For non-authenticated SMTP clients, if the "From:" header field contains a "name" which appears to be an email address (i.e. it has an '@' in it), and that address does not match the *actual* address in the "From:" field, reject the mail with an error message about the forged/mismatched address.

I noticed that when executing an external JS with the new "Use Shell / New Context" option set to "Yes", that any expressions (strings) installed via js.on_exit() were not being executed upon exit from the script. These on-exit strings are important for restoring global state information (e.g. control key pass-through, console mode) to the original state before the JS mod made any changes.

I'm not sure why the special treatment of "scope == NULL" is through-out this function. Going back to v3.16, it appears this was special treatment for JS mods invoked via global hot key event (when scope != NULL). When invoking an xtrn JS mod with the new Context option, the scope argument is not NULL, so this check was defeating the parsing of the "exit_code" and the evaluation of any js.on_exit() installed expressions for no apparent reason. I can't think why global hot key events should be excluded from this logic either.

Originally, the "pause on exit" was implemented in the C++ version of
sbbs_t::xtrn_sec() and not sbbs_t::exec_xtrn(). This meant that the pause
option was only implemented when the prgoram was invoked from the menu and
not when invoked directly (e.g. via Baja or JS exec_xtrn function).

When sbbs_t::xtrn_sec() was ported to JS, that functionality was also moved
to JS. But it really should have been implemented in exec_xtrn() to begin
with so that regardless of how the program is invoked, that SCFG setting takes
effect.

Thanks to Michael Long for pointing this out.

Added an "All Servers" option.
Fixed the "Telnet server" (now "Terminal Server") to set the correct/modern semaphore file.
Simplified the implementation of this