Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Devel

SPF vulnerability

 

 

SPF devel RSS feed   Index | Next | Previous | View Threaded


open_mind_core at yahoo

Mar 20, 2009, 1:42 AM

Post #1 of 12 (7025 views)
Permalink
SPF vulnerability

 Hi,
 
 We were using libspf2 (1.0.2) in our product for anti-spam
 functionality on windows platform. Now, we want to upgrade to the
 latest version (1.2.9) to get the fixes for the vulnerabilities
 uncovered recently. For this, we are trying to compile the latest
 version for windows , but we see a lot of errors - some data types
 used in spf_dns_windns.c seem to be missing.
 
Is there any workaround for this to proceed further?

Thanks,
Karan



Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Mar 20, 2009, 5:14 AM

Post #2 of 12 (6808 views)
Permalink
Re: SPF vulnerability [In reply to]

On Fri, 20 Mar 2009 14:12:46 +0530 (IST) karan pott <open_mind_core [at] yahoo> wrote:
> Hi,

> We were using libspf2 (1.0.2) in our product for anti-spam
> functionality on windows platform. Now, we want to upgrade to the
> latest version (1.2.9) to get the fixes for the vulnerabilities
> uncovered recently. For this, we are trying to compile the latest
> version for windows , but we see a lot of errors - some data types
> used in spf_dns_windns.c seem to be missing.

>Is there any workaround for this to proceed further?
>

I know that 1.2 is not fully backward compatible with 1.0 and one should expect to have to do some porting work. I 'm not sure if that's related.

Additionally, none of the developers are Windows users, so it wouldn't suprise me to find that was less well tested and had some things that needed fixing.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


open_mind_core at yahoo

Apr 3, 2009, 12:53 AM

Post #3 of 12 (6756 views)
Permalink
Re: SPF vulnerability [In reply to]

Thanks Scott,

Okay. I got it. Porting needs to be done for Windows. In case I like to offer my effort for this, can you please let me know what process do I have to follow for my code to be included into libspf2?

Thanks and Regards,
Karunakar






________________________________
From: Scott Kitterman <scott [at] kitterman>
To: spf-devel [at] v2
Sent: Friday, 20 March, 2009 5:44:14 PM
Subject: Re: [spf-devel] SPF vulnerability

On Fri, 20 Mar 2009 14:12:46 +0530 (IST) karan pott <open_mind_core [at] yahoo> wrote:
> Hi,
>
> We were using libspf2 (1.0.2) in our product for anti-spam
> functionality on windows platform. Now, we want to upgrade to the
> latest version (1.2.9) to get the fixes for the vulnerabilities
> uncovered recently. For this, we are trying to compile the latest
> version for windows , but we see a lot of errors - some data types
> used in spf_dns_windns.c seem to be missing.
>
>Is there any workaround for this to proceed further?
>

I know that 1.2 is not fully backward compatible with 1.0 and one should expect to have to do some porting work. I 'm not sure if that's related.

Additionally, none of the developers are Windows users, so it wouldn't suprise me to find that was less well tested and had some things that needed fixing.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com



Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


spf at jubileegroup

Apr 4, 2009, 2:33 AM

Post #4 of 12 (6749 views)
Permalink
Re: SPF vulnerability [In reply to]

Hi there,

On Fri, 3 Apr 2009, karan pott wrote:

> Okay. I got it. Porting needs to be done for Windows. In case I like
> to offer my effort for this, can you please let me know what process
> do I have to follow for my code to be included into libspf2?

Sorry I'm late into this thread.

Of course you might need to look at how your development environment
suports open source :) but I think most of the changes will be because
of the SPF library API change and will not be in libspf2 itself.

If it will help, I can show you the changes that I had to make to
spf-milter to get it to run with the latest libspf2. They are fairly
extensive, but not difficult. I still need to do some testing, but
the milter has now been working OK for several months on two fairly
lightly loaded mail servers.

