postfixadmin-tracker Mailing List for PostfixAdmin (Page 7)
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
postfixadmin-tracker — Postfix Admin tracker notification - READ ONLY!
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(67) |
Nov
(83) |
Dec
(47) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(57) |
Feb
(15) |
Mar
(21) |
Apr
(38) |
May
(27) |
Jun
(38) |
Jul
(35) |
Aug
(50) |
Sep
(8) |
Oct
(9) |
Nov
(59) |
Dec
(59) |
| 2009 |
Jan
(27) |
Feb
(42) |
Mar
(63) |
Apr
(46) |
May
(26) |
Jun
(25) |
Jul
(40) |
Aug
(19) |
Sep
(17) |
Oct
(35) |
Nov
(26) |
Dec
(21) |
| 2010 |
Jan
(11) |
Feb
(19) |
Mar
(40) |
Apr
(25) |
May
(23) |
Jun
(17) |
Jul
(10) |
Aug
(18) |
Sep
(21) |
Oct
(12) |
Nov
(10) |
Dec
(22) |
| 2011 |
Jan
(30) |
Feb
(23) |
Mar
(23) |
Apr
(38) |
May
(32) |
Jun
(19) |
Jul
(20) |
Aug
(36) |
Sep
(11) |
Oct
(28) |
Nov
(4) |
Dec
(4) |
| 2012 |
Jan
(6) |
Feb
(3) |
Mar
(16) |
Apr
(28) |
May
(29) |
Jun
(10) |
Jul
(2) |
Aug
(3) |
Sep
|
Oct
(13) |
Nov
(1) |
Dec
(1) |
| 2013 |
Jan
(11) |
Feb
(7) |
Mar
(29) |
Apr
(2) |
May
(3) |
Jun
(15) |
Jul
(8) |
Aug
(5) |
Sep
(5) |
Oct
(4) |
Nov
(27) |
Dec
(81) |
| 2014 |
Jan
(12) |
Feb
(13) |
Mar
(5) |
Apr
|
May
(41) |
Jun
(16) |
Jul
(7) |
Aug
(10) |
Sep
(24) |
Oct
(50) |
Nov
|
Dec
(2) |
| 2015 |
Jan
(5) |
Feb
(2) |
Mar
(7) |
Apr
(20) |
May
(1) |
Jun
(3) |
Jul
(12) |
Aug
(1) |
Sep
(17) |
Oct
(5) |
Nov
(20) |
Dec
(10) |
| 2016 |
Jan
(10) |
Feb
(11) |
Mar
(22) |
Apr
(30) |
May
(33) |
Jun
(3) |
Jul
|
Aug
(12) |
Sep
(20) |
Oct
(11) |
Nov
(15) |
Dec
(8) |
| 2017 |
Jan
(1) |
Feb
(11) |
Mar
(10) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2018 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
(4) |
Jun
(2) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2012-03-04 16:05:59
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Comment added) made by libertytrek You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2012-03-04 08:05 Message: A few questions... How would this work with both a Global script and is the User has created their own? Would the Domain Admin be able to enforce a Global Sieve script, and users could add their own, but it would be called from the Global, and the user would not be allowed to override anything in the Global script? As for where the sieve scripts are stored, dovecot currently has excellent sieve support when using its LDA, and it prefers that the users sieve scripts live in ~ (user home dir), *outside* the user mail dir (usually ~/mail)... http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration ---------------------------------------------------------------------- Comment By: Alexander (alex-j) Date: 2012-03-03 16:46 Message: @libertytrek You're absolutely right. I just wanted to say that "sieve" is much much better. @gingerdog I prepared a few screen shots taken from Horde that is self explanatory. http://www.mejuba.com/albums/Alexander_J/90865 >"Does the sieve file need writing out to disk somewhere?" No. It is the network protocol. All sieve scripts kept on server side. Global sieve script available only for server's administrators, but users scripts are located in there mailboxes as hidden directory and allowed to edit it over SIEVE protocol. I think it would be possible to fork Horde's or RoundCube's scripts that communicate over SIEVE to embeds it to postfixadmin in a future . Horde's SIEVE scripts are here: (horde//ingo/lib/Script) https://github.com/horde/horde/tree/e261dbd1eaacee9243d5230d04b9da19547dfec1/ingo/lib/Script ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2012-03-02 09:03 Message: Not to belabor the obvious, but I'm assuming this would be done by first *adding* support for sieve, then, once it is working well, provide dual support for a time, warning everyone well in advance before vacation support was removed... ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2012-03-02 09:00 Message: If this is possible, it'd obviously be a good move. I'm not sure how feasible it is to write a rool which is a wizard for a sieve file though - perhaps there could just be a number of pre-generated ones - where the user fills in some blanks or something? Does the sieve file need writing out to disk somewhere? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-04 05:33:08
|
Feature Requests item #3488194, was opened at 2012-02-16 04:31 Message generated for change (Comment added) made by alex-j You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3488194&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Database Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Official support for MariaDB Initial Comment: Hola, I've been seriously questioning my continued use of MySQL ever since Oracle bought Sun, and even more so recently. I'd really like to switch to MariaDB (seems to be the best one of the forks, and the closest to a drop-in replacement)... however, since postfixadmin is my main use of mysql, I'd rather not do this unless/until postfixadmin offically adds support for it. Are there any existing plans/efforts to do this? From what I've read about MariaDB, it is virtually a drop in replacement for MySQL, so I was hoping it wouldn't be too difficult to add official support for it, then maybe after a certain period, just drop official support for MySQL - unless of course the devs are ok with maintaining them both until such time as they diverge to the point that maintaining them both becomes too much work. Regardless, many thanks to all who make postfixadmin the best way to maintain a mail server! ---------------------------------------------------------------------- Comment By: Alexander (alex-j) Date: 2012-03-03 21:33 Message: I don't think that need to be done something with postfixadmin to be able to work with MariaDB. It's practically drop in replacement. Nothing should be changed in PHP scripts. PostfixAdmins table is pretty simple and don't use anything special(triggers, procedure...) as far as I know. We already replaced a few DB servers to MariaDB without any issues and get better performance with it. Here is an information about compatibility: http://kb.askmonty.org/en/mariadb-versus-mysql BTW, It would be good to switch to PDO in PHP instead of direct call of mysql's functions. In this case it will be possible to use different Database engines without touching actual logic. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3488194&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-04 00:46:57
