Hi,
I tried a fix on my own. Here is my try:
diff modules/smtp/serv_smtp.c modules/smtp/serv_smtp.c.new
432c432,434
< char password[SIZ];
---
> long decoded_len;
> char pass[SIZ] = "";
> long plen = 0;
434,437c436,447
< memset(password, 0, sizeof(password));
< StrBufDecodeBase64(sSMTP->Cmd);
< syslog(LOG_DEBUG, "Trying <%s>", password);
< if (CtdlTryPassword(SKEY(sSMTP->Cmd)) == pass_ok) {
---
> decoded_len = StrBufDecodeBase64(sSMTP->Cmd);
> if (decoded_len > 0)
> {
> /* copy password and remove trailing '>' */
> plen = safestrncpy(pass, ChrPtr(sSMTP->Cmd), sizeof pass);
> if (plen > 0) {
> plen--;
> pass [plen] = 0;
> }
> }
> syslog(LOG_DEBUG, "Trying <%s>", pass);
> if (plen > 0 && CtdlTryPassword(pass,plen) == pass_ok) {
It works for me but I'm not sure I broke somethinge else ;-)
So it would be very nice if somebody with more knowlege could check this and add an improved version to the repository.
Best regards,
Peter
Subject: Re: Problems with SMTP login
So, I don't if is correct to send two encoded string in each line like in:
334 VXNlcm5hbWU6 ZnJpdHpib3g=In a command line, if I try to decode both I got errors
334 UGFzc3dvcmQ6 ZnJpdHpib3g=
$ echo "VXNlcm5hbWU6 ZnJpdHpib3g=" |base64 --decodeBut trying each string separated works:
Username:base64: invalid input
$ echo "VXNlcm5hbWU6" |base64 --decodeMaybe this kind of test can give you some more hints. This test works in
Username:
$ echo "ZnJpdHpib3g=" |base64 --decode
fritzbox
windows with telnet and it works. And I remember it works the equivalent
in Linux too.
c:>telnet relay.plus.net 25 <CR>Regards
220 relay.plus.net ESMTP Exim <today's date>
helo username.plus.com <CR>
250-<server>.plus.net Hello username.plus.com <ipaddress>
mail from: <email account>@username.plus.com <CR>
250 OK
rcpt to: <email account>@username.plus.com <CR>
250 Accepted
data <CR> [start data (email text) entry]
354 Please start mail input.
Date: 2 Jan 04 12:00:00
Subject: test email from SMTP
This is a test mail from the SMTP server <CR>
. <CR> [single dot on it's own terminates message text]
250 Mail queued for delivery.
Quit <CR>
221 Closing connection
On 6/25/20 6:11 AM, CitadelBeginner wrote:
Hi,
I'm quite new to Citadel. I'm running a Citadel 929 installation (done
with really nice Easy Install method) on a Raspberry Pi in my local
network without any contact to the internet. It's there so that ma
FritzBox router can send notification emails when it receives e.g. fax
documents. There the problems start.
User management is done in Citadel with it's built in user management. I
set up a user "fritzbox" and password "fritzbox" for the FritzBox so
that it can send emails. The FritzBox I configured to not use any kind
of encryption, so it's using SMTP over port 25. So far so good.
When the FritzBox tries to login, it's using the SMTP "AUTH LOGIN"
method. The login always fails. I did a capture and checked it with
wireshark:
220 raspberrypi.fritz.box ESMTP Citadel server ready.
EHLO fritzbox
250-Hello fritzbox (fritz.box [192.168.2.1])
250-HELP
250-SIZE 10485760
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME AUTH LOGIN
334 VXNlcm5hbWU6 ZnJpdHpib3g=
334 UGFzc3dvcmQ6 ZnJpdHpib3g=
535 Authentication failed.
QUIT
221 Goodbye...
So Citadel reports "535 Authentication failed." :-(
I checked the sources and there seems to be something wrong.
The password check is done in int CtdlTryPassword(const char *password,
long len)
In this piece of code:
else {
/* native auth mode */
char *pw;
pw = (char*) malloc(len + 1);
memcpy(pw, password, len + 1);
strproc(pw);
strproc(CCC->user.password);
code = strcasecmp(CCC->user.password, pw);
if (code != 0) {
strproc(pw);
strproc(CCC->user.password);
code = strcasecmp(CCC->user.password, pw);
}
free (pw);
}
Unfortunately the passed in string for the password at /CtdlTryPassword/
contains a trailing '>' from the BASE64 decoding. Now this password is
compared to the stored password and as expected it fails ...