--

73,
Ged.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


open_mind_core at yahoo

Apr 6, 2009, 4:17 AM

Post #5 of 12 (6729 views)
Permalink
Re: SPF vulnerability [In reply to]

Hi,

I must admit, I feel encouraged with the response I am receiving on this. Very special thanks to all :)

Hi G.W. Haywood,
Thanks for your inputs and offer to help. I am really afraid that I did not see spf-milter while browsing through the code.

Now updates from my side on the topic...
A confession... from the initial look, I feel mesmerized when I look at the changes relative to 1.0.2. version. I have started working on making it porting for Windows.

I am afraid I did not understand all the changes and what are all the changes need to be done to make libspf2 work on Windows. However, I am trying to use a bit of common sense to make it work on Windows.

What I desperately need is someone who can review my source code and give me feedback and also a person with whom I can interact with as a guide for me.






________________________________
From: G.W. Haywood <spf [at] jubileegroup>
To: spf-devel [at] v2
Sent: Saturday, 4 April, 2009 3:03:52 PM
Subject: Re: [spf-devel] SPF vulnerability

Hi there,

On Fri, 3 Apr 2009, karan pott wrote:

> Okay. I got it. Porting needs to be done for Windows. In case I like
> to offer my effort for this, can you please let me know what process
> do I have to follow for my code to be included into libspf2?

Sorry I'm late into this thread.

Of course you might need to look at how your development environment
suports open source :) but I think most of the changes will be because
of the SPF library API change and will not be in libspf2 itself.

If it will help, I can show you the changes that I had to make to
spf-milter to get it to run with the latest libspf2. They are fairly
extensive, but not difficult. I still need to do some testing, but
the milter has now been working OK for several months on two fairly
lightly loaded mail servers.

--

73,
Ged.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com



Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


open_mind_core at yahoo

Apr 9, 2009, 11:34 PM

Post #6 of 12 (6698 views)
Permalink
Re: SPF vulnerability [In reply to]

Hi Shevek,

I have spent a bit of effort to make libspf2 1.2.9 to be compilable on Windows with Visual Studio 2005. However, while testing I figured out that (libspf2-1.2.9\src\libspf2\spf_server.c : 350) had the statement which made SPF_dns_lookup fail with DNSTIMEOUT rather that the return codes being checked for.

But when I modified the code to (rr_type = ns_t_txt), it started working okay. I would like to confirm that, is there something missing from the original code or my change is okay.

Another important thing I like to know is that once I am done with my porting effort, I would like to submit my code. Can you please guide how and what the procedure is and How I can get my source code reviewed.

Thanks and Regards,
Karan.




________________________________
From: karan pott <open_mind_core [at] yahoo>
To: spf-devel [at] v2
Sent: Friday, 3 April, 2009 1:23:54 PM
Subject: Re: [spf-devel] SPF vulnerability


Thanks Scott,

Okay. I got it. Porting needs to be done for Windows. In case I like to offer my effort for this, can you please let me know what process do I have to follow for my code to be included into libspf2?

Thanks and Regards,
Karunakar






________________________________
From: Scott Kitterman <scott [at] kitterman>
To: spf-devel [at] v2
Sent: Friday, 20 March, 2009 5:44:14 PM
Subject: Re: [spf-devel] SPF vulnerability

On Fri, 20 Mar 2009 14:12:46 +0530 (IST) karan pott <open_mind_core [at] yahoo> wrote:
> Hi,
>
> We were using libspf2 (1.0.2) in our product for anti-spam
> functionality on windows platform. Now, we want to upgrade to the
> latest version (1.2.9) to get the fixes for the vulnerabilities
> uncovered recently. For this, we are trying to compile the latest
> version for windows , but we see a lot of errors - some data types
> used in spf_dns_windns.c seem to be missing.
>
>Is there any workaround for this to proceed further?
>

I know that 1.2 is not fully backward compatible with 1.0 and one should expect to have to do some porting work. I 'm not sure if that's related.

