Menu
▾
▴
squirrelmail-imapproxy — SquirrelMail IMAP Proxy Mailing List
You can subscribe to this list here.
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(6) |
Oct
(5) |
Nov
(6) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2011 |
Jan
(6) |
Feb
(1) |
Mar
|
Apr
(9) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(8) |
Nov
(14) |
Dec
(8) |
| 2012 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
(2) |
Sep
(3) |
Oct
|
Nov
|
Dec
(5) |
| 2013 |
Jan
(2) |
Feb
(6) |
Mar
|
Apr
(4) |
May
|
Jun
(2) |
Jul
|
Aug
(7) |
Sep
|
Oct
|
Nov
(9) |
Dec
|
| 2014 |
Jan
(10) |
Feb
|
Mar
(5) |
Apr
(1) |
May
(2) |
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
(6) |
Sep
(15) |
Oct
|
Nov
|
Dec
(4) |
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(6) |
Dec
|
| 2024 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Malte S. <m...@ma...> - 2024-07-11 14:28:14
|
Hello,
I am currently in the process of evaluating solutions to decrease latency in a webmail based IMAP setup. imapproxy was one of my approaches. In a test environment, I set it up with imaptest for generating a specific workload with a specific amount. Lets say 100 users with 5 sessions each. They connect to imapproxy which then connects over a higher-latency network to the IMAP server.
In my testcase, with the following config, I saw a buildup of connections until the IMAP server reached a max-client-limit of 1000. From my understanding this is not how the imapproxy was meant - shouldnt it have build up 100 connections (because there are only 100 unique users) and then kept them open, sending commands via them? Meaning that even a LOGOUT would not cause the connection to abort, because it will later be reused for other IMAP commands?
server_hostname {{ host }}
connect_retries 10
connect_delay 5
cache_size 30720
listen_port 143
listen_address 0.0.0.0
cache_expiration_time 300
send_tcp_keepalives yes
enable_select_cache no
server_port 143
proc_username nobody
proc_groupname nogroup
protocol_log_filename /var/log/prtc
stat_filename /var/log/stats
foreground_mode yes
Excuse my somewhat strange attempt at reviving this dead mailinglist. Appreciate any helpful inputs!
Best regards
|
|
From: Noel B. <noe...@au...> - 2020-11-30 14:23:03
|
On 30/11/2020 23:00, Erik Kangas, Ph.D. via squirrelmail-imapproxy wrote: > Hello, > > Have you tried using the "up-imapproxy.x86_64" package from EPEL? This is available in CentOS8 and does run. Using ldd shows it is linking with libcrypto.so.1.1 and libssl.so.1.1. > > -Erik > > On November 30, 2020 04:33:37 am EST, "Jens Wahnes" <wa...@un...> wrote: > Noel Butler wrote: >> imap proxy no longer builds on modern systems >> >> gcc 9.3 >> >> openssl-1.1.1h-x86_64 >> > > On RHEL 8 / CentOS 8, you could try building with the "compat-openssl10" > package installed. > > That workaround aside, it seems that development of > squirrelmail-imapproxy has tailed off. So I wouldn't get any hopes up > about this issue being resolved in the source code. I had a quick > glance at this, and not being a C programmer at all, I figured it's far > beyond my expertise. If it were just a renaming of some functions in > OpenSSL 1.1, I might have tried to do a "search and replace" kind of > fix, but it's certainly not that simple. > > Jens Thanks as per last msg, not centos user, but I might check out teh package and see ow they patched it :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. |
|
From: Noel B. <noe...@au...> - 2020-11-30 14:20:58
|