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Comment added) made by alex-j You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- Comment By: Alexander (alex-j) Date: 2012-03-03 16:46 Message: @libertytrek You're absolutely right. I just wanted to say that "sieve" is much much better. @gingerdog I prepared a few screen shots taken from Horde that is self explanatory. http://www.mejuba.com/albums/Alexander_J/90865 >"Does the sieve file need writing out to disk somewhere?" No. It is the network protocol. All sieve scripts kept on server side. Global sieve script available only for server's administrators, but users scripts are located in there mailboxes as hidden directory and allowed to edit it over SIEVE protocol. I think it would be possible to fork Horde's or RoundCube's scripts that communicate over SIEVE to embeds it to postfixadmin in a future . Horde's SIEVE scripts are here: (horde//ingo/lib/Script) https://github.com/horde/horde/tree/e261dbd1eaacee9243d5230d04b9da19547dfec1/ingo/lib/Script ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2012-03-02 09:03 Message: Not to belabor the obvious, but I'm assuming this would be done by first *adding* support for sieve, then, once it is working well, provide dual support for a time, warning everyone well in advance before vacation support was removed... ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2012-03-02 09:00 Message: If this is possible, it'd obviously be a good move. I'm not sure how feasible it is to write a rool which is a wizard for a sieve file though - perhaps there could just be a number of pre-generated ones - where the user fills in some blanks or something? Does the sieve file need writing out to disk somewhere? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-02 17:03:24
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Comment added) made by libertytrek You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2012-03-02 09:03 Message: Not to belabor the obvious, but I'm assuming this would be done by first *adding* support for sieve, then, once it is working well, provide dual support for a time, warning everyone well in advance before vacation support was removed... ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2012-03-02 09:00 Message: If this is possible, it'd obviously be a good move. I'm not sure how feasible it is to write a rool which is a wizard for a sieve file though - perhaps there could just be a number of pre-generated ones - where the user fills in some blanks or something? Does the sieve file need writing out to disk somewhere? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-02 17:00:08
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Comment added) made by gingerdog You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- >Comment By: GingerDog (gingerdog) Date: 2012-03-02 09:00 Message: If this is possible, it'd obviously be a good move. I'm not sure how feasible it is to write a rool which is a wizard for a sieve file though - perhaps there could just be a number of pre-generated ones - where the user fills in some blanks or something? Does the sieve file need writing out to disk somewhere? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-02 16:43:30
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Settings changed) made by alex-j You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None >Priority: 7 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-03-02 16:42:04
|
Feature Requests item #3496325, was opened at 2012-03-02 08:42 Message generated for change (Tracker Item Submitted) made by alex-j You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Alexander (alex-j) Assigned to: Nobody/Anonymous (nobody) Summary: Drop support of Vacation in favor of SIEVE Initial Comment: I propose to drop support of "Vacation" in favor of standardized SIEVE (RFC 3028, RFC 5230, RFC 5804, RFC 5435) that support vacations auto-responder in addition to very powerful filtering mechanism. SIEVE already supported in major email's clients (Thunderbird, RoundCube, Horde and etc) and allow much more flexibility to assign Vacation response(it could be special rules to avoid respond to robots, or other auto-responders/notificators) SIEVE supported very well by well known Dovecot, Courier for a long time and actually it will be better to leave actual mail delivery to primary servers instead of custom, non standard Perl's spike. So, IMHO it would be a good step forward in 3.x development to drop custom, non standard Vacation support in favor of supporting SIEVE language. Since postfixadmin allows regular users to manage own settings, it will be good to implement in a future web based SIEVE's rules management via postfixadmin in manner as it done in INGO application from Horde framework for example that bring a lot of power to users and administrators to manage Vacation, Spam filtering, forwarding, black/white listing and much more without actual need to learn SIEVE language... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3496325&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-02-20 20:29:26
|
Bugs item #3489740, was opened at 2012-02-20 12:29 Message generated for change (Tracker Item Submitted) made by koga73 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3489740&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.5 Status: Open Resolution: None Priority: 5 Private: No Submitted By: AJ (koga73) Assigned to: Nobody/Anonymous (nobody) Summary: dovecot SHA256 problem Initial Comment: I tried using dovecot:SHA256 to hash my passwords. I finally got it working after some code modifications. For one dovecotpw is now doveadm pw. I generated my hash using doveadm pw -s SHA256 and updated the database. PostfixAdmin would not log in and threw no errors. After echoing the hash that PFA was generating I realized two things: The PFA generated hash trims the encryption scheme (whats the purpose?). This creates problems for dovecot when using a SHA hash. The PFA generated hash has a new line character "\n" at the end. To fix the hashing issues I made the following change: MODIFIED THIS LINE: $password = trim(str_replace('{' . $method . '}', '', $password)); TO THIS: $password = rtrim($password); Now I am able to keep the encryption scheme in the database and the modified code trims the newline character off the end of the hash. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3489740&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-02-16 12:38:08
|
