Subject: Developers of Sympa
List archive
- From: Olivier Salaun <address@concealed>
- To: Sergiy Zhuk <address@concealed>
- Cc: sympa-dev <address@concealed>
- Subject: Re: [sympa-dev] smtp check patch for 3.3b4
- Date: Mon, 19 Nov 2001 14:49:54 +0100
Hi,
Sergiy Zhuk wrote:
> Attached is a patch to allow sympa to check if the alias with the same name
> as the list you're gonna create already exists on your smtp server.
> It's robot specific, i.e. you can specify a different smtp server for every
> virtual host you're running.
> This is needed if you're running sympa or somehost.foo.org, but you handle
> all your mail on a separate mail relay, so addresses look like address@concealed,
> rather than address@concealed.
> To use the feature, you should define the following options in sympa.conf
> or in robots.conf:
>
> list_check_smtp smtp.foo.bar
> list_check_suffixes request,owner,unsubscribe
>
> The first one is the name of your smtp relay, the second one is a
> comma-separated list of admin suffixes you're using for sympa aliases, i.e.
> list-request, list-owner etc...
We have integrated your patch in the current development version of Sympa,
with just a few changes :
o lowered SMTP timeout from '300' to '30' sec.
It is far enough for a CGI that requires good perfs
o set 'list_check_suffixes' default to 'request,owner,unsubscribe'
o turned 'use Net::SMTP' to 'require Net::SMTP', allowing
to catch an error ; otherwise wwsympa.fcgi would die if Net::SMTP
is not installed
o Add 'Net::SMTP' to check_perl_modules.pl
Could you provide documentation (see sympa.tex.tpl) for this new feature.
> I also have 2 questions:
>
> 1. why do you make passwords case insensitive ?
We had many problems with our subscribers, concerning case-sensitive
passwords.
Sympa should not lowecase it before DB insertion though ; I just changed this.
> 2. why do you hint password guessers by telling them the part of the
> password they've entered was correct ?
You're right, this allows to guess anybody's password.
We've removed this from CVS ; we'll distribute a security fix for it.
Thanks for your contribution.
--
Olivier Salaün
Comité Réseau des Universités
-
smtp check patch for 3.3b4,
Sergiy Zhuk, 11/17/2001
-
Re: [sympa-dev] smtp check patch for 3.3b4,
Olivier Salaun, 11/19/2001
-
Re: [sympa-dev] smtp check patch for 3.3b4,
Sergiy Zhuk, 11/20/2001
- Re: [sympa-dev] smtp check patch for 3.3b4, Olivier Salaun, 11/20/2001
-
Re: [sympa-dev] smtp check patch for 3.3b4,
Sergiy Zhuk, 11/20/2001
-
Re: [sympa-dev] smtp check patch for 3.3b4,
Olivier Salaun, 11/19/2001
Archive powered by MHonArc 2.6.19+.