On 30/11/2020 19:32, Jens Wahnes wrote: > Noel Butler wrote: > >> imap proxy no longer builds on modern systems >> >> gcc 9.3 >> >> openssl-1.1.1h-x86_64 > > On RHEL 8 / CentOS 8, you could try building with the "compat-openssl10" package installed. > > That workaround aside, it seems that development of squirrelmail-imapproxy has tailed off. So I wouldn't get any hopes up about this issue being resolved in the source code. I had a quick glance at this, and not being a C programmer at all, I figured it's far beyond my expertise. If it were just a renaming of some functions in OpenSSL 1.1, I might have tried to do a "search and replace" kind of fix, but it's certainly not that simple. We use slackware, not CentOS on those machines, hrrm that does give an idea, opndkim anywhere apparently wont build on 1.1.1 so slackware has 1.0 libs instlaled that allows get around that, I might try same build trick. As for the project being dead, yeah I noticed that, but until we get webmail that uses persistent connections, imap-proxy is kinda needed if we can get it so we can dump it. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. |
|
From: Erik K. Ph.D. <ka...@lu...> - 2020-11-30 13:18:12
|
Hello, Have you tried using the "up-imapproxy.x86_64" package from EPEL? This is available in CentOS8 and does run. Using ldd shows it is linking with libcrypto.so.1.1 and libssl.so.1.1. -Erik On November 30, 2020 04:33:37 am EST, "Jens Wahnes" <wa...@un...> wrote: Noel Butler wrote: > imap proxy no longer builds on modern systems > > gcc 9.3 > > openssl-1.1.1h-x86_64 > On RHEL 8 / CentOS 8, you could try building with the "compat-openssl10" package installed. That workaround aside, it seems that development of squirrelmail-imapproxy has tailed off. So I wouldn't get any hopes up about this issue being resolved in the source code. I had a quick glance at this, and not being a C programmer at all, I figured it's far beyond my expertise. If it were just a renaming of some functions in OpenSSL 1.1, I might have tried to do a "search and replace" kind of fix, but it's certainly not that simple. Jens ----- squirrelmail-imapproxy mailing list Posting guidelines: [1]http://squirrelmail.org/postingguidelines List address: squ...@li... List archives: [2]http://news.gmane.org/gmane.mail.squirrelmail.imapproxy List info (subscribe/unsubscribe/change options): [3]https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy References Visible links 1. https://luxsci-email.com/_tRpuHA4SNEPEjsw4_2Kk_-PGS5cgWKjE_l2L65QP_Yg_-699/email-link/500/699/send-me?to=http://squirrelmail.org/postingguidelines 2. https://luxsci-email.com/_tRpuHA4SNEPEjsw4_2Kk_-PGS5cgWKjE_l2L65QP_Yg_-699/email-link/500/699/send-me?to=http://news.gmane.org/gmane.mail.squirrelmail.imapproxy 3. https://luxsci-email.com/_tRpuHA4SNEPEjsw4_2Kk_-PGS5cgWKjE_l2L65QP_Yg_-699/email-link/500/699/send-me?to=https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy |
|
From: Jens W. <wa...@un...> - 2020-11-30 09:32:52
|
Noel Butler wrote: > imap proxy no longer builds on modern systems > > gcc 9.3 > > openssl-1.1.1h-x86_64 > On RHEL 8 / CentOS 8, you could try building with the "compat-openssl10" package installed. That workaround aside, it seems that development of squirrelmail-imapproxy has tailed off. So I wouldn't get any hopes up about this issue being resolved in the source code. I had a quick glance at this, and not being a C programmer at all, I figured it's far beyond my expertise. If it were just a renaming of some functions in OpenSSL 1.1, I might have tried to do a "search and replace" kind of fix, but it's certainly not that simple. Jens |
|
From: Noel B. <noe...@au...> - 2020-11-27 02:36:50
|
imap proxy no longer builds on modern systems
gcc 9.3
openssl-1.1.1h-x86_64
/tmp/squirrelmail.imap_proxy# make
gcc -g -O2 -I. -I./include -c -o src/icc.o src/icc.c
gcc -g -O2 -I. -I./include -c -o src/main.o src/main.c
src/main.c: In function 'main':
src/main.c:464:10: warning: implicit declaration of function 'RAND_egd';
did you mean 'RAND_add'? [-Wimplicit-function-declaration]
464 | if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile )
) == f_randfile ) ? f_randfile : "/.rnd" ) )
| ^~~~~~~~
| RAND_add
src/main.c: In function 'SetBannerAndCapability':
src/main.c:1434:11: warning: implicit declaration of function
'Attempt_STARTTLS' [-Wimplicit-function-declaration]
1434 | if ( Attempt_STARTTLS( &itd ) != 0 )
| ^~~~~~~~~~~~~~~~
src/main.c: In function 'verify_callback':
src/main.c:1577:16: error: dereferencing pointer to incomplete type
