Menu
▾
▴
fetchmail-devel
|
From: Sunil S. <sh...@bo...> - 2005-11-09 14:26:47
|
Hi, smtp servers (on all non-server machines) listen on the loopback interface (i.e. 127.0.0.1) only. However, fetchmail release 6.2.9-rc7, by default, attempts to connect to the IP address obtained from gethostname(), which typically points to the external interface. Thus, fetchmail is no longer able to deliver mails by default! The problem is that fetchmailhost is overloaded to contain the domainname to be used for HELO/EHLO and for rcpt address and also to contain the default SMTP host. Previously, it was localhost, but after changes in r4382, it became the actual hostname. For smtp servers listening on localhost only, mail delivery consequently fails. This patch should fix this broken behaviour. ============================================================================== Index: fetchmail/fetchmail.c =================================================================== --- fetchmail/fetchmail.c (revision 4393) +++ fetchmail/fetchmail.c (working copy) @@ -1156,7 +1156,7 @@ * Make sure we have a nonempty host list to forward to. */ if (!ctl->smtphunt) - save_str(&ctl->smtphunt, fetchmailhost, FALSE); + save_str(&ctl->smtphunt, "localhost", FALSE); /* * Make sure we have a nonempty list of domains to fetch from. ============================================================================== -- Sunil Shetye. |
|
From: Matthias A. <mat...@gm...> - 2005-11-10 02:18:54
|
Sunil Shetye <sh...@bo...> writes: > smtp servers (on all non-server machines) listen on the loopback > interface (i.e. 127.0.0.1) only. However, fetchmail release 6.2.9-rc7, > by default, attempts to connect to the IP address obtained from > gethostname(), which typically points to the external interface. Thus, > fetchmail is no longer able to deliver mails by default! > > The problem is that fetchmailhost is overloaded to contain the > domainname to be used for HELO/EHLO and for rcpt address and also to > contain the default SMTP host. Previously, it was localhost, but > after changes in r4382, it became the actual hostname. For smtp > servers listening on localhost only, mail delivery consequently fails. > > This patch should fix this broken behaviour. Thanks, applied for upcoming -rc8. -- Matthias Andree |
|
From: Matthias A. <mat...@gm...> - 2005-11-10 03:27:42
|
Matthias Andree <mat...@gm...> writes:
> Sunil Shetye <sh...@bo...> writes:
>
>> smtp servers (on all non-server machines) listen on the loopback
>> interface (i.e. 127.0.0.1) only. However, fetchmail release 6.2.9-rc7,
>> by default, attempts to connect to the IP address obtained from
>> gethostname(), which typically points to the external interface. Thus,
>> fetchmail is no longer able to deliver mails by default!
>>
>> The problem is that fetchmailhost is overloaded to contain the
>> domainname to be used for HELO/EHLO and for rcpt address and also to
>> contain the default SMTP host. Previously, it was localhost, but
>> after changes in r4382, it became the actual hostname. For smtp
>> servers listening on localhost only, mail delivery consequently fails.
>>
>> This patch should fix this broken behaviour.
>
> Thanks, applied for upcoming -rc8.
Actually we need to set fetchmailhost when Kerberos is used, to match
documentation somewhat, so I'll use this:
Index: fetchmail.c
===================================================================
--- fetchmail.c (Revision 4390)
+++ fetchmail.c (Arbeitskopie)
@@ -922,7 +922,7 @@
* - false if servers found on the command line */
static int load_params(int argc, char **argv, int optind)
{
- int implicitmode, st;
+ int implicitmode, st, use_kerberos;
struct passwd *pw;
struct query def_opts, *ctl;
struct stat rcstat;
@@ -1070,18 +1070,20 @@
* If we're using Kerberos for authentication, we need
* the FQDN in order to generate capability keys.
*/
+ use_kerberos = 0;
+ /* use_kerberos is saved until later to properly set the invisible
+ * --smtphost (aka. smtphunt) default */
for (ctl = querylist; ctl; ctl = ctl->next)
if (ctl->active &&
(ctl->server.protocol==P_ETRN || ctl->server.protocol==P_ODMR
|| ctl->server.authenticate == A_KERBEROS_V4
|| ctl->server.authenticate == A_KERBEROS_V5))
{
- fetchmailhost = host_fqdn(1);
+ use_kerberos = 1;
break;
}
- if (!ctl) /* list exhausted */
- fetchmailhost = host_fqdn(0);
+ fetchmailhost = host_fqdn(use_kerberos);
/* this code enables flags to be turned off */
#define DEFAULT(flag, dflt) if (flag == FLAG_TRUE)\
@@ -1156,7 +1158,7 @@
* Make sure we have a nonempty host list to forward to.
*/
if (!ctl->smtphunt)
- save_str(&ctl->smtphunt, fetchmailhost, FALSE);
+ save_str(&ctl->smtphunt, use_kerberos ? fetchmailhost : "localhost", FALSE);
/*
* Make sure we have a nonempty list of domains to fetch from.