In the function /int CtdlLoginExistingUser(const char *trythisname)/ for
handling the user name the string handling seems to be ok. There the
trailing '>' of the user name is removed:
safestrncpy(username, trythisname, sizeof (username));
striplt(username);
Is there anybody who can fix this in the password code?
Thanks in advance
Peter
The SMTP client is using "AUTH LOGIN" (sorry, some missing line breaks in my original message). This requires separated username and password transmission as you can see in my message. So the client encodes username and password separately. What you probably have in mind is "AUTH PLAIN" where both username and password are encoded together.
What I have seen while debugging is that after the BASE64 decoding of a string in Citadel, always a '>' character is appended in the resulting string. The username is handled correctly and the trailing '>' is removed before it is checked against the Citadel user database. But this is not done with the password when doing the "AUTH LOGIN".
So in the fix I did, I just remove this trailing '>' from the password before the password is checked against the Citadel user database.
To double check this you can create a user in Citadel with username and password "fritzbox", telnet into Citadel on port 25 and send the following strings:
EHLO fritzbox
AUTH LOGIN
ZnJpdHpib3g=
ZnJpdHpib3g=
Then you get the "535 Authentication failed."
With my fix it works.
Best regards,
Peter
Fri Jun 26 2020 17:09:52 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: Problems with SMTP loginI wonder if the SMTP dialog knows how to separate the strings.
So, I don't if is correct to send two encoded string in each line like in:
334 VXNlcm5hbWU6 ZnJpdHpib3g=In a command line, if I try to decode both I got errors
334 UGFzc3dvcmQ6 ZnJpdHpib3g=
$ echo "VXNlcm5hbWU6 ZnJpdHpib3g=" |base64 --decodeBut trying each string separated works:
Username:base64: invalid input
$ echo "VXNlcm5hbWU6" |base64 --decodeMaybe this kind of test can give you some more hints. This test works in
Username:
$ echo "ZnJpdHpib3g=" |base64 --decode
fritzbox
windows with telnet and it works. And I remember it works the equivalent
in Linux too.
c:>telnet relay.plus.net 25 <CR>Regards
220 relay.plus.net ESMTP Exim <today's date>
helo username.plus.com <CR>
250-<server>.plus.net Hello username.plus.com <ipaddress>
mail from: <email account>@username.plus.com <CR>
250 OK
rcpt to: <email account>@username.plus.com <CR>
250 Accepted
data <CR> [start data (email text) entry]
354 Please start mail input.
Date: 2 Jan 04 12:00:00
Subject: test email from SMTP
This is a test mail from the SMTP server <CR>
. <CR> [single dot on it's own terminates message text]
250 Mail queued for delivery.
Quit <CR>
221 Closing connection
On 6/25/20 6:11 AM, CitadelBeginner wrote:
Hi,
I'm quite new to Citadel. I'm running a Citadel 929 installation (done
with really nice Easy Install method) on a Raspberry Pi in my local
network without any contact to the internet. It's there so that ma
FritzBox router can send notification emails when it receives e.g. fax
documents. There the problems start.
User management is done in Citadel with it's built in user management. I
set up a user "fritzbox" and password "fritzbox" for the FritzBox so
that it can send emails. The FritzBox I configured to not use any kind
of encryption, so it's using SMTP over port 25. So far so good.
When the FritzBox tries to login, it's using the SMTP "AUTH LOGIN"
method. The login always fails. I did a capture and checked it with
wireshark:
220 raspberrypi.fritz.box ESMTP Citadel server ready.
EHLO fritzbox
250-Hello fritzbox (fritz.box [192.168.2.1])
250-HELP
250-SIZE 10485760
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIMEAUTH LOGIN
334 VXNlcm5hbWU6ZnJpdHpib3g=
334 UGFzc3dvcmQ6ZnJpdHpib3g=
535 Authentication failed.
QUIT
221 Goodbye...
So Citadel reports "535 Authentication failed." :-(
I checked the sources and there seems to be something wrong.
The password check is done in int CtdlTryPassword(const char *password,
long len)
In this piece of code:
else {
/* native auth mode */
char *pw;
pw = (char*) malloc(len + 1);
memcpy(pw, password, len + 1);
strproc(pw);
strproc(CCC->user.password);
code = strcasecmp(CCC->user.password, pw);
if (code != 0) {
strproc(pw);
strproc(CCC->user.password);
code = strcasecmp(CCC->user.password, pw);
}
free (pw);
}
Unfortunately the passed in string for the password at /CtdlTryPassword/
contains a trailing '>' from the BASE64 decoding. Now this password is
compared to the stored password and as expected it fails ...
In the function /int CtdlLoginExistingUser(const char *trythisname)/ for
handling the user name the string handling seems to be ok. There the
trailing '>' of the user name is removed:
safestrncpy(username, trythisname, sizeof (username));
striplt(username);
Is there anybody who can fix this in the password code?