'X509_STORE_CTX' {aka 'struct x509_store_ctx_st'}
1577 | switch (ctx->error) {
| ^~
make: *** [Makefile:67: src/main.o] Error 1
--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so. If
you are not the intended recipient, please notify the sender then delete
all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message. |
|
From: <noe...@au...> - 2020-11-11 00:16:04
|
Hey all, We had a webmail machine vent a few caps overnight (of course overnight - nothing ever falls over in business hours *sigh*) we were on it fast, ripped the drives out and into standby hardware, detected and boted, but we forgot that udev is as nasty as systemd in taking control of your system, and decided to reassign eth0 to eth1, so no interfaces were seen to be present and consequently none was upped, of course causing all sorts of nastyness for dovecot and apache, but they aborted their startup after a few seconds, however imapproxy was another case, it hung.....and hung.... and hung.... Why is there no load abort timeout? Might I suggest this is bug, and one that requires attention sooner, rather than later, so those dragged in at 1am dont have to think of everything :) |
|
From: Michael O. <mi...@sa...> - 2017-12-20 03:56:40
|
- I am able to login and test via telnet
- When I try and login via Mac Mail it appears to issue an ID command
which causes an error.
Does imapproxy support the ID command? I could not find any references to
it in the docs or the conf files.
Here is a print out from tcpdump of the request/responses
OK [CAPABILITY IMAP4rev1 LITERAL+ LOGIN-REFERRALS ID ENABLE AUTH=LOGIN
XIMAPPROXY] Dovecot ready.
ID ("name" "Mac OS X accountsd" "version" "113 (113)" "os" "Mac OS X"
"os-version" "10.13.1 (17B1003)" "vendor" "Apple Inc.")
BAD Please login first
LOGOUT
BYE LOGOUT received
OK Completed
Thank you for your help!
|
|
From: Paul L. <pa...@sq...> - 2017-09-16 07:43:46
|
On 2017年09月15日 07:58, Shane Raymond wrote: > How do I configure squirrel mail for entourage and for my iPhone 7? This is a mailing list for development of software your service provider has installed. For user-level support, please contact your service provider. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Shane R. <sha...@br...> - 2017-09-15 16:53:01
|
How do I configure squirrel mail for entourage and for my iPhone 7? |
|
From: Paul L. <pa...@sq...> - 2016-12-14 21:27:03
|
On Sat, December 10, 2016 12:49 pm, Richard Laager wrote: > Here's one more patch. This is pretty minor stylistic stuff in > imapproxy.conf that you may or may not agree with. Hi Richard, thanks for all the patches. I will be reviewing them as soon as I can make time. I have applied this one (the last (stylistic) one) just now so you know these are being seen and appreciated! |
|
From: Richard L. <rl...@wi...> - 2016-12-10 20:49:19
|
Here's one more patch. This is pretty minor stylistic stuff in imapproxy.conf that you may or may not agree with. -- Richard |
|
From: Richard L. <rl...@wi...> - 2016-12-10 20:45:09
|
I've attached another patch. This one fixes a spelling error. -- Richard |
|
From: Richard L. <rl...@wi...> - 2016-12-02 03:45:11
|
Moving to the imapproxy list. I've been running with these patches in production for a couple days now with no complaints. However, my production system is not on OpenSSL 1.1, so that patch hasn't gotten run-time testing, only compile-time. I've also attached the patches, so you're not dependent on my github repository. On 11/23/2016 06:04 PM, Richard Laager wrote: > I see you have recently accepted a round of imapproxy patches. I would > like to bring the following patches to your attention. > > So far, these have only passed the "it compiles" test. I'll be testing > all this code in production in a few days (after the Thanksgiving holiday). > > The EGD conditional is backwards: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-egd-ifdef.patch > > This fixes a compiler warning about not checking the return value from > dup(): > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/check-dup-return-value.patch > > This fixes some missing function definitions: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-missing-definitions.patch > > This fixes some warnings about size_t printf formatters. Note, I'm not > sure how portable the "z" modifer is: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-size_t-formatters.patch > > This uses socklen_t instead of int to fix some type mismatch warnings: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-socklen_t-types.patch > > This fixes signedness warnings: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-ssl-types.patch > > This fixes compiling on OpenSSL 1.1: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/openssl-1.1.patch > > Are these variables used? If not, they should be removed rather than > #ifdef 0'ed as this patch does: > https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/remove-unused-variables.patch -- Richard |
|
From: André P. <A.P...@ul...> - 2016-09-14 13:44:30
|
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2016-09-14 02:34, Paul Lesniewski
wrote:<br>
</div>
<blockquote
cite="mid:0aa...@sq..."
type="cite">
<pre wrap="">Sorry for the delay. Please post this kind of message to public mailing
lists, not to personal email addresses.</pre>
</blockquote>
Thank you for your answer.<br>
No problem except for having to subscribe to and drown under dozens
of lists.<br>
<blockquote
cite="mid:0aa...@sq..."
type="cite">
<blockquote type="cite">
<pre wrap="">Please forward to possible more appropriate recipients.
I have subscribed to several mailman lists, e.g. tagging
<a class="moz-txt-link-abbreviated" href="mailto:ta...@op...">ta...@op...</a>
<a class="moz-txt-link-rfc2396E" href="https://lists.openstreetmap.org/listinfo/tagging"><https://lists.openstreetmap.org/listinfo/tagging></a>.
I used the same gmail account as subscriber for all of them.
I direct each list's e-mail into its own folder (gmail "label") with a
gmail filter.
Accessing that archive to search it, reply to old messages etc. is a
real convenience.
I'd love to share that archive with other people.
But giving them write access to it would mean its deterioration.
Si, I wondered if Imapproxy is able to provide public, read-only access
to such a server.
</pre>
</blockquote>
<pre wrap="">
SquirrelMail IMAP Proxy could be changed to block a list of IMAP
commands, but it would be better if you created a list of commands that
were acceptable and block all others. Still, keep in mind that even
"innocent" commands such as that to read a message can make changes in
the message store (in this case, potentially change a message state from
unread to read). It's possible there could be worse examples.
But, if someone wants to come up with a list of IMAP commands that would
comprise a read-only proxy setup, I'd consider adding it since it looks
somewhat trivial (FYI, ~line 1354 in Raw_Proxy() in src/request.c). I'm
not sure, however, if there would be other ill effects (for example,
responding "NO" or "BAD" to disallowed commands might confuse the
client, as would issuing a faked (dishonest) "OK" response).
</pre>
<blockquote type="cite">
<pre wrap="">And if someone could make the configuration and provide a server to run
that experiment?
</pre>
</blockquote>
<pre wrap="">
BTW, you'd want to configure auth_sasl_plain_username,
auth_sasl_plain_password and auth_shared_secret and give out the shared
secret to anyone allowed to use the system. Have fun proxying mass
access to Gmail - feels like any number of things could go wrong.</pre>
</blockquote>
Thanks for letting me know that it would need modifications to
SquirrelMail IMAP Proxy
to support Read Only public access.<br>
<br>
<blockquote
cite="mid:0aa...@sq..."
type="cite">
<blockquote type="cite">
<pre wrap="">I would extend the configuration and make the mailman to gmail message
conversion.
I run a few byethost-like free servers. I don't know if that imapproxy
configuration could be installed on them. If that were possible, I
would do it.