Additionally, none of the developers are Windows users, so it wouldn't suprise me to find that was less well tested and had some things that needed fixing.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com

________________________________
Add more friends to your messenger and enjoy! Invite them now.

________________________________

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives


Check out the all-new Messenger 9.0! Go to http://in.messenger.yahoo.com/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


spf at anarres

Apr 16, 2009, 3:40 AM

Post #7 of 12 (6686 views)
Permalink
Re: SPF vulnerability [In reply to]

On Fri, 2009-04-10 at 12:04 +0530, karan pott wrote:
> Hi Shevek,
>
> I have spent a bit of effort to make libspf2 1.2.9 to be compilable on
> Windows with Visual Studio 2005. However, while testing I figured out
> that (libspf2-1.2.9\src\libspf2\spf_server.c : 350) had the statement
> which made SPF_dns_lookup fail with DNSTIMEOUT rather that the return
> codes being checked for.
>
> But when I modified the code to (rr_type = ns_t_txt), it started
> working okay. I would like to confirm that, is there something missing
> from the original code or my change is okay.
>
> Another important thing I like to know is that once I am done with my
> porting effort, I would like to submit my code. Can you please guide
> how and what the procedure is and How I can get my source code
> reviewed.

Sure, just email me a patch, and if it looks sane I'll throw it in. I
suspect it's very likely to look sane, since you obviously know what
you're talking about.

S.




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


spf at anarres

Apr 16, 2009, 3:42 AM

Post #8 of 12 (6689 views)
Permalink
Re: SPF vulnerability [In reply to]

On Fri, 2009-03-20 at 14:12 +0530, karan pott wrote:
> Hi,
>
> We were using libspf2 (1.0.2) in our product for anti-spam
> functionality on windows platform. Now, we want to upgrade to the
> latest version (1.2.9) to get the fixes for the vulnerabilities
> uncovered recently. For this, we are trying to compile the latest
> version for windows , but we see a lot of errors - some data types
> used in spf_dns_windns.c seem to be missing.
>

Indeed, none of us have a windows system so we can only guess blind,
which isn't much fun. Patches from someone who does have a copy of
windows and a compiler are VERY welcome, I've tried to talk a few people
into it with little success so far.

S.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


open_mind_core at yahoo

Apr 16, 2009, 8:46 PM

Post #9 of 12 (6681 views)
Permalink
Re: SPF vulnerability [In reply to]

Thanks Shevek, Here is the modified file. the change is at line 350, Please let me know if you have any comments.

Thanks and Regards,
Karan.




________________________________
From: Shevek <spf [at] anarres>
To: spf-devel [at] v2
Cc: karan pott <open_mind_core [at] yahoo>
Sent: Thursday, 16 April, 2009 4:10:54 PM
Subject: Re: [spf-devel] SPF vulnerability

On Fri, 2009-04-10 at 12:04 +0530, karan pott wrote:
> Hi Shevek,
>
> I have spent a bit of effort to make libspf2 1.2.9 to be compilable on
> Windows with Visual Studio 2005. However, while testing I figured out
> that (libspf2-1.2.9\src\libspf2\spf_server.c : 350) had the statement
> which made SPF_dns_lookup fail with DNSTIMEOUT rather that the return
> codes being checked for.
>
> But when I modified the code to (rr_type = ns_t_txt), it started
> working okay. I would like to confirm that, is there something missing
> from the original code or my change is okay.
>
> Another important thing I like to know is that once I am done with my
> porting effort, I would like to submit my code. Can you please guide
> how and what the procedure is and How I can get my source code
> reviewed.

Sure, just email me a patch, and if it looks sane I'll throw it in. I
suspect it's very likely to look sane, since you obviously know what
you're talking about.

S.




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com



Connect with friends all over the world. Get Yahoo! India Messenger at http://in.messenger.yahoo.com/?wm=n/
Attachments: spf_server.c (12.4 KB)


open_mind_core at yahoo

Apr 16, 2009, 8:48 PM

Post #10 of 12 (6690 views)
Permalink
Re: SPF vulnerability [In reply to]

Thanks Shevek, Here is the modified file. the change is at line 350, Please let me know if you have any comments.

Thanks and Regards,
Karan.



