Hi,

I tried a fix on my own. Here is my try:

diff modules/smtp/serv_smtp.c modules/smtp/serv_smtp.c.new

432c432,434

<       char password[SIZ];

---

>       long decoded_len;

>       char pass[SIZ] = "";

>       long plen = 0;

434,437c436,447

<       memset(password, 0, sizeof(password));

<       StrBufDecodeBase64(sSMTP->Cmd);

<       syslog(LOG_DEBUG, "Trying <%s>", password);

<       if (CtdlTryPassword(SKEY(sSMTP->Cmd)) == pass_ok) {

---

>       decoded_len = StrBufDecodeBase64(sSMTP->Cmd);

>       if (decoded_len > 0)

>       {

>               /* copy password and remove trailing '>' */

>               plen = safestrncpy(pass, ChrPtr(sSMTP->Cmd), sizeof pass);

>               if (plen > 0) {

>                       plen--;

>                       pass [plen] = 0;

>               }

>       }

>       syslog(LOG_DEBUG, "Trying <%s>", pass);

>       if (plen > 0 && CtdlTryPassword(pass,plen) == pass_ok) {

It works for me but I'm not sure I broke somethinge else ;-)

So it would be very nice if somebody with more knowlege could check this and add an improved version to the repository.

Best regards,

Peter

334 VXNlcm5hbWU6 ZnJpdHpib3g=
334 UGFzc3dvcmQ6 ZnJpdHpib3g=

$ echo "VXNlcm5hbWU6 ZnJpdHpib3g=" |base64 --decode
Username:base64: invalid input

$ echo "VXNlcm5hbWU6" |base64 --decode
Username:
$ echo "ZnJpdHpib3g=" |base64 --decode
fritzbox

c:>telnet relay.plus.net 25 <CR>

220 relay.plus.net ESMTP Exim <today's date>
helo username.plus.com <CR>
250-<server>.plus.net Hello username.plus.com <ipaddress>
mail from: <email account>@username.plus.com <CR>
250 OK
rcpt to: <email account>@username.plus.com <CR>
250 Accepted
data <CR> [start data (email text) entry]
354 Please start mail input.
Date: 2 Jan 04 12:00:00
Subject: test email from SMTP
This is a test mail from the SMTP server <CR>
. <CR> [single dot on it's own terminates message text]
250 Mail queued for delivery.
Quit <CR>
221 Closing connection

Hi,

I'm quite new to Citadel. I'm running a Citadel 929 installation (done
with really nice Easy Install method) on a Raspberry Pi in my local
network without any contact to the internet. It's there so that ma
FritzBox router can send notification emails when it receives e.g. fax
documents. There the problems start.

User management is done in Citadel with it's built in user management. I
set up a user "fritzbox" and password "fritzbox" for the FritzBox so
that it can send emails. The FritzBox I configured to not use any kind
of encryption, so it's using SMTP over port 25. So far so good.

When the FritzBox tries to login, it's using the SMTP "AUTH LOGIN"
method. The login always fails. I did a capture and checked it with
wireshark:

220 raspberrypi.fritz.box ESMTP Citadel server ready.

EHLO fritzbox

250-Hello fritzbox (fritz.box [192.168.2.1])

250-HELP

250-SIZE 10485760

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250 8BITMIME AUTH LOGIN

334 VXNlcm5hbWU6 ZnJpdHpib3g=

334 UGFzc3dvcmQ6 ZnJpdHpib3g=

535 Authentication failed.

QUIT

221 Goodbye...

So Citadel reports "535 Authentication failed." :-(

I checked the sources and there seems to be something wrong.

The password check is done in int CtdlTryPassword(const char *password,
long len)

In this piece of code:

    else {

/* native auth mode */

        char *pw;

        pw = (char*) malloc(len + 1);

        memcpy(pw, password, len + 1);

        strproc(pw);

        strproc(CCC->user.password);

        code = strcasecmp(CCC->user.password, pw);

        if (code != 0) {

            strproc(pw);

            strproc(CCC->user.password);

            code = strcasecmp(CCC->user.password, pw);

        }

        free (pw);

    }

Unfortunately the passed in string for the password at /CtdlTryPassword/
contains a trailing '>' from the BASE64 decoding. Now this password is
compared to the stored password and as expected it fails ...

In the function /int CtdlLoginExistingUser(const char *trythisname)/ for
handling the user name the string handling seems to be ok. There the
trailing '>' of the user name is removed:

    safestrncpy(username, trythisname, sizeof (username));

    striplt(username);

Is there anybody who can fix this in the password code?

Thanks in advance

Peter

The SMTP client is using "AUTH LOGIN" (sorry, some missing line breaks in my original message). This requires separated username and password transmission as you can see in my message. So the client encodes username and password separately. What you probably have in mind is "AUTH PLAIN" where both username and password are encoded together.