</pre>
</blockquote>
<pre wrap="">
My gut says there are better ways to provide mailing list archives to
the public. Maybe you should collaborate to bring back gmane.org (oh
wait, it's back).</pre>
</blockquote>
<a href="http://gmane.org/">I browsed gmain.org</a> for an
explanation of how it works and all I could find is "Any public
mailing list can be carried
by Gmane". When I tried to open the mailing lists links IO found,
all I got is "problem loading page".<br>
<br>
The system I use and suggest in public R/O mode is ideal because all
it needs is a plain IMAP MUA and server.<br>
You get the full search and reply etc. capabilities that you have
with your own IMAP folders.<br>
<br>
Unfortunately, mailman's Mark Sapiro is not convinced <br>
Unfortunately too, many people have fallen in the trap of using
Webmails whose first shortcoming of many is to be unable to use
several IMAP servers (and hence to copy e-mail to a backup server.
Webmails and the way people use IMAP have made e-mail a bad
reputation).<br>
<br>
So, my best option is to continue to enjoy that system for myself.<br>
But if you came up with a R/O public version and if I had simple
instructions and a server to run it, I would certainly set up demo
versions of it, including converting old e-mail logs to IMAP.<br>
<br>
Thanks for your attention.<br>
Cheers
<br>
<br>
<table>
<tbody>
<tr>
<td>André.</td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<br>
<br>
</body>
</html>
|
|
From: Paul L. <pa...@sq...> - 2016-09-14 03:05:51
|
On 2016年09月13日 17:01, Paul Lesniewski wrote: > > > On 2016年03月31日 12:57, Loganaden Velvindron wrote: >> EGD has largely become legacy now. >> >> OpenSSL disables it by default in its latest release, and LibreSSL has >> ripped it out completely. >> >> I took the patch from OpenBSD, from an older version. > > Committed. Thank you. Actually, sorry, I reversed this and used a different patch from the BSD team that makes its use conditional. Please do let me know if this creates any problems. Thanks again! -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2016-09-14 02:02:41
|
Shawn,
Sorry for the delay. This has been added.
Thank you!
On 2013年08月24日 19:56, Shawn Landden wrote:
> from prctl(2):
>
> With no_new_privs set to 1, execve(2) promises not to grant
> privileges to do anything that could not have been done without
> the execve(2) call (for example, rendering the set-user-ID and
> set-group-ID permission bits, and file capabilities non-func‐
> tional). Once set, this bit cannot be unset. The setting of
> this bit is inherited by children created by fork(2) and
> clone(2), and preserved across execve(2).
> ---
> include/imapproxy.h | 3 +++
> src/becomenonroot.c | 16 +++++++++++++++-
> 2 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/include/imapproxy.h b/include/imapproxy.h
> index ce0b13b..aa090c4 100644
> --- a/include/imapproxy.h
> +++ b/include/imapproxy.h
> @@ -152,6 +152,9 @@
> #include <limits.h>
> #endif
>
> +#ifndef PR_SET_NO_NEW_PRIVS
> +#define PR_SET_NO_NEW_PRIVS 38
> +#endif
>
> /*
> * Common definitions
> diff --git a/src/becomenonroot.c b/src/becomenonroot.c
> index f19a9fb..7399ba8 100644
> --- a/src/becomenonroot.c
> +++ b/src/becomenonroot.c
> @@ -57,6 +57,9 @@
> #if HAVE_UNISTD_H
> #include <unistd.h>
> #endif
> +#ifdef __linux__
> +#include <sys/prctl.h>
> +#endif
>
> #include "imapproxy.h"
>
> @@ -185,7 +188,18 @@ extern int BecomeNonRoot( void )
> newuid, strerror(errno));
> return(-1);
> }
> -
> +
> +#ifdef __linux__
> + if ( prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
> + {
> + syslog( LOG_WARNING, "%s: prctl(PR_SET_NO_NEW_PRIVS, 1) failed: %s", fn,
> + strerror(errno));
> + if ( errno == EINVAL )
> + syslog( LOG_INFO, "%s: Perhaps kernel too old (<3.5)", fn);
> + } else
> + syslog( LOG_INFO, "%s: enabled no_new_privs", fn)
> +#endif
> +
> return(0);
> }
>
>
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: Paul L. <pa...@sq...> - 2016-09-14 01:45:16
|
On 2014年03月16日 22:11, Emmanuel Dreyfus wrote: > Emmanuel Dreyfus <ma...@ne...> wrote: > >>> - cmd_authenticate_login() or cmd_login() call ICC_Invalidate() >>> - ICC_Invalidate() frees the TLS context >>> => XXX nobody moves the ICC to the free list >>> - ICC_Recycle() uses the ICC for IMAP_Write()/SSL_shutdown() and crashes. >> >> Here is a fix proposal: > > I have not observed any crash since I applied the patch. Emmanuel, sorry for the great delay. This fix has been added. Thank you very much! -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2016-09-14 01:25:58
