# Maildrop updated after a little false alarm ;-)

## miroR

Retitleling this topic (on: 2015-09-27 15:30+02:00) to:

Maildrop updated after a little false alarm  :Wink: 

---

Since (little, not much at all) unclarity (to me) remains, I retitled this topic to:

2yrs old maildrop still in portage, OK?

---

The initial title (but I may change it if some of my understanding proves wrong):

use-after-free bug maildrop still in portage 

---

If you go and try to find my todays email at:

courier-maildrop — Discussion of the maildrop filter (formerly maildropl@listbot.com)

http://sourceforge.net/p/courier/mailman/courier-maildrop/?viewmonth=201508

and it remains accessible there, then I might remove it from below where it is now.

But first: Pls. don't blame me for not seeing it there, if it is indeed there. There have been occasions when my provider served cached old pages to me for a significant number of hours:

Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion

https://forums.gentoo.org/viewtopic-t-999436.html#7747902

Thanks!

---

adapted to easier reading in PhpBB forums.

---

 *Miroslav Rovis wrote:*   

> From: miro.rovis@croatiafidelis.hr
> 
> To: courier-maildrop@lists.sourceforge.net
> 
> Cc: 
> ...

 Last edited by miroR on Sun Sep 27, 2015 1:31 pm; edited 4 times in total

----------

## miroR

Exactly the reason I posted on the forums first, is, aside from being limited in strength to work from minor ailments, for other of you users, esp. more advanced than me, to check on this.

And, just as I wrote, if anyone feels willing to post a bug themselves, great! Thanks for releaving me from doing it. Just post a note about the bug here, pls!

Regards!

EDIT 2015-08-27 13:19+02:00 :

Re: [maildropl] New releases of courier packages.

From: <miro.rovis@cr...> - 2015-08-27 09:18:40 

http://sourceforge.net/p/courier/mailman/message/34409915/

now there (or now there for me too)!

EDIT END

----------

## miroR

I hope I won't get too much flac.

I really expressed very loudly and kindly all my reservations and uncertainties on my findings.

And, just as I wrote on the Courier-Maildrop list,

http://sourceforge.net/p/courier/mailman/message/34410651/

where I emailed...

(and lo and behold, all of a sudden the mail is not lost, but appears promptly, so it can be mailed without snags by my dear --in the North-Korean-way-- provider ... Why not always, withoiut filtering and things...? And why not all mail? Where's the mail by Wireshark to admit me to the ML? How many more hours for that do I have to wait?)

where I emailed:

 *Quote:*   

> 
> 
> I was mostly wrong, and I'm glad I found out myself that I was.  In
> 
> short, my ~/.mailfilter calls /usr/bin/mail upon creating new folders,
> ...

 

where I mean this Gentoo Forum topic you are reading.

Read more there, and in the topic that I will open on Grsecurity Forums, as I owe it now to whoever read this.

----------

## miroR

The explanaitioo...

I need to fix RBAC policy for maildrop

http://forums.grsecurity.net/viewtopic.php?f=5&t=4260

and with that, I believe the issue is closed, other then for Grsecurity Forums, where I have no hurry any longer.

Regards!

EDIT: Edited just after finishing off the necessary part for understanding of this topic. and Maildrop thread, on the Grsec Forums.

No need though, to reply to unconstructive comments if any more come along... I really did my best, and meant only good. And fixed what I vaguely, and with all the reservations, supposed erroneosly. Thanks!Last edited by miroR on Thu Aug 27, 2015 4:38 pm; edited 1 time in total

----------

## krinn

I must say i'm surprise you have just put a link to it.

I was expecting 10 quotes + 6 links to themselves, some other gentoo thread you've done, and whatever other maillist you have trash with the same kind content.

(but i see grsecurity.net thread didn't get as lucky)

----------

## steveL

IDK man, as soon as I saw: 

```
mail: /usr/sbin/sendmail: Permission denied
```

 it seemed obvious to me that the problem was at your end.

You've got to start picking up on those nuggets, before you start spamming mailing-lists etc.

----------

## miroR

 *krinn wrote:*   

> I must say i'm surprise you have just put a link to it.
> 
> I was expecting 10 quotes + 6 links to themselves, some other gentoo thread you've done, and whatever other maillist you have trash with the same kind content.
> 
> (but i see grsecurity.net thread didn't get as lucky)

 

Also the reply below goes for the above comment.

 *steveL wrote:*   

> IDK man, as soon as I saw: 
> 
> ```
> mail: /usr/sbin/sendmail: Permission denied
> ```
> ...