What I have seen while debugging is that after the BASE64 decoding of a string in Citadel, always a '>' character is appended in the resulting string. The username is handled correctly and the trailing '>' is removed before it is checked against the Citadel user database. But this is not done with the password when doing the "AUTH LOGIN". 

So in the fix I did, I just remove this trailing '>' from the password before the password is checked against the Citadel user database.

To double check this you can create a user in Citadel with username and password "fritzbox", telnet into Citadel on port 25 and send the following strings:

EHLO fritzbox

AUTH LOGIN

ZnJpdHpib3g=

ZnJpdHpib3g=

Then you get the "535 Authentication failed."

With my fix it works.

Best regards,

Peter

Fri Jun 26 2020 17:09:52 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: Problems with SMTP login

I wonder if the SMTP dialog knows how to separate the strings.
So, I don't if is correct to send two encoded string in each line like in:

334 VXNlcm5hbWU6 ZnJpdHpib3g=
334 UGFzc3dvcmQ6 ZnJpdHpib3g=

In a command line, if I try to decode both I got errors

$ echo "VXNlcm5hbWU6 ZnJpdHpib3g=" |base64 --decode
Username:base64: invalid input

But trying each string separated works:

$ echo "VXNlcm5hbWU6" |base64 --decode
Username:
$ echo "ZnJpdHpib3g=" |base64 --decode
fritzbox

Maybe this kind of test can give you some more hints. This test works in
windows with telnet and it works. And I remember it works the equivalent
in Linux too.

c:>telnet relay.plus.net 25 <CR>

220 relay.plus.net ESMTP Exim <today's date>
helo username.plus.com <CR>
250-<server>.plus.net Hello username.plus.com <ipaddress>
mail from: <email account>@username.plus.com <CR>
250 OK
rcpt to: <email account>@username.plus.com <CR>
250 Accepted
data <CR> [start data (email text) entry]
354 Please start mail input.
Date: 2 Jan 04 12:00:00
Subject: test email from SMTP
This is a test mail from the SMTP server <CR>
. <CR> [single dot on it's own terminates message text]
250 Mail queued for delivery.
Quit <CR>
221 Closing connection

Regards


On 6/25/20 6:11 AM, CitadelBeginner wrote:

Hi,

I'm quite new to Citadel. I'm running a Citadel 929 installation (done
with really nice Easy Install method) on a Raspberry Pi in my local
network without any contact to the internet. It's there so that ma
FritzBox router can send notification emails when it receives e.g. fax
documents. There the problems start.

User management is done in Citadel with it's built in user management. I
set up a user "fritzbox" and password "fritzbox" for the FritzBox so
that it can send emails. The FritzBox I configured to not use any kind
of encryption, so it's using SMTP over port 25. So far so good.

When the FritzBox tries to login, it's using the SMTP "AUTH LOGIN"
method. The login always fails. I did a capture and checked it with
wireshark:

220 raspberrypi.fritz.box ESMTP Citadel server ready.

EHLO fritzbox

250-Hello fritzbox (fritz.box [192.168.2.1])

250-HELP

250-SIZE 10485760

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250 8BITMIME

AUTH LOGIN

334 VXNlcm5hbWU6

ZnJpdHpib3g=

334 UGFzc3dvcmQ6

ZnJpdHpib3g=

535 Authentication failed.

QUIT

221 Goodbye...

So Citadel reports "535 Authentication failed." :-(

I checked the sources and there seems to be something wrong.

The password check is done in int CtdlTryPassword(const char *password,
long len)

In this piece of code:

    else {

/* native auth mode */

        char *pw;

        pw = (char*) malloc(len + 1);

        memcpy(pw, password, len + 1);

        strproc(pw);

        strproc(CCC->user.password);

        code = strcasecmp(CCC->user.password, pw);

        if (code != 0) {

            strproc(pw);

            strproc(CCC->user.password);

            code = strcasecmp(CCC->user.password, pw);

        }

        free (pw);

    }

Unfortunately the passed in string for the password at /CtdlTryPassword/
contains a trailing '>' from the BASE64 decoding. Now this password is
compared to the stored password and as expected it fails ...

In the function /int CtdlLoginExistingUser(const char *trythisname)/ for
handling the user name the string handling seems to be ok. There the
trailing '>' of the user name is removed:

    safestrncpy(username, trythisname, sizeof (username));

    striplt(username);

Is there anybody who can fix this in the password code?

Thanks in advance

Peter

OK from doing a comparison with 917 I can see that "CULL" has been removed as a manual command from modules/ctdlproto/serv_syscmds.c. And cdb_cull_logs() in database.c doesn't do anything now. But why? Now my server is just filling up with log files... There is a comment in database.c in 917 implying that Berkeley DB should be deleting the unneeded logs itself in future but that doesn't seem to be happening. Anyone got any ideas?