Feature Requests item #3150300, was opened at 2011-01-03 04:13 Message generated for change (Comment added) made by libertytrek You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3150300&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Move config.local.php location to /etc/postfixadmin Initial Comment: For consistencies sake... ---------------------------------------------------------------------- >Comment By: Charles (libertytrek) Date: 2012-02-16 04:38 Message: am I correct that all that is needed is to change the path that is provided at the bottom of the config.inc.php file, ie, change: if (file_exists(dirname(__FILE__) . '/config.local.php')) { include(dirname(__FILE__) . '/config.local.php'); to if (file_exists(dirname(__FILE__) '/etc/postfixadmin/config.local.php')) { include(dirname(__FILE__) '/etc/postfixadmin/config.local.php'); I'd rather not test this on a live system without at least a nod from a dev that this should be all that is necessary... ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2011-10-10 12:58 Message: Anybody else think this is a good idea (keep all local customizations together)? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3150300&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-02-16 12:31:04
|
Feature Requests item #3488194, was opened at 2012-02-16 04:31 Message generated for change (Tracker Item Submitted) made by libertytrek You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3488194&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Database Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Official support for MariaDB Initial Comment: Hola, I've been seriously questioning my continued use of MySQL ever since Oracle bought Sun, and even more so recently. I'd really like to switch to MariaDB (seems to be the best one of the forks, and the closest to a drop-in replacement)... however, since postfixadmin is my main use of mysql, I'd rather not do this unless/until postfixadmin offically adds support for it. Are there any existing plans/efforts to do this? From what I've read about MariaDB, it is virtually a drop in replacement for MySQL, so I was hoping it wouldn't be too difficult to add official support for it, then maybe after a certain period, just drop official support for MySQL - unless of course the devs are ok with maintaining them both until such time as they diverge to the point that maintaining them both becomes too much work. Regardless, many thanks to all who make postfixadmin the best way to maintain a mail server! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3488194&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-26 13:32:20
|
Feature Requests item #2954151, was opened at 2010-02-18 04:11 Message generated for change (Comment added) made by lnxus You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2954151&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: config option: always_send_welcome_mail Initial Comment: mrfrenzy asked on IRC to have a $CONF option to hide the "send welcome mail" checkbox and _always_ send the welcome mail. Background/Reason: sometimes his users/admins disable the checkbox, and afterwards complain that courier denies the login to the mailbox until they received a mail. For the records: a workaround is to edit the template and replace the checkbox with a <hidden> form field. Not too nice, but works. ---------------------------------------------------------------------- Comment By: Dale Blount (lnxus) Date: 2012-01-26 05:32 Message: I would like a "show checkbox, but leave unchecked" by default option. My setup doesn't seem to require a mail to be sent before the user can log in and most of my users are migrations from a new server so the welcome mail confuses them. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2012-01-25 15:48 Message: from #postfixadmin: [00:12] <cboltz> you can do it with a hook function modifying MailboxHandler $struct in trunk [00:13] <cboltz> I'm undecided if we should make it a config option or not - opinions? ;-) [00:14] <cboltz> (and we would probably need two boolean options to support "always send", "never send" and "show checkbox") ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2954151&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-25 23:48:24
|
Feature Requests item #2954151, was opened at 2010-02-18 04:11 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2954151&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: config option: always_send_welcome_mail Initial Comment: mrfrenzy asked on IRC to have a $CONF option to hide the "send welcome mail" checkbox and _always_ send the welcome mail. Background/Reason: sometimes his users/admins disable the checkbox, and afterwards complain that courier denies the login to the mailbox until they received a mail. For the records: a workaround is to edit the template and replace the checkbox with a <hidden> form field. Not too nice, but works. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2012-01-25 15:48 Message: from #postfixadmin: [00:12] <cboltz> you can do it with a hook function modifying MailboxHandler $struct in trunk [00:13] <cboltz> I'm undecided if we should make it a config option or not - opinions? ;-) [00:14] <cboltz> (and we would probably need two boolean options to support "always send", "never send" and "show checkbox") ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2954151&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-14 21:19:05
|
Bugs item #3473826, was opened at 2012-01-14 09:35 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.4 Status: Open Resolution: None Priority: 9 >Private: Yes Submitted By: Matthias Bethke (msbethke) Assigned to: Nobody/Anonymous (nobody) Summary: Multiple security vulnerabilities Initial Comment: 1) SQL injection in pacrypt function: if postfixadmin is configured with 'mysql_encrypt', the pacrypt() function passes the $pw parameter to SQL query without sanitzing it, allowing non-admin users (even unauthenticated ones) to perform SQL injection attacks. 2) SQL injection in SQL dump generated by backup.php: the backup.php file generates SQL queries without sanitizing values. A non-admin user can inject arbitrary sql commands into backup file that will be executed when an admin restores that backup. To test this issue, try to set the vacation message of any user to: dontcare\',\'\',\'dominio.com\',\'2012-01-09 17:34:06\',\'1\'); INSERT INTO admin (username,password,created,modified,active) VALUES (\'so...@em...\',\'$1$2cab7a19$zIuOsr6PXksCu13883fVg/\',\'2012-01-08 15:48:19\',\'2012-01-09 17:17:55\',\'1\'); # then take a backup and restore it, the new admin so...@em... is added to admin table. 3) Multiple XSS and lack of CSRF protection¹: I found several XSS in postfixadmin code. I noted from postfixadmin homepage that you planned to merge it with Smarty wich could provide a good protection against XSS and CSRF. BTW i report you some: Input passed via domain GET parameter to edit-vacation.php is not properly sanitised before being returned to the user. http://127.0.0.1/postfixadmin-2.3.4/edit-vacation.php?domain=dontcare</script><script>alert(1);</script> Input passed via fDomain POST parameter to create-domain.php is not properly sanitized before being returned to the user. This is interesting because the fDomain variable is passed to strip_tags so something like on<a>click is transformed to onclick. This allows to bypass browsers builtin XSS protection. To test this issue put the following string as Domain parameter in create-domain.php, submit the form and then click on Domain's input text.. dontcare\" oncli<a>ck=alert(document.cookie);// Note: Credits for these discoveries belong to Filippo Cavallarin. I'm passing on his mail with just minor edits that for some reason seems to have reached me but not this bug tracker. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2012-01-14 13:19 Message: He also mailed David and me, and we discussed the issues (mostly) in private mails. We already fixed the SQL injections and XSS in SVN and will release PostfixAdmin 2.3.5 in the next days. CSRF protection will cause some more work (and I consider it less critical than the SQL injections and XSS), which also means we will first release 2.3.5 to fix the most serious issues. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-14 17:44:13
|
Bugs item #3473826, was opened at 2012-01-14 09:35 Message generated for change (Settings changed) made by msbethke You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.4 Status: Open Resolution: None >Priority: 9 Private: No Submitted By: Matthias Bethke (msbethke) Assigned to: Nobody/Anonymous (nobody) Summary: Multiple security vulnerabilities Initial Comment: 1) SQL injection in pacrypt function: if postfixadmin is configured with 'mysql_encrypt', the pacrypt() function passes the $pw parameter to SQL query without sanitzing it, allowing non-admin users (even unauthenticated ones) to perform SQL injection attacks. 2) SQL injection in SQL dump generated by backup.php: the backup.php file generates SQL queries without sanitizing values. A non-admin user can inject arbitrary sql commands into backup file that will be executed when an admin restores that backup. To test this issue, try to set the vacation message of any user to: dontcare\',\'\',\'dominio.com\',\'2012-01-09 17:34:06\',\'1\'); INSERT INTO admin (username,password,created,modified,active) VALUES (\'so...@em...\',\'$1$2cab7a19$zIuOsr6PXksCu13883fVg/\',\'2012-01-08 15:48:19\',\'2012-01-09 17:17:55\',\'1\'); # then take a backup and restore it, the new admin so...@em... is added to admin table. 3) Multiple XSS and lack of CSRF protection¹: I found several XSS in postfixadmin code. I noted from postfixadmin homepage that you planned to merge it with Smarty wich could provide a good protection against XSS and CSRF. BTW i report you some: Input passed via domain GET parameter to edit-vacation.php is not properly sanitised before being returned to the user. http://127.0.0.1/postfixadmin-2.3.4/edit-vacation.php?domain=dontcare</script><script>alert(1);</script> Input passed via fDomain POST parameter to create-domain.php is not properly sanitized before being returned to the user. This is interesting because the fDomain variable is passed to strip_tags so something like on<a>click is transformed to onclick. This allows to bypass browsers builtin XSS protection. To test this issue put the following string as Domain parameter in create-domain.php, submit the form and then click on Domain's input text.. dontcare\" oncli<a>ck=alert(document.cookie);// Note: Credits for these discoveries belong to Filippo Cavallarin. I'm passing on his mail with just minor edits that for some reason seems to have reached me but not this bug tracker. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-14 17:35:27
|
Bugs item #3473826, was opened at 2012-01-14 09:35 Message generated for change (Tracker Item Submitted) made by msbethke You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.4 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Matthias Bethke (msbethke) Assigned to: Nobody/Anonymous (nobody) Summary: Multiple security vulnerabilities Initial Comment: 1) SQL injection in pacrypt function: if postfixadmin is configured with 'mysql_encrypt', the pacrypt() function passes the $pw parameter to SQL query without sanitzing it, allowing non-admin users (even unauthenticated ones) to perform SQL injection attacks. 2) SQL injection in SQL dump generated by backup.php: the backup.php file generates SQL queries without sanitizing values. A non-admin user can inject arbitrary sql commands into backup file that will be executed when an admin restores that backup. To test this issue, try to set the vacation message of any user to: dontcare\',\'\',\'dominio.com\',\'2012-01-09 17:34:06\',\'1\'); INSERT INTO admin (username,password,created,modified,active) VALUES (\'so...@em...\',\'$1$2cab7a19$zIuOsr6PXksCu13883fVg/\',\'2012-01-08 15:48:19\',\'2012-01-09 17:17:55\',\'1\'); # then take a backup and restore it, the new admin so...@em... is added to admin table. 3) Multiple XSS and lack of CSRF protection¹: I found several XSS in postfixadmin code. I noted from postfixadmin homepage that you planned to merge it with Smarty wich could provide a good protection against XSS and CSRF. BTW i report you some: Input passed via domain GET parameter to edit-vacation.php is not properly sanitised before being returned to the user. http://127.0.0.1/postfixadmin-2.3.4/edit-vacation.php?domain=dontcare</script><script>alert(1);</script> Input passed via fDomain POST parameter to create-domain.php is not properly sanitized before being returned to the user. This is interesting because the fDomain variable is passed to strip_tags so something like on<a>click is transformed to onclick. This allows to bypass browsers builtin XSS protection. To test this issue put the following string as Domain parameter in create-domain.php, submit the form and then click on Domain's input text.. dontcare\" oncli<a>ck=alert(document.cookie);// Note: Credits for these discoveries belong to Filippo Cavallarin. I'm passing on his mail with just minor edits that for some reason seems to have reached me but not this bug tracker. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3473826&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2012-01-11 21:36:28
|
Bugs item #3472580, was opened at 2012-01-11 13:36 Message generated for change (Tracker Item Submitted) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3472580&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: fetchmail doesn't validate input Initial Comment: The form to add/edit fetchmail jobs doesn't validate the text input fields. We should add some checks - for example, the domain should be validated by check_domain() ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3472580&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-12-28 08:06:04
|