Thanks in advance
Peter
OK from doing a comparison with 917 I can see that "CULL" has been removed as a manual command from modules/ctdlproto/serv_syscmds.c. And cdb_cull_logs() in database.c doesn't do anything now. But why? Now my server is just filling up with log files... There is a comment in database.c in 917 implying that Berkeley DB should be deleting the unneeded logs itself in future but that doesn't seem to be happening. Anyone got any ideas?
Sat Jun 20 2020 15:09:14 EDT from BenM @ Uncensored Subject: Is sendcommand "CULL" no longer supported?Hi,
I have upgraded to Citadel 929 Easy Install from 917 installed from .debs, due to upgrading the server to Debian Buster.
Up until now I have been using the "hot" backup method with a script that issues /usr/local/citadel/sendcommand "CULL" after the backup is complete. However, after the upgrade the log files are no longer being deleted.
root@myserver:~# /usr/local/citadel/sendcommand "CULL"
sendcommand: started (pid=25745) connecting to Citadel server at /usr/local/citadel/citadel-admin.socket
200 helium Citadel server ADMIN CONNECTION ready.
CULL
530 Unrecognized or unsupported command.
Can I just delete logs older than a certain date instead? Or did "CULL" have some other effect too?
Thanks,
Ben
I performed an easy install, but most the files from the documented file list do not appear.
I configured a room with the appropriate alias, but the server returns all email to that alias as undeliverable, user not found.
I manually created network/mail.alias, and restarted, but still no joy.
Any thoughts?
I manually created network/mail.alias, and restarted, but still no
mail.aliases is not supported in any modern version of Citadel. To add an alias for a user, edit the user's account and add more email addresses to the account.
Subject: Re: Is sendcommand "CULL" no longer supported?
OK from doing a comparison with 917 I can see that "CULL" has been removedas
a manual command from modules/ctdlproto/serv_syscmds.c. And cdb_cull_logs()
The CULL command has been deprecated for some time. You can now use the built-in configuration directive "automatically delete committed database logs". This is the default behavior, so unless you've changed it, you're already ok here.
If you are working in an environment where you want to back up all of the logs before deleting them, you can use the Berkeley DB utilities to accomplish the same thing. "db_archive -d" will do the same thing that the CULL server command used to do.
Documentation for the Berkeley DB utilities: [ https://docs.oracle.com/cd/E17275_01/html/api_reference/C/utilities.html ]
Subject: Re: Citadel unresponsive due to corrupted message
Jun 22 23:25:38 h2884472 citserver[1677]: msgbase: message 0 appears
to be corrupted
There is no "message 0" anywhere on a Citadel system. If you get that message it means that something fed a null message number into something else, no need to worry about that.
That didn't work either.
Sun Jun 28 2020 11:42:53 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Support request.I manually created network/mail.alias, and restarted, but still no
mail.aliases is not supported in any modern version of Citadel. To add an alias for a user, edit the user's account and add more email addresses to the account.
Sorry, I tried this, well for the room.
Subject: Re: Support request.
I create a room called "Sales".
In Thunderbird, with IMAP, using my account and subscribed to "Sales
floor", I get this structure:
My_account
|-Inbox
|-Sales_Floor
+|-info
|-kind1
|-kind2
|-kind3
Then I can send/read mails to/from room_info@, room_kind2@... and so on
Even here I can send mail to this "room.":
room_Citadel_Support@uncensored.citadel.org
So, you could e-mail to:
room_info@youdomain.com
Regards
On 6/29/20 1:01 PM, skenigma wrote:
Sun Jun 28 2020 11:42:53 EDT from IGnatius T Foobar @ Uncensored
Subject: Re: Support request.
I manually created network/mail.alias, and restarted, but still no
mail.aliases is not supported in any modern version of Citadel. To
add an alias for a user, edit the user's account and add more email
addresses to the account.
Sorry, I tried this, well for the room.
I can get mail at room_info@domain but I was looking to setup a mailing list that when someone mails info@domain it sends that message to several users (a shared mailbox works in a pinch, but not preferred)
Tue Jun 30 2020 12:12:44 EDT from "s3cr3to" <s3cr3to@uncensored.citadel.org> Subject: Re: Support request.Maybe this can works for you too.
So, you could e-mail to:
room_info@youdomain.com
Regards
On 6/29/20 1:01 PM, skenigma wrote:
Subject: Re: Support request.
account and using sieve filtering rules, then it redirected the emails
to the accounts that require it.
