-ms-exchange-antispam-messagedata-0:
    =?us-ascii?Q?cm9T1Q9G65VC/lKTTqhODKhy5lHT2y6WWMb/WyvJ+EeGEwYmY7ILhzE3yfNM?=
    =?us-ascii?Q?KeFWN9T/PqHBya1plKf/sHgaw0iRmI7Hq+u9Dp4bG8OqdniKQlK+Aa27oXMd?=
    =?us-ascii?Q?Hly6OEYaSu7jbhGGY89LF0gyRVqquqxkaMfpKvG+h4cQnnu4Tl8YAKeE39a2?=
    =?us-ascii?Q?lHW3372ulmb9jvvZU72J2RtZYkuoIr+Wsqhfyuj39wTZ/+C4qKCsYrmTxrki?=
    =?us-ascii?Q?fBZ4gMPzWkrcWAr7zPcXBg8bphJJB8VJFUjQyksA3EG4dtH8+TZeEcNNBmHf?=
    =?us-ascii?Q?oCGnV9wHr9HszzrSkkZ2GGyh3QZLHAVDNe7wDXSy7HJttZugf9kNqKGeaYQL?=
    =?us-ascii?Q?TpljH1aHPe7MiSP9Dmp/xHQ/DWQOZDx5guNS+iMciMt5p5ad+SkQye0hWRhd?=
    =?us-ascii?Q?usHvpllclzIee6lxJ0VSPAzHGlAOhtOolrHdDB2ODjvkEzU7L2Fj2f5x7p9q?=
    =?us-ascii?Q?9d6sUgSz7vZVx8yyR3KPq3jIX0QUnl0xr2Mix9xcmMNcg0yFLPcznqBdLVa8?=
    =?us-ascii?Q?IC7j0+8oy4BjYxr8Z3elxMC2JKq13gPYgR95cwm6hMDiZbMB4EW/J1uJhD/I?=
    =?us-ascii?Q?RIIqTZ+Ywt8nKOfXj6/a9Aauf0wN71QKKA+in7KY9oksIhkUGvWOrtJwkVDL?=
    =?us-ascii?Q?Q2UFrBBJyQHJgumj5Y+bG8FDk/55IfyV9XYEcsdLL4bCF+HX4QPHZCw4P+li?=
    =?us-ascii?Q?bRvN+UxOO8hgXVkgB1q8mNJ62yQuaj0AContent-Type: multipart/alternative;
    boundary="_000_SN6PR07MB454477F4C32C66D48BA0B02187A09SN6PR07MB4544namp_"

    Solved by using asprintf() instead of snprintf() for dynamic string formatting and allocation in one go. Using realloc() to expand the buffer for the appended/required CRLF.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (in GitKraken)@VERT to Git commit to main/sbbs/master on Mon Feb 27 17:30:35 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/b19288125fb9470836cf50af
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Reject SMTP session from any client that sends illegally-long lines

    Log a warning message and send a "500 Line too long" before disconnecting any SMTP client that sends lines > 998 characters in length. Technically, we can handle lines up to 1023 characters, but then we could get out of sync with the client if it sends exactly 1023 chars and then a new-line char (which we would interpret as a blank line, separating the message header and body) - so just punt the client who doesn't obey the rules of the protocol.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Mon Feb 27 17:32:16 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/7611f92f4057dae1dd11878a
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Resolve new GCC printf-format warning in new log message text

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (in GitKraken)@VERT to Git commit to main/sbbs/master on Mon Feb 27 18:33:56 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/4c6cc08369da690cae967264
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Handle illegally-long received SMTP lines better

    SMTP commands have a shorter limit (510 versus 998) and the body text line limit needed to account for dot-stuffing.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Thu Mar 2 01:11:32 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2852540e7b592e32195f03b8
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix false FORGED mail header 'FROM' field detection/rejection

    Pretty much any From field that contains an '@' in the username portion
    was subject to comparison to the full email address, but clearly some of
    these rejected emails were not forge attempts:

    'Chris @ StubHub' vs 'events@mail.stubhub.com'
    'Eric S. Raymond (@esr)' vs 'gitlab@mg.gitlab.com'

    Fixed by requiring that the sender name is actually a well-formed Internet email address using smb_netaddr_type(), which was also recently improved to
    be more accurate.

    Unrelated change: include reverse-path (email address for bounces) in ILLEGALLY-LONG body and header line log messages (usually SPAM from what
    I can tell).

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Mon Apr 3 19:54:50 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/0f4325eece0e65872ce008c9
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Publish SMTP[S] user authentications to the action/login/PROTOCOL topic

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sun Jun 4 11:45:29 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/fb11866c6dadbd6a8d861b77
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Fix potential NULL pointer deref in rblchk(), observed via segfault lately

    I'm not sure why this one only started popping up now, but h_addr_list is a NULL-terminated list and it makes perfect sense that the first entry could
    be the NULL-terminator.

    gethostbyname is obsolete/deprecated and we should address that in a separate commit.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Sun Jun 4 11:46:13 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/1f7cd77aef826d3256ae4e2e
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Check return value of fread()

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wed Nov 1 15:23:13 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/f689169a82124f18d5e4ccd9
    Modified Files:
    src/sbbs3/mailsrvr.c
    Log Message:
    Close socket after logging the "REFUSED SESSION from blacklisted server" msg

    Fixes issue #670

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net