 

I will be close to obvious to me the next time, it is getting closer, by any new experience like this one (and another costly one it is).

 *steveL wrote:*   

> You've got to start picking up on those nuggets, before you start spamming mailing-lists etc.

 

Dear steveL, it looked obvious to you, but it did not look obvious to me in a few repeated circumstances like this, at different periods during the last few months, maybe four months.

And also, it looked obvious to you, but how come, and the mailing list is read worldwide, because the FOSS linux is used worldwide, how come, and you know people like to show their cleverness, nobody said nothing from anywhere for, maybe I could even try and take a look for how long... but surely for quite a pretty high number of hours...

No, this did look also like possibly something else as well... And I'm kind of glad that, sadly with such long research only, I was able to figure it out on my own.

IMO, but you don't have to agree, and neither do you have the right to request that I agree with you, IMO this would only have been spam, if it were totally useless (or at least somewhat malicious) and if there was at least a minimal inrespectful (or unbecoming) intention towards the Gentoo community on my part.

And there is no disrespect here, and there is certainly no malicious intention here either.

Why not, if you see so well (and I sure admit you are much more advanced than me), tell the readers how come there is no need to update maildrop, in the light of all the above, instead? The question about it still remains. Sam Varchavchik's report has the package maildrop in the subject as well.

Regards!

----------

## steveL

 *miroR wrote:*   

> And also, it looked obvious to you, but how come, and the mailing list is read worldwide, because the FOSS linux is used worldwide, how come, and you know people like to show their cleverness, nobody said nothing from anywhere

 

That's because you're spamming, and it's impossible to find out what the exact problem might be, because we don't just have to filter out log-noise, we have to try and get our heads around whatever diatribe you're rambling on about this time, or we'll miss the odd nugget of information.

And ofc, you have no time left after writing these massively long posts and emails, as you keep stating, while never quite connecting the two ideas.

 *Quote:*   

> Why not, if you see so well (and I sure admit you are much more advanced than me), tell the readers how come there is no need to update maildrop, in the light of all the above, instead? The question about it still remains.

 

Honestly I've tried my best to see what was up in this and another of your posts, but I gave up after half-an-hour, coming away with nfc what you were talking about, beyond the usual "something doesn't work, it must be a conspiracy down to X, Y or Z (see my linked thread here, which I'll now discuss for a few paragraphs.)"

Try editing for brevity, instead of comprehensiveness.

In your case, it's very much needed.

----------

## miroR

 *steveL wrote:*   

>  *miroR wrote:*   And also, it looked obvious to you, but how come, and the mailing list is read worldwide, because the FOSS linux is used worldwide, how come, and you know people like to show their cleverness, nobody said nothing from anywhere 
> 
> That's because you're spamming, and it's impossible to find out what the exact problem might be, because we don't just have to filter out log-noise, we have to try and get our heads around whatever diatribe you're rambling on about this time, or we'll miss the odd nugget of information.
> 
> And ofc, you have no time left after writing these massively long posts and emails, as you keep stating, while never quite connecting the two ideas.
> ...

 

Read. Thanks for your opinion. BTW, I just mentioned you in:

dbus impositioners? or something else?

https://forums.gentoo.org/viewtopic-t-1027802.html#7809350

Regards!

----------

## miroR

How about this, fellow FOSS enthusiast steveL, if you're reading (as I hope you do)...

How about this:

```

# emerge -s maildrop                                                                    

[ Results for search key : maildrop ]

Searching...

*  mail-filter/maildrop

      Latest version available: 2.8.3

      Latest version installed: 2.8.3

      Size of files: 1,946 KiB

      Homepage:      http://www.courier-mta.org/maildrop/

      Description:   Mail delivery agent/filter

      License:       GPL-3

[ Applications found : 1 ]

```

And, alslo, it's probably better in other readers' boxen, but in mine, based on portage snapshot:

```

# ls -l /usr/portage/distfiles/portage-20150923.tar.xz*

-rw-r--r-- 1 root root 58155632 2015-09-24 02:46 /usr/portage/distfiles/portage-20150923.tar.xz

-rw-r--r-- 1 root root      819 2015-09-24 02:55 /usr/portage/distfiles/portage-20150923.tar.xz.gpgsig

-rw-r--r-- 1 root root       58 2015-09-24 02:55 /usr/portage/distfiles/portage-20150923.tar.xz.md5sum