But there's a problem:
They don't always run the sieve rule (maybe it's just a problem in my
old version)
Maybe with this one the sieve rule works better, creating:
1) the "info@domain" account
2) the sieve rule that always forwards mail to room_info
3) the "room_info" to which your users have access (subscriptions)
So your users will see the emails in room_info and will see the email as
if it was sent to them.
Regards
On 6/30/20 3:14 PM, skenigma wrote:
I can get mail at room_info@domain but I was looking to setup a
mailing list that when someone mails info@domain it sends that message
to several users (a shared mailbox works in a pinch, but not preferred)
Tue Jun 30 2020 12:12:44 EDT from "s3cr3to"
<s3cr3to@uncensored.citadel.org> Subject: Re: Support request.
Maybe this can works for you too.
So, you could e-mail to:
room_info@youdomain.com
Regards
On 6/29/20 1:01 PM, skenigma wrote:
Thanks - thanks 'db_archive -d' should do the trick.
Sun Jun 28 2020 11:47:07 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Is sendcommand "CULL" no longer supported?OK from doing a comparison with 917 I can see that "CULL" has been removedas
a manual command from modules/ctdlproto/serv_syscmds.c. And cdb_cull_logs()
The CULL command has been deprecated for some time. You can now use the built-in configuration directive "automatically delete committed database logs". This is the default behavior, so unless you've changed it, you're already ok here.
If you are working in an environment where you want to back up all of the logs before deleting them, you can use the Berkeley DB utilities to accomplish the same thing. "db_archive -d" will do the same thing that the CULL server command used to do.
Documentation for the Berkeley DB utilities: [ https://docs.oracle.com/cd/E17275_01/html/api_reference/C/utilities.html ]
Subject: Correct place to set e-mail address aliases for users via webit?
Hi,
I am wondering what is the difference between 'Edit configuration -> Internet e-mail aliases' and 'Edit address book entry -> Internet e-mail aliases'? Both seem to work - at least some of the time - but if I set an alias in one place it is not reflected in the other.
IIRC 'Edit configuration -> Internet e-mail aliases' didn't exist in previous releases so most of my users have aliases set under 'Edit address book entry'.
Ben
Subject: Support for custom Sieve scripts to be discontinued in the next release
This is an important announcement that will hopefully have very little effect.
OWe've decided to discontinue our use of the "Sieve" inbox filtering language in Citadel. This is being done for compatibility reasons -- no one is maintaining the library that parses it, and it is becoming problematic in builds on various platforms.
Note that this does NOT mean we're discontinuing the inbox filters. We're just removing the ability for users to write their own Sieve scripts, which hopefully is a very rare practice.
** If you are using "inbox rules" in WebCit, your rules will be automatically upgraded to the new system. **
Subject: Re: Correct place to set e-mail address aliases for users via webit?
I am wondering what is the difference between 'Edit configuration -> Internet
e-mail aliases' and 'Edit address book entry -> Internet e-mail aliases'?
"Edit address book entry --> Internet e-mail aliases" is an administrator command to edit the Internet email addresses of any user on your system.
"Edit configuration --> Internet e-mail aliases" is a regular user level command to edit YOUR addresses.
Any way I can make easyinstall ignore the "checking for
sieve2_license in -lsieve... no" error and continue because it lloks
like libsieve is properly installed, just not the license file?
I'm not sure why the build would fail there, but one thing you can do is download the Easy Install script and the libSieve tarball and try to hack the script yourself. Not the answer you were probably looking for, but ---
If you've read a couple of messages above, you'll know that we've decided to abandon libSieve, because it's becoming old and problematic. Hopefully this will take care of your issue soon.
Subject: unable to log in to uncensored with my username
Hi IG... I am unable to log into the board with bennabiy because I think back in the day I used AIM auth, and it does not seem to be working anymore. Any way to recover that account?
Subject: Re: Correct place to set e-mail address aliases for users via webit?
Sorry, I am still a little confused. I was just referring to the options displayed under 'Administration --> Add, change, delete user accounts', beneath the list of users when logged in as the administrator.
The 'Edit configuration' option lets me set a password and access level for the user selected from the list, but there is also a box labelled 'Internet e-mail aliases' on that screen. Are you saying that this box refers to the current user (the admin), not the user selected from the list?
Thanks,
Ben
Fri Jul 03 2020 18:51:25 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Correct place to set e-mail address aliases for users via webit?I am wondering what is the difference between 'Edit configuration -> Internet
e-mail aliases' and 'Edit address book entry -> Internet e-mail aliases'?
"Edit address book entry --> Internet e-mail aliases" is an administrator command to edit the Internet email addresses of any user on your system.
"Edit configuration --> Internet e-mail aliases" is a regular user level command to edit YOUR addresses.