Bugs item #2922730, was opened at 2009-12-29 01:43 Message generated for change (Comment added) made by normes You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2922730&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: v 2.3 >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Graeme (gruthven) Assigned to: Nobody/Anonymous (nobody) Summary: dpkg complains about script - Debian lenny 5.0.3 Initial Comment: The output below says it all! Passing to package maintainer as requested. web01:/usr/src/postfixadmin# dpkg -i postfixadmin_2.3_all.deb (Reading database ... 20662 files and directories currently installed.) Preparing to replace postfixadmin 2.3 (using postfixadmin_2.3_all.deb) ... Unpacking replacement postfixadmin ... Setting up postfixadmin (2.3) ... dbconfig-common: writing config to /etc/dbconfig-common/postfixadmin.conf *** WARNING: ucf was run from a maintainer script that uses debconf, but the script did not pass --debconf-ok to ucf. The maintainer script should be fixed to not stop debconf before calling ucf, and pass it this parameter. For now, ucf will revert to using old-style, non-debconf prompting. Ugh! Please inform the package maintainer about this problem. ---------------------------------------------------------------------- Comment By: Norman Messtorff (normes) Date: 2011-12-28 00:05 Message: Thanks for the bug report; we believe this has been fixed in subversion. ---------------------------------------------------------------------- Comment By: Norman Messtorff (normes) Date: 2009-12-29 02:56 Message: Thank you for reporting! Debconf is also asking the user to really overwrite /etc/postfixadmin/config.inc.php during the installation. I would be glad if somebody could help me in this topic. The debconf / ucf documentation isn't that good... Norman ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2922730&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-12-26 20:52:46
|
Feature Requests item #3465670, was opened at 2011-12-26 12:52 Message generated for change (Tracker Item Submitted) made by libertytrek You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3465670&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Vacation Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Domain-wide vacation message... Initial Comment: I have been requested to be able to enable/disable a domain-wide vacation message for times when the entire company closes - ie, like for the Christmas holidays. This would be a generic message informing the sender that our company is closed for the holidays, and would *not* need to be personalized. Is this a reasonable feature request for postfixadmin vacation? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3465670&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-12-26 18:59:59
|
Patches item #3447294, was opened at 2011-12-01 09:40 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: wide (w1d3) Assigned to: Nobody/Anonymous (nobody) Summary: Domain alias delete patch Initial Comment: Hi, in 2.3.4, only the global administrator is allowed to *delete* a domain alias, not the domain administrator - even though the domain administrator is allowed to *create* the alias. The attached patch for delete.php solves the problem for me.. but 1) I'm not a PHP programmer and 2) I have only limited knowledge of postfixadmin source code. So I ask for a qualified review.. Thank you. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-12-26 10:59 Message: The original idea is/was to allow deleting an alias domain only if you have permissions for both involved domains. It was never implemented with exactly this permission check, therefore we still have the superadmin check for it. Your patch looks good, but it checks only the "from" domain, not the target domain. OTOH, I'm not sure if the permission check for the target domain really makes sense - you can create and delete "normal" aliases without permission checks on the target side, why should we do it differently for alias domains? The only argument I can imagine is that you can't re-create the alias domain if you don't have permissions on the target domain, but, well, there's a reason why we have a "are you sure?" dialog before deletion happens ;-) What's your opinion on this? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-12-01 17:40:05
|
Patches item #3447294, was opened at 2011-12-01 09:40 Message generated for change (Tracker Item Submitted) made by w1d3 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: wide (w1d3) Assigned to: Nobody/Anonymous (nobody) Summary: Domain alias delete patch Initial Comment: Hi, in 2.3.4, only the global administrator is allowed to *delete* a domain alias, not the domain administrator - even though the domain administrator is allowed to *create* the alias. The attached patch for delete.php solves the problem for me.. but 1) I'm not a PHP programmer and 2) I have only limited knowledge of postfixadmin source code. So I ask for a qualified review.. Thank you. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-11-25 20:50:24
|
Bugs item #3034389, was opened at 2010-07-25 12:10 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.1 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: dovecot 2.0 breaks dovecotpw encryption Initial Comment: copied from http://sourceforge.net/tracker/index.php?func=detail&aid=3032816&group_id=191583&atid=937964 ***** mickaelnguyen ***** Also, dovecot 2.0 (which is nearing release, see http://dovecot.org/list/dovecot-news/2010-July/000162.html) will break this setting, because dovecotpw has been removed and its functionality integrated in doveadm. So the command to encrypt a password goes from dovecotpw -s 'CRYPT-METHOD' to doveadm pw -s 'CRYPT-METHOD' Maybe something to look into for 2.3.2 :D~ ***** christian_boltz ***** Oh, nice - I like it when external programs come with incompatible changes :-/ Well, at least it's a new major version ;-) $CONF['dovecotpw'] = '/path/to/doveadm -pw' could work... (untested, feedback welcome) If this works, I'll add a comment to config.inc.php in the 2.3 branch. (I'd like to avoid a bigger change in this branch.) ***** mickaelnguyen ***** It doesn't work. After a bit of tinkering, it appears that doveadm does a check on whether it's stdin is a tty or not (It outputs "Fatal: stdin isn't a TTY") Guess we can't fix this without "bigger changes". :( ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-11-25 12:50 Message: (Sourceforge trackers are somewhat special - IIRC they only allow the person who opened a tracker item to upload files. Like it or not...) Thanks for the script, but it shouldn't be needed. Instead, use $CONF['dovecotpw'] = '/path/to/doveadm pw' For the records: doveadm from dovecot 2.0.0 to 2.0.7 will not work because they check if the input comes from a tty. You have to use at least dovecot 2.0.8. ---------------------------------------------------------------------- Comment By: Lars Braeuer (mpexnetworks) Date: 2011-11-25 06:25 Message: I couldn't find a way to add an attachment other than opening a new issue, so here's the script: cat <<EOF >> /tmp/dovecotpw #!