• Mailer CRAM-MD5 handshake

    From Alan Ianson@1:153/757 to Kim Heino on Mon Feb 11 14:10:08 2019
    Hello Kim,

    Thank you for the new BBBS 4.10 Toy-4. It is working well for me.. :)

    I wonder if you have considered adding support for a CRAM-MD5 handshake in the binkp mailer? I think that would be a goodthing(TM).

    I have also noticed that when a file is received by the mailer and there is already a file with that name in the inbound the original file is overwritten by the new one. That is not a goodthing(TM). Would it be possible to rename a file when received if a file by that name already exists in the inbound?

    I know that BBBS does not do that but we have no control over what filename nodes are sending us.

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Andrew Leary@1:320/219 to Kim Heino on Sat Feb 16 07:03:46 2019
    Hello Kim!

    16 Feb 19 13:32, you wrote to Alan Ianson:

    I wonder if you have considered adding support for a CRAM-MD5
    handshake in the binkp mailer? I think that would be a
    goodthing(TM).

    Hashed passwords are always ReallyGoodThing(tm). I have to read latest BinkP specs and I'll see then...

    http://ftsc.org/docs/fts-1027.001 should tell you what you need to know.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Kim Heino@2:222/2 to Alan Ianson on Sat Feb 16 13:32:56 2019
    I wonder if you have considered adding support for a CRAM-MD5 handshake
    in the binkp mailer? I think that would be a goodthing(TM).

    Hashed passwords are always ReallyGoodThing(tm). I have to read latest BinkP specs and I'll see then...

    I have also noticed that when a file is received by the mailer and there is already a file with that name in the inbound the original file is overwritten by the new one. That is not a goodthing(TM). Would it be possible to rename a file when received if a file by that name already exists in the inbound?

    Yes, that's true. Usually you process incoming files immediately so the attack vector is quite short lived. This is especially important for incoming mail, as
    file names could be predictable. Rename would be a good thing, as long as partially received files are deleted if connection is lost.

    For the reference, my scripts/gotmail.bz is:

    int main()
    {
    char flag_name;
    int f;

    flag_name = sprintf("%sgotmail.flg", bg_tempdir);
    f = fopen(flag_name, "wb");
    if (f !=- 1)
    fclose(f);
    }

    And I run following from my crontab:

    #!/bin/sh

    # incoming fido
    if [ -f work/gotmail.flg ]; then
    rm -f work/gotmail.flg
    ./bbbs bogus w > /dev/null 2>&1
    ./bbbs btick > /dev/null 2>&1
    touch work/rescan.2
    fi

    # outgoing fido
    if [ -f work/usermail.flg ]; then
    rm -f work/usermail.flg
    ./bbbs bogus a > /dev/null 2>&1
    touch work/rescan.2
    fi

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: * BCG-Box, On The Air Since 11th February 1987! * (2:222/2)
  • From Alan Ianson@1:153/757 to Kim Heino on Sat Feb 16 16:04:30 2019
    Hello Kim,

    Hashed passwords are always ReallyGoodThing(tm). I have to read latest BinkP specs and I'll see then...

    Great, thank you for looking into that.. :)

    For the reference, my scripts/gotmail.bz is:

    Thank you for that also, thank looks better than what Ive been using. I'm going
    to put that in place here in the next little bit.

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)