|
On 2014年07月11日 22:01, David Severance wrote: > I have noticed that if I try to compile on 64 bit machines (versus 32bit > systems) I get this warning: > >> src/main.c: In function ‘main’: >> src/main.c:744: warning: cast to pointer from integer of different size > > I believe the problem has to do with improper casting of the int > clientsd to a void pointer. It's been awhile since I coded C so I could > be wrong but I think this needs an adjustment. This is the last thing to > sort out before I can deploy a fully native 64 bit software stack. Fixed -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2016-09-14 01:16:01
|
Bernard, On 2015年05月16日 03:05, Spil Oss wrote: > Hi, > > The current SquirrelMail IMAP proxy does not build with LibreSSL due > to LibreSSL dropping support for the perl EGD (entropy gathering > daemon). There are currently NO supported operating systems requiring > the perl EGD, all supported OS's have a random device that exceeds the > performance and randomness of the EGD. Most OS's have had proper RNGs > for many years. > > To fix build with LibreSSL, I've added a configure check for RAND_egd > and an #ifdef around the line of code preventing building without it. > This is part of a larger effort to make all ports build on FreeBSD > with LibreSSL (see https://wiki.freebsd.org/LibreSSL) and provide the > patches to upstream projects. > > Attached patches do not include the changes to config.h.in and > configure as these are regenerated by the FreeBSD port. The FreeBSD > port already contained additional patches to the code which have not > been included in these patches. You can view the original patches at > https://svnweb.freebsd.org/ports/head/mail/up-imapproxy/files/ and the > new patches at https://github.com/Sp1l/ports/tree/master/mail/up-imapproxy > > Hope that you'll include these patches into your code! Thanks for your patience. These have been added to our repository. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2016-09-14 00:35:02
|
Sorry for the delay. Please post this kind of message to public mailing lists, not to personal email addresses. > Please forward to possible more appropriate recipients. > > I have subscribed to several mailman lists, e.g. tagging > ta...@op... > <https://lists.openstreetmap.org/listinfo/tagging>. > I used the same gmail account as subscriber for all of them. > I direct each list's e-mail into its own folder (gmail "label") with a > gmail filter. > Accessing that archive to search it, reply to old messages etc. is a > real convenience. > > I'd love to share that archive with other people. > But giving them write access to it would mean its deterioration. > > Si, I wondered if Imapproxy is able to provide public, read-only access > to such a server. SquirrelMail IMAP Proxy could be changed to block a list of IMAP commands, but it would be better if you created a list of commands that were acceptable and block all others. Still, keep in mind that even "innocent" commands such as that to read a message can make changes in the message store (in this case, potentially change a message state from unread to read). It's possible there could be worse examples. But, if someone wants to come up with a list of IMAP commands that would comprise a read-only proxy setup, I'd consider adding it since it looks somewhat trivial (FYI, ~line 1354 in Raw_Proxy() in src/request.c). I'm not sure, however, if there would be other ill effects (for example, responding "NO" or "BAD" to disallowed commands might confuse the client, as would issuing a faked (dishonest) "OK" response). > And if someone could make the configuration and provide a server to run > that experiment? BTW, you'd want to configure auth_sasl_plain_username, auth_sasl_plain_password and auth_shared_secret and give out the shared secret to anyone allowed to use the system. Have fun proxying mass access to Gmail - feels like any number of things could go wrong. > I would extend the configuration and make the mailman to gmail message > conversion. > > I run a few byethost-like free servers. I don't know if that imapproxy > configuration could be installed on them. If that were possible, I > would do it. My gut says there are better ways to provide mailing list archives to the public. Maybe you should collaborate to bring back gmane.org (oh wait, it's back). -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
|
From: Paul L. <pa...@sq...> - 2016-09-14 00:01:36
|
On 2016年03月31日 12:57, Loganaden Velvindron wrote:
> EGD has largely become legacy now.