/bin/bash # MPeXnetworks - Lars Braeuer 11/2011 # Rebuild dovecotpw's original command line options, which are: #usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V] # -l List known password schemes # -p plaintext New password # -s scheme Password scheme # -u user Username (if scheme uses it) # -V Internally verify the hash while getopts ":l:p:s:u:V:" opt; do case "$opt" in l) list=" -l" ;; p) plaintext=" -p $OPTARG" ;; s) scheme=" -s $OPTARG" ;; u) user=" -u $OPTARG" ;; V) verify=" -V" ;; esac done /usr/bin/doveadm pw ${list}${plaintext}${scheme}${user}${verify} exit $? EOF Move it to /usr/sbin/dovecotpw afterwards, if you are sure you are not overwriting an existing dovecotpw! ---------------------------------------------------------------------- Comment By: Lars Braeuer (mpexnetworks) Date: 2011-11-25 06:23 Message: I wrote a small bash wrapper script I placed in /usr/sbin/dovecotpw that calls doveadm pw. See the attached file. It's working fine for me without any change of postfixadmin for example. Haven't tested it with any other tools. ---------------------------------------------------------------------- Comment By: tex (tex0000) Date: 2011-03-18 13:11 Message: This is exactly the reason why I think that it's a _bad_ idea to rely on external binaries. If they are available at all they are going to break a some point in time. Why don't you implement the functionality in PHP? Have a look at http://git.gauner.org/vboxadm.git/blob/HEAD:/contrib/roundcube/plugins/vboxadm/vboxadm.php, the code there does exactly what you want to do. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 10:28 Message: Timo said it was a bug in this version youve tested. A tty check is also done by getpass() so it is not the real problem. He said also that the tty check is gone in 2.0.8 For us it means that we need a way to suppress the output of /dev/tty which comes from dovecotpw and doveadm pw for use in cli,. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:48 Message: Damn, checked it and it doesn't work ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:44 Message: Another try: Snowleopard wrote this at proc_open He uses this for his GPG function: // Set up the descriptors $Descriptors = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"), 3 => array("pipe", "r") // This is the pipe we can feed the password into ); we could also try // Set up the descriptors $Descriptors = array( 0 => array("pty"), 1 => array("pty"), 2 => array("pty"), 3 => array("pty") // This is the pipe we can feed the password into ); But i think the securest and better way is to write a php lib for dovecot crypt methods ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2010-12-30 07:17 Message: Maybe someone could pose a question to Timo (dovecot author) and he could make a suggestion for how to handle this - or possibly even change the way 'doveadm -pw' works so this could be fixed properly in pfadmin? ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 06:02 Message: I tested the pty fix but it doesn't work i got can't encrypt password with dovecotpw on my console with use of PFA-CLI ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2010-07-25 12:19 Message: A user comment on http://php.net/manual/en/function.proc-open.php (from 2007-12-27) suggests that using 'pty' might work. Please open functions.inc.php, search for "$spec = array(" (around line 1213 in 2.3.1) and replace it (including the following 3 lines) with: $spec = array( 0 => array('pty'), 1 => array('pty'), 2 => array('pty') ); Does this help? Otherwise we'll probably have to use "doveadm pw -p foobar" with the password on the commandline. However I don't like this idea because the password will be visible in the processlist for a short time then :-( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-11-25 14:26:02
|
Bugs item #3034389, was opened at 2010-07-25 12:10 Message generated for change (Comment added) made by mpexnetworks You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.1 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: dovecot 2.0 breaks dovecotpw encryption Initial Comment: copied from http://sourceforge.net/tracker/index.php?func=detail&aid=3032816&group_id=191583&atid=937964 ***** mickaelnguyen ***** Also, dovecot 2.0 (which is nearing release, see http://dovecot.org/list/dovecot-news/2010-July/000162.html) will break this setting, because dovecotpw has been removed and its functionality integrated in doveadm. So the command to encrypt a password goes from dovecotpw -s 'CRYPT-METHOD' to doveadm pw -s 'CRYPT-METHOD' Maybe something to look into for 2.3.2 :D~ ***** christian_boltz ***** Oh, nice - I like it when external programs come with incompatible changes :-/ Well, at least it's a new major version ;-) $CONF['dovecotpw'] = '/path/to/doveadm -pw' could work... (untested, feedback welcome) If this works, I'll add a comment to config.inc.php in the 2.3 branch. (I'd like to avoid a bigger change in this branch.) ***** mickaelnguyen ***** It doesn't work. After a bit of tinkering, it appears that doveadm does a check on whether it's stdin is a tty or not (It outputs "Fatal: stdin isn't a TTY") Guess we can't fix this without "bigger changes". :( ---------------------------------------------------------------------- Comment By: Lars Braeuer (mpexnetworks) Date: 2011-11-25 06:25 Message: I couldn't find a way to add an attachment other than opening a new issue, so here's the script: cat <<EOF >> /tmp/dovecotpw #!/bin/bash # MPeXnetworks - Lars Braeuer 11/2011 # Rebuild dovecotpw's original command line options, which are: #usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V] # -l List known password schemes # -p plaintext New password # -s scheme Password scheme # -u user Username (if scheme uses it) # -V Internally verify the hash while getopts ":l:p:s:u:V:" opt; do case "$opt" in l) list=" -l" ;; p) plaintext=" -p $OPTARG" ;; s) scheme=" -s $OPTARG" ;; u) user=" -u $OPTARG" ;; V) verify=" -V" ;; esac done /usr/bin/doveadm pw ${list}${plaintext}${scheme}${user}${verify} exit $? EOF Move it to /usr/sbin/dovecotpw afterwards, if you are sure you are not overwriting an existing dovecotpw! ---------------------------------------------------------------------- Comment By: Lars Braeuer (mpexnetworks) Date: 2011-11-25 06:23 Message: I wrote a small bash wrapper script I placed in /usr/sbin/dovecotpw that calls doveadm pw. See the attached file. It's working fine for me without any change of postfixadmin for example. Haven't tested it with any other tools. ---------------------------------------------------------------------- Comment By: tex (tex0000) Date: 2011-03-18 13:11 Message: This is exactly the reason why I think that it's a _bad_ idea to rely on external binaries. If they are available at all they are going to break a some point in time. Why don't you implement the functionality in PHP? Have a look at http://git.gauner.org/vboxadm.git/blob/HEAD:/contrib/roundcube/plugins/vboxadm/vboxadm.php, the code there does exactly what you want to do. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 10:28 Message: Timo said it was a bug in this version youve tested. A tty check is also done by getpass() so it is not the real problem. He said also that the tty check is gone in 2.0.8 For us it means that we need a way to suppress the output of /dev/tty which comes from dovecotpw and doveadm pw for use in cli,. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:48 Message: Damn, checked it and it doesn't work ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:44 Message: Another try: Snowleopard wrote this at proc_open He uses this for his GPG function: // Set up the descriptors $Descriptors = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"), 3 => array("pipe", "r") // This is the pipe we can feed the password into ); we could also try // Set up the descriptors $Descriptors = array( 0 => array("pty"), 1 => array("pty"), 2 => array("pty"), 3 => array("pty") // This is the pipe we can feed the password into ); But i think the securest and better way is to write a php lib for dovecot crypt methods ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2010-12-30 07:17 Message: Maybe someone could pose a question to Timo (dovecot author) and he could make a suggestion for how to handle this - or possibly even change the way 'doveadm -pw' works so this could be fixed properly in pfadmin? ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 06:02 Message: I tested the pty fix but it doesn't work i got can't encrypt password with dovecotpw on my console with use of PFA-CLI ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2010-07-25 12:19 Message: A user comment on http://php.net/manual/en/function.proc-open.php (from 2007-12-27) suggests that using 'pty' might work. Please open functions.inc.php, search for "$spec = array(" (around line 1213 in 2.3.1) and replace it (including the following 3 lines) with: $spec = array( 0 => array('pty'), 1 => array('pty'), 2 => array('pty') ); Does this help? Otherwise we'll probably have to use "doveadm pw -p foobar" with the password on the commandline. However I don't like this idea because the password will be visible in the processlist for a short time then :-( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-11-25 14:23:42
|
Bugs item #3034389, was opened at 2010-07-25 12:10 Message generated for change (Comment added) made by mpexnetworks You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.1 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: dovecot 2.0 breaks dovecotpw encryption Initial Comment: copied from http://sourceforge.net/tracker/index.php?func=detail&aid=3032816&group_id=191583&atid=937964 ***** mickaelnguyen ***** Also, dovecot 2.0 (which is nearing release, see http://dovecot.org/list/dovecot-news/2010-July/000162.html) will break this setting, because dovecotpw has been removed and its functionality integrated in doveadm. So the command to encrypt a password goes from dovecotpw -s 'CRYPT-METHOD' to doveadm pw -s 'CRYPT-METHOD' Maybe something to look into for 2.3.2 :D~ ***** christian_boltz ***** Oh, nice - I like it when external programs come with incompatible changes :-/ Well, at least it's a new major version ;-) $CONF['dovecotpw'] = '/path/to/doveadm -pw' could work... (untested, feedback welcome) If this works, I'll add a comment to config.inc.php in the 2.3 branch. (I'd like to avoid a bigger change in this branch.) ***** mickaelnguyen ***** It doesn't work. After a bit of tinkering, it appears that doveadm does a check on whether it's stdin is a tty or not (It outputs "Fatal: stdin isn't a TTY") Guess we can't fix this without "bigger changes". :( ---------------------------------------------------------------------- Comment By: Lars Braeuer (mpexnetworks) Date: 2011-11-25 06:23 Message: I wrote a small bash wrapper script I placed in /usr/sbin/dovecotpw that calls doveadm pw. See the attached file. It's working fine for me without any change of postfixadmin for example. Haven't tested it with any other tools. ---------------------------------------------------------------------- Comment By: tex (tex0000) Date: 2011-03-18 13:11 Message: This is exactly the reason why I think that it's a _bad_ idea to rely on external binaries. If they are available at all they are going to break a some point in time. Why don't you implement the functionality in PHP? Have a look at http://git.gauner.org/vboxadm.git/blob/HEAD:/contrib/roundcube/plugins/vboxadm/vboxadm.php, the code there does exactly what you want to do. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 10:28 Message: Timo said it was a bug in this version youve tested. A tty check is also done by getpass() so it is not the real problem. He said also that the tty check is gone in 2.0.8 For us it means that we need a way to suppress the output of /dev/tty which comes from dovecotpw and doveadm pw for use in cli,. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:48 Message: Damn, checked it and it doesn't work ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 09:44 Message: Another try: Snowleopard wrote this at proc_open He uses this for his GPG function: // Set up the descriptors $Descriptors = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"), 3 => array("pipe", "r") // This is the pipe we can feed the password into ); we could also try // Set up the descriptors $Descriptors = array( 0 => array("pty"), 1 => array("pty"), 2 => array("pty"), 3 => array("pty") // This is the pipe we can feed the password into ); But i think the securest and better way is to write a php lib for dovecot crypt methods ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2010-12-30 07:17 Message: Maybe someone could pose a question to Timo (dovecot author) and he could make a suggestion for how to handle this - or possibly even change the way 'doveadm -pw' works so this could be fixed properly in pfadmin? ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2010-12-30 06:02 Message: I tested the pty fix but it doesn't work i got can't encrypt password with dovecotpw on my console with use of PFA-CLI ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2010-07-25 12:19 Message: A user comment on http://php.net/manual/en/function.proc-open.php (from 2007-12-27) suggests that using 'pty' might work. Please open functions.inc.php, search for "$spec = array(" (around line 1213 in 2.3.1) and replace it (including the following 3 lines) with: $spec = array( 0 => array('pty'), 1 => array('pty'), 2 => array('pty') ); Does this help? Otherwise we'll probably have to use "doveadm pw -p foobar" with the password on the commandline. However I don't like this idea because the password will be visible in the processlist for a short time then :-( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3034389&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-11-11 00:57:43