The manual page is outdated, it maunders something about invisible
defaults, but I haven't seen those in the code, it's a regular
default. And it does not only apply to Kerberos auth but also to
ODMR/ETRN polls... so I'll revise the manual page to match this
ODMR/ETRN code.
--
Matthias Andree
|
|
From: Sunil S. <sh...@bo...> - 2005-11-10 08:12:55
|
Quoting from Matthias Andree's mail on Thu, Nov 10, 2005 at 02:31:57AM +0100: > >> This patch should fix this broken behaviour. > > > > Thanks, applied for upcoming -rc8. > > Actually we need to set fetchmailhost when Kerberos is used, to match > documentation somewhat, so I'll use this: The setting of fetchmailhost is correct. > + save_str(&ctl->smtphunt, use_kerberos ? fetchmailhost : "localhost", FALSE); I believe this is still incorrect. Your patch would imply that if using Kerberos authentication, the local SMTP server should listen on the external interface, exposing the system to SMTP attacks. A secure desktop machine will have the local SMTP server listening on the loopback interface (i.e. on localhost) only. ODMR / ETRN / Kerberos authentication are all mailserver side options. They do not imply that the local SMTP server should listen on the desktop machine's external interface. -- Sunil Shetye. |
|
From: Matthias A. <mat...@gm...> - 2005-11-10 11:16:48
|
Sunil Shetye <sh...@bo...> writes: > Quoting from Matthias Andree's mail on Thu, Nov 10, 2005 at 02:31:57AM +0100: >> >> This patch should fix this broken behaviour. >> > >> > Thanks, applied for upcoming -rc8. >> >> Actually we need to set fetchmailhost when Kerberos is used, to match >> documentation somewhat, so I'll use this: > > The setting of fetchmailhost is correct. > >> + save_str(&ctl->smtphunt, use_kerberos ? fetchmailhost : "localhost", FALSE); > > I believe this is still incorrect. Your patch would imply that if > using Kerberos authentication, the local SMTP server should listen on > the external interface, exposing the system to SMTP attacks. A secure > desktop machine will have the local SMTP server listening on the > loopback interface (i.e. on localhost) only. > ODMR / ETRN / Kerberos authentication are all mailserver side options. > They do not imply that the local SMTP server should listen on the > desktop machine's external interface. Right. So we'll have -rc9 without this "fetchmailhost for smtphost" behavior and another documentation update. -- Matthias Andree |
|
From: Matthias A. <mat...@gm...> - 2005-11-10 11:28:33
Attachments:
p1
|
Matthias Andree <mat...@gm...> writes: > Right. So we'll have -rc9 without this "fetchmailhost for smtphost" > behavior and another documentation update. Find below the patch I have just committed to SVN. It is against 6.2.9-rc8. -- Matthias Andree |
|
From: Sunil S. <sh...@bo...> - 2005-11-11 14:45:22
Attachments:
fetchmail-6.2.9-smtpaddress.patch
|
Quoting from Matthias Andree's mail on Thu, Nov 10, 2005 at 11:28:28AM +0100:
> Matthias Andree <mat...@gm...> writes:
>
> > Right. So we'll have -rc9 without this "fetchmailhost for smtphost"
> > behavior and another documentation update.
>
> Find below the patch I have just committed to SVN.
> It is against 6.2.9-rc8.
The man page documentation part is inconsistent. While fixing it, I
had a look at the smtpaddress code and found potential memory leaks
and bugs in sink.c.
1. parsed_host is not freed in some cases. This happens when the first
smtp server is down in this setup:
poll mailserver
...
smtphost "smtpserver1" "smtpserver2"
...
2. parsed_host is being initialized for UNIX socket also. For UNIX
socket, parsed_host should be NULL.
3. If EHLO fails on a UNIX socket, it tries HELO on a network socket!
4. ctl->destaddr is allocated memory in two cases. This memory is
never freed.
5. ctl->destaddr was being assigned in a very convoluted manner.
Since, parsed_host is already set correctly now, it can be used
directly.
Please find a patch attached to fix the documentation and the above
issues.
--
Sunil Shetye.
|
|
From: Matthias A. <mat...@gm...> - 2005-11-14 23:57:56
|
On Fri, 11 Nov 2005, Sunil Shetye wrote: > > Find below the patch I have just committed to SVN. > > It is against 6.2.9-rc8. > > The man page documentation part is inconsistent. While fixing it, I > had a look at the smtpaddress code and found potential memory leaks > and bugs in sink.c. Excellent that someone tries to fix these. I had a look at these bugs (i. e. I knew they were there) but chose not to fix them for 6.3.0 as the allocation was, as you call it, convoluted. Thanks a lot for cleaning this up. I have merged your patch in two commits (one for code, one for docs). -- Matthias Andree |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X