________________________________
From: Shevek <spf [at] anarres>
To: spf-devel [at] v2
Cc: karan pott <open_mind_core [at] yahoo>
Sent: Thursday, 16 April, 2009 4:10:54 PM
Subject: Re: [spf-devel] SPF vulnerability

On Fri, 2009-04-10 at 12:04 +0530, karan pott wrote:
> Hi Shevek,
>
> I have spent a bit of effort to make libspf2 1.2.9 to be compilable on
> Windows with Visual Studio 2005. However, while testing I figured out
> that (libspf2-1.2.9\src\libspf2\spf_server.c : 350) had the statement
> which made SPF_dns_lookup fail with DNSTIMEOUT rather that the return
> codes being checked for.
>
> But when I modified the code to (rr_type = ns_t_txt), it started
> working okay. I would like to confirm that, is there something missing
> from the original code or my change is okay.
>
> Another important thing I like to know is that once I am done with my
> porting effort, I would like to submit my code. Can you please guide
> how and what the procedure is and How I can get my source code
> reviewed.

Sure, just email me a patch, and if it looks sane I'll throw it in. I
suspect it's very likely to look sane, since you obviously know what
you're talking about.

S.


Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Attachments: spf_server.c (12.4 KB)


open_mind_core at yahoo

Apr 21, 2009, 3:44 AM

Post #11 of 12 (6663 views)
Permalink
Re: SPF vulnerability [In reply to]

Hi Shevek,

I have made all the necessary changes to libspf2 (1.2.9) to port it to Windows. It has been tested on Windows also. I like to submit my changes to be included as part of the official download. Can you please let me know I can go about this?

Thanks,
Karan




________________________________
From: karan pott <open_mind_core [at] yahoo>
To: Shevek <spf [at] anarres>; spf-devel [at] v2
Sent: Friday, 17 April, 2009 9:18:40 AM
Subject: Re: [spf-devel] SPF vulnerability


Thanks Shevek, Here is the modified file. the change is at line 350, Please let me know if you have any comments.

Thanks and Regards,
Karan.



________________________________
From: Shevek <spf [at] anarres>
To: spf-devel [at] v2
Cc: karan pott <open_mind_core [at] yahoo>
Sent: Thursday, 16 April, 2009 4:10:54 PM
Subject: Re: [spf-devel] SPF vulnerability

On Fri, 2009-04-10 at 12:04 +0530, karan pott wrote:
> Hi Shevek,
>
> I have spent a bit of effort to make libspf2 1.2.9 to be compilable on
> Windows with Visual Studio 2005. However, while testing I figured out
> that (libspf2-1.2.9\src\libspf2\spf_server.c : 350) had the statement
> which made SPF_dns_lookup fail with DNSTIMEOUT rather that the return
> codes being checked for.
>
> But when I modified the code to (rr_type = ns_t_txt), it started
> working okay. I would like to confirm that, is there something missing
> from the original code or my change is okay.
>
> Another important thing I like to know is that once I am done with my
> porting effort, I would like to submit my code. Can you please guide
> how and what the procedure is and How I can get my source code
> reviewed.

Sure, just email me a patch, and if it looks sane I'll throw it in. I
suspect it's very likely to look sane, since you obviously know what
you're talking about.

S.



________________________________
Add more friends to your messenger and enjoy! Invite them now.


Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! Edition http://downloads.yahoo.com/in/firefox/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


gerberb at zenez

Apr 21, 2009, 11:11 AM

Post #12 of 12 (6662 views)
Permalink
Re: SPF vulnerability [In reply to]

On Tue, 21 Apr 2009, karan pott wrote:
> I have made all the necessary changes to libspf2 (1.2.9) to port it to
> Windows. It has been tested on Windows also. I like to submit my changes
> to be included as part of the official download. Can you please let me
> know I can go about this?

Most project I work with post a unified diff to the list with the changes.

Where I do not do windows, I do not know what tools maybe available to
you. I have heard the mysys has tools or gnu tools for windows. I know
that a diff would be nice for this. That way I could test your changes to
make sure they do not break anything on the OS's I use.

--
Boyd Gerber <gerberb [at] zenez> 801 849-0213
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1007/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com

SPF devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.