Sat Jun 20 2020 15:09:14 EDT from BenM @ Uncensored Subject: Is sendcommand "CULL" no longer supported?

Hi,

I have upgraded to Citadel 929 Easy Install from 917 installed from .debs, due to upgrading the server to Debian Buster. 

Up until now I have been using the "hot" backup method with a script that issues /usr/local/citadel/sendcommand "CULL" after the backup is complete. However, after the upgrade the log files are no longer being deleted.

root@myserver:~# /usr/local/citadel/sendcommand "CULL"

sendcommand: started (pid=25745) connecting to Citadel server at /usr/local/citadel/citadel-admin.socket

200 helium Citadel server ADMIN CONNECTION ready.

CULL

530 Unrecognized or unsupported command.

Can I just delete logs older than a certain date instead? Or did "CULL" have some other effect too?

 

Thanks,

Ben

 

 

I performed an easy install, but most the files from the documented file list do not appear.
I configured a room with the appropriate alias, but the server returns all email to that alias as undeliverable, user not found.
I manually created network/mail.alias, and restarted, but still no joy.
Any thoughts?

That didn't work either.

Sun Jun 28 2020 11:42:53 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Support request.

I manually created network/mail.alias, and restarted, but still no

mail.aliases is not supported in any modern version of Citadel. To add an alias for a user, edit the user's account and add more email addresses to the account.

Sorry, I tried this, well for the room.  

Sun Jun 28 2020 11:42:53 EDT from IGnatius T Foobar @ Uncensored
Subject: Re: Support request.

I manually created network/mail.alias, and restarted, but still no


mail.aliases is not supported in any modern version of Citadel. To
add an alias for a user, edit the user's account and add more email
addresses to the account.

Sorry, I tried this, well for the room.

I can get mail at room_info@domain    but I was looking to setup a mailing list that when someone mails info@domain it sends that message to several users (a shared mailbox works in a pinch, but not preferred)

Tue Jun 30 2020 12:12:44 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: Support request.

Maybe this can works for you too.



So, you could e-mail to:
room_info@youdomain.com

Regards

On 6/29/20 1:01 PM, skenigma wrote:

I can get mail at room_info@domain    but I was looking to setup a
mailing list that when someone mails info@domain it sends that message
to several users (a shared mailbox works in a pinch, but not preferred)

Tue Jun 30 2020 12:12:44 EDT from "s3cr3to"
<s3cr3to@uncensored.citadel.org> Subject: Re: Support request.
Maybe this can works for you too.



So, you could e-mail to:
room_info@youdomain.com

Regards

On 6/29/20 1:01 PM, skenigma wrote:

Thanks - thanks 'db_archive -d' should do the trick.

Sun Jun 28 2020 11:47:07 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Is sendcommand "CULL" no longer supported?

OK from doing a comparison with 917 I can see that "CULL" has been removed

as

a manual command from modules/ctdlproto/serv_syscmds.c. And cdb_cull_logs()

The CULL command has been deprecated for some time. You can now use the built-in configuration directive "automatically delete committed database logs". This is the default behavior, so unless you've changed it, you're already ok here.

If you are working in an environment where you want to back up all of the logs before deleting them, you can use the Berkeley DB utilities to accomplish the same thing. "db_archive -d" will do the same thing that the CULL server command used to do.

Documentation for the Berkeley DB utilities: [ https://docs.oracle.com/cd/E17275_01/html/api_reference/C/utilities.html ]

Hi,

I am wondering what is the difference between 'Edit configuration -> Internet e-mail aliases' and 'Edit address book entry -> Internet e-mail aliases'? Both seem to work - at least some of the time - but if I set an alias in one place it is not reflected in the other.

IIRC 'Edit configuration -> Internet e-mail aliases' didn't exist in previous releases so most of my users have aliases set under 'Edit address book entry'.

Ben

Hi IG... I am unable to log into the board with bennabiy because I think back in the day I used AIM auth, and it does not seem to be working anymore. Any way to recover that account?

Sorry, I am still a little confused. I was just referring to the options displayed under 'Administration --> Add, change, delete user accounts', beneath the list of users when logged in as the administrator.

The 'Edit configuration' option lets me set a password and access level for the user selected from the list, but there is also a box labelled 'Internet e-mail aliases' on that screen. Are you saying that this box refers to the current user (the admin), not the user selected from the list?

Thanks,

Ben

Fri Jul 03 2020 18:51:25 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Correct place to set e-mail address aliases for users via webit?

I am wondering what is the difference between 'Edit configuration -> Internet

e-mail aliases' and 'Edit address book entry -> Internet e-mail aliases'?

"Edit address book entry --> Internet e-mail aliases" is an administrator command to edit the Internet email addresses of any user on your system.

"Edit configuration --> Internet e-mail aliases" is a regular user level command to edit YOUR addresses.