>
> OpenSSL disables it by default in its latest release, and LibreSSL has
> ripped it out completely.
>
> I took the patch from OpenBSD, from an older version.
Committed. Thank you.
> Index: src/main.c
> ===================================================================
> --- src/main.c (revision 14549)
> +++ src/main.c (working copy)
> @@ -452,13 +452,8 @@
> /* Set up OpenSSL thread protection */
> ssl_thread_setup(fn);
>
> - /* Need to seed PRNG, too! */
> - if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) )
> == f_randfile ) ? f_randfile : "/.rnd" ) )
> - {
> - /* Not an EGD, so read and write it. */
> - if ( RAND_load_file( f_randfile, -1 ) )
> + if ( RAND_load_file( f_randfile, -1 ) )
> RAND_write_file( f_randfile );
> - }
>
> SSL_load_error_strings();
>
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: Paul L. <pa...@sq...> - 2016-09-13 23:51:16
|
On Mon, September 12, 2016 4:23 pm, Paul Lesniewski wrote:
>
>
> On Sun, September 4, 2016 9:03 am, Jean-Luc Wasmer wrote:
>> Hi,
>>
>> I use Imapproxy 1.2.7 between Roundcube & Dovecot. I installed a
>> Roundcube plugging that sends the web client's IP address to the IMAP
>> server using the ID command. This way log files contain the real IP of
>> the user instead of the web server IP address.
>>
>> Unfortunately, Imapproxy doesn't like that:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ LOGIN-REFERRALS ID ENABLE
>> XIMAPPROXY] Dovecot ready.
>> A0001 ID ("x-originating-ip" "24.212.235.245")
>> A0001 BAD Please login first
>> A0002 LOGIN user1 "password"
>>
>>
>> When I by-pass Imapproxy:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
>> A0001 ID ("x-originating-ip" "24.212.235.245")
>> * ID ("name" "Dovecot")
>> A0001 OK ID completed.
>> A0002 AUTHENTICATE PLAIN AAAABBBBBCCCCDDD==
>>
>>
>>
>> This seems like a rather simple command to support, would it be possible
>> to add it?
>
> It's not simple at all. Because it's a pre-auth command, the proxy server
> doesn't know what to do with it. The proxy server needs the client to
> authenticate/log in before it knows whether it already holds an
> established server connection or has to create a new one. The best it
> could do is hold a queue of pre-auth commands (offering what amount to
> fake "OK" responses to each) that would be dumped into the server
> connection once a auth/login command is received. That's ugly, might be
> consumptive of memory, and probably wouldn't sit well with clients who
> expect real responses to each command.
>
> You could change the webmail plugin you are using to send the ID command
> after the user is logged in and everything should work as-is, with only
> the login command not having the remote IP address associated with it in
> your logs.
>
> You could use a plugin that logs separate data straight from the webmail
> software that documents the IP address where the user logged in from (in
> SquirrelMail, this is supported by the squirrel_logger plugin).
>
> I might add a limited implementation of the preauth command queue (per
> above), where it only holds one ID command. I'll reply again if I get
> around to it.