|
Bugs item #3436282, was opened at 2011-11-10 16:57 Message generated for change (Tracker Item Submitted) made by spiroid You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3436282&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Dray (spiroid) Assigned to: Nobody/Anonymous (nobody) Summary: No pagination links for alias list Initial Comment: When more than 10 aliases are stored in the database, only the 10 first are displayed. There are no links to navigate and to go to the next 10 elements. Postfixadmin svn installed, rev : r1263 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3436282&group_id=191583 |
|
From: SourceForge.net <no...@so...> - 2011-10-27 20:01:32
|
Feature Requests item #3006020, was opened at 2010-05-23 16:53 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3006020&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Valkum (valkum) Assigned to: Nobody/Anonymous (nobody) Summary: Advanced Config and Lang Initial Comment: I think about use an extended version of Config and Lang variables. In my CLI I use a simple class, cloned from Joomla!. I think this should be implemented in functions.inc.php. With this class you can read even lang and conf option in classes. This is not working with globals. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-10-27 22:01 Message: Well... ;-) gingerdog wrote: > Changing the configuration to be in an object which is a singleton and > silently used everywhere isn't really any different to using a global array > - it's still "a magic thing" which the callee/user has no direct control > over. The code has a high coupling to Config (the class) just in the same > way as it had a high coupling to the $CONF array. We won't get dependency-free code, and I don't see a problem with depending on the Config class. (And I don't think it's a problem that the caller/user has no direct control over it.) As a general note: My reason for migrating functionality to the *Handler classes is not to make the code object-orientated, MVC-compliant, encapsulated etc. The real reason for me is to have _easy to maintain_ code. And that's something where classes are great - we can move the code that is common for all *Handler classes to PFAHandler and it's available in all *Handler classes automatically. And we still have the flexibility to override some parts by (re)defining them in each *Handler class. The AliasHandler will probably only need the functions initStruct and initMsg, MailboxHandler will need some more (send welcome mail etc.). If we get object-orientated, MVC-compliant, encapsulated etc. code as a side effect: Nice, why not. If I have to ignore some holy grail rule of object-orientated programming to reach the target "easy to maintain code", then I'll just ignore the rule ;-) I can already see you screaming when I implement hooks for editing/customizing the $struct array ;-)) but nevertheless those hooks might be one of the most important improvements in 3.0 because they make it easy to add custom fields, hide existing fields etc. > Really the model classes should support injection of the Config/Lang > objects so they can be (if necessary) swapped for something else to aid > testing and reuse. You can easily replace the content of Config/Lang using Config::write/Lang::write, so I don't see a real problem here. > If Lang has no functionality over/above a Config object, is it worth > having having - why not just store the stuff in Config? One comment earlier you complained about "not really clean" code ;-) From the technical side we don't need a separate object for the texts and could store them in Config - but texts are not config options. I'd say we keep separate objects if they don't cause any problems (I have a server with PHP 5.2.14 and will test the behaviour there when I find some time.) valkum wrote: > What about changing the whole Lang object to use a helper function > t("string") That doesn't change much (except saving some bytes), but makes the code harder to understand. I prefer human-readable function/class calls. _If_ we decide to use the Config object for the texts, using something like Config::Lang('string') might be the best solution. ---------------------------------------------------------------------- Comment By: Valkum (valkum) Date: 2011-10-27 01:55 Message: What about changing the whole Lang object to use a helper function t("string") t("string") looks in Conf for language and include_once the matching language file when it is not already included. then t() returns the matching string ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2011-10-26 01:14 Message: (I'm also not sure how the Lang class will actually behave, especially under PHP5.2 where there isn't late static binding. I have a feeling calling Lang::getInstance() may actually return a Config object. If Lang has no functionality over/above a Config object, is it worth having having - why not just store the stuff in Config? ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2011-10-26 01:12 Message: <2p> To be argumentative - Changing the configuration to be in an object which is a singleton and silently used everywhere isn't really any different to using a global array - it's still "a magic thing" which the callee/user has no direct control over. The code has a high coupling to Config (the class) just in the same way as it had a high coupling to the $CONF array. Really the model classes should support injection of the Config/Lang objects so they can be (if necessary) swapped for something else to aid testing and reuse. </2p> ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2011-10-26 01:02 Message: In the meantime I moved your classes to model/ and removed duplicate code - the "Lang" class shrunk to class Lang extends Config { # exactly the same code, just another name ;-) } ;-) Some functions already use Lang::read and Config::read, the others will follow sooner or later. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3006020&group_id=191583 |
700 messages has been excluded from this view by a project administrator.
