Yearly Archives: 2005

Serious bug found in starttls-2way-auth-20050127.patch and qregex-starttls-2way-auth-20050127.patch

It has been brought to my attention that there is a serious bug in these two combination patches. The bug can result in mail being lost in the event of a temporary (400 series) error occuring during mail delivery to a remote server. The bug can also prevent non-delivery notifications from being sent to the sender when a permanent (500 series) error occurs. These problems occur only when smtp authentication is not used when sending email. Receiving email is not impacted. Older versions of these patches may also be affected but I haven’t tested them to be sure. I’m currently testing new versions of my patches that correct this bug. If you are using any version of the qregex patch, then you’re safe. The bug only impacts my combination patches. If you want to help me test the fix, drop me a line.

New Release Candidate versions of courierpassd, courierpasswd, and courieruserinfo now available for testing!

I’ve rewritten my utilities to work with the new Courier authentication library. As such, these versions won’t work with Courier software that doesn’t use the library; that means nothing below Courier 0.48, Courier-IMAP 4.0, or SqWebMail 5.0. Try them out and let me know how it goes. Just follow the Downloads link to find them.

starttls-2way-auth and qregex-starttls-2way-auth patches updated, again

These patches now include James Raftery’s canonicalised-recipient-logging patch. I also noticed that the qmail-remote_authenticated_smtp patch prevents qmail-remote from logging the results of an smtp conversation when authentication isn’t used. I’ve modified the patch to allow qmail-remote to do it’s normal logging. See the patch for more details.