```

the new maildrop was, on the day before yesterday, never in the Changelog, yet:

```

# head -10 /usr/portage/mail-filter/maildrop/ChangeLog 

# ChangeLog for mail-filter/maildrop

# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2

# $Header: /var/cvsroot/gentoo-x86/mail-filter/maildrop/ChangeLog,v 1.142 2012/12/04 12:09:40 eras Exp $

  04 Dec 2012; Eray Aslan <eras@gentoo.org>

  -files/maildrop-2.5.4-reformime.patch, -maildrop-2.5.5-r1.ebuild:

  remove old

  01 Dec 2012; Raúl Porcel <armin76@gentoo.org> maildrop-2.6.0.ebuild:

  alpha/ia64/s390/sh/sparc stable wrt #441350

```

(which suggests it was done in some rush...

So, maybe, all in all, not spam, but more likely a useful topic this one (and it really was sincere and with too good intent to be qualified as spam, had this topic even not been useful).

What do you think? But it's not important to delve on it. I just wanted to point out we have the new Maildrop now in portage.  Kudos to our devs!

Regards!

----------

## steveL

 *miroR wrote:*   

> I just wanted to point out we have the new Maildrop now in portage.

 

Oh, is that what you mean.. yay. ;-)

One thing: why does getmail entail sendmail?

----------

## miroR

 *steveL wrote:*   

>  *miroR wrote:*   I just wanted to point out we have the new Maildrop now in portage. 
> 
> Oh, is that what you mean.. yay. 
> 
> One thing: why does getmail entail sendmail?

 

No, it's not getmail that entails sendmail, but the maildrop that my getmail is configured to hand over each mail upon each fetch to.

And everything entails sendmail that sends mail, IIUC. Even mailx, I think, sends via, be it genuine, or, say, postfix's, sendmail.

Postfix's sendmail, the binary, is named so for compatibility with the old, the original, sole at its time, sendmail, and other binaries follow such rule, I think [color]mailq[/color], IIUC...

IIUC. Because you know I sometimes end up with accepting wrong assumptions, and then you have to dig in among my huge verbiage for the nuggets of true information  :Wink:  So: IIUC.

If you go, and look up the linked grsecurity copic.... Aaah, wait... Here:

I need to fix RBAC policy for maildrop 

http://forums.grsecurity.net/viewtopic.php?f=5&t=4260

( this link already in some previous post )

If you go, and look up the linked grsecurity topic, all is there, all the binaries, when there were called, why, and a lot more. That's just one aspevt of grsecurity, brothers in *nix. We need it, we the poor users of the world (poor in the... since 1/3 of the U.S Congress is Catholic, like me, and probably more than 2/3 are Christian believers, I hope I can say: poor in the Gopel sense of the world  :Wink:  )

then you should be able to find out, as there is the /usr/bin/mail command that calls sendmail. I am busy on the TLS decryption that I always thought on the verge of being impossible other than for the Octopuses like Schmoog (y'know: the Schmoogle)... but, and I have to admit there must be some good ole guard still there in Mozilla, because it is possible for poor users like me, in all sessions online, with Firefox...

EDIT 2015-09-26 22:42+02:00:

The part about the Mozilla old guard and the Schmoog the spies and political follow-up on Moziilla, which is only my theory, is more clearly rephrasedt, and should be replied over in its own topic, pleass:

TLS (SSL) tcp stream decoding in your traffic dumps?

https://forums.gentoo.org/viewtopic-t-1029408.html#7820140

EDIT END

(

And surely the Schmoog follows suit with their Chrome... Y'know, just like the Schmoog was the one that, at the same time as the true discoverers of the Heartbleed bug --can't go in search for links, too busy--  decided that it needs to be one of the discoverers too...

I'll allow it here: [I]f [I] [U]nderstand [C]orrectly. Not for the Heartbleed. That is hardly a matter for discussion. The Schmoog knows more than anyone. Even more that those who they serve painstakingly straning their looks to appear innocent from mass surveillance for them: the NSA... 

But IIUC on the Chrome following suit after old guard Mozilla devs apparenty decided to work for the users, for the true interests of the users. And to you goes my gratitude for opening up the TLS traffic for us, old guard Mozilla, IIUC.

)

I'm talking about:

TLS (SSL) tcp stream decoding in your traffic dumps?

https://forums.gentoo.org/viewtopic-t-1029408.html

where the world thought unknown to me, and surely not just me, has slowly being opening to me now.

Keep up the passion for free software, brother in *nix! I hope so much people

like you fix KDE, or fork something better, but non-dbus, out of it.

----------