The latter has been added. Please pull from SVN or wait a day to get a
snapshot from our downloads page.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: Paul L. <pa...@sq...> - 2016-09-12 23:23:47
|
On Sun, September 4, 2016 9:03 am, Jean-Luc Wasmer wrote:
> Hi,
>
> I use Imapproxy 1.2.7 between Roundcube & Dovecot. I installed a
> Roundcube plugging that sends the web client's IP address to the IMAP
> server using the ID command. This way log files contain the real IP of
> the user instead of the web server IP address.
>
> Unfortunately, Imapproxy doesn't like that:
>
> * OK [CAPABILITY IMAP4rev1 LITERAL+ LOGIN-REFERRALS ID ENABLE
> XIMAPPROXY] Dovecot ready.
> A0001 ID ("x-originating-ip" "24.212.235.245")
> A0001 BAD Please login first
> A0002 LOGIN user1 "password"
>
>
> When I by-pass Imapproxy:
>
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
> A0001 ID ("x-originating-ip" "24.212.235.245")
> * ID ("name" "Dovecot")
> A0001 OK ID completed.
> A0002 AUTHENTICATE PLAIN AAAABBBBBCCCCDDD==
>
>
>
> This seems like a rather simple command to support, would it be possible
> to add it?
It's not simple at all. Because it's a pre-auth command, the proxy server
doesn't know what to do with it. The proxy server needs the client to
authenticate/log in before it knows whether it already holds an
established server connection or has to create a new one. The best it
could do is hold a queue of pre-auth commands (offering what amount to
fake "OK" responses to each) that would be dumped into the server
connection once a auth/login command is received. That's ugly, might be
consumptive of memory, and probably wouldn't sit well with clients who
expect real responses to each command.
You could change the webmail plugin you are using to send the ID command
after the user is logged in and everything should work as-is, with only
the login command not having the remote IP address associated with it in
your logs.
You could use a plugin that logs separate data straight from the webmail
software that documents the IP address where the user logged in from (in
SquirrelMail, this is supported by the squirrel_logger plugin).
I might add a limited implementation of the preauth command queue (per
above), where it only holds one ID command. I'll reply again if I get
around to it.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
|
|
From: Paul L. <pa...@sq...> - 2016-09-12 18:48:57
|
On 2016年08月02日 04:11, Thomas Barth wrote: > Thanks for the trick! No timeout with type simple. It s ok for me. Main > thing is that it works. > > > Am 02.08.2016 um 12:45 schrieb Jens Wahnes: >> Thomas Barth wrote: >> >>> The unit file is: >>> >>> /lib/systemd/system/imapproxy.service >>> >>> [Unit] >>> Documentation=man:imapproxyd(8) >>> Description=IMAP proxy >>> After=network-online.target >>> Wants=network-online.target >>> >>> [Service] >>> Type=forking >>> ExecStart=/usr/sbin/imapproxyd -f /etc/imapproxy.conf >>> >> >> I see. So the main difference between my unit file and this one seems >> to be the "type" of service. Previously, I had tried "Type=forking" as >> well, but since that didn't work out very well, I went to try >> "Type=simple". For me, this is doing the trick so far, but as I >> pointed out before, I'm terribly satisfied with this approch. Well, >> you still may want to give that a shot anyway and see if it works for >> you. The problem here is that systemd apparently starts services from PID 1, and there was a check in the code to make sure the parent wasn't PID 1 because in other contexts, that would have meant the parent was already detached and imapproxy was in fact daemonized already. I removed that check which fixes this issue, hoping that that it wasn't really feasible in any other context that the code could have come to try to re-daemonize anyway. I'll probably add this unit file as well: [Unit] Description=SquirrelMail IMAP proxy server After=network.target network-online.target local-fs.target syslog.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/usr/local/sbin/in.imapproxyd Restart=always RestartSec=5 [Install] WantedBy=multi-user.target -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
1 message has been excluded from this view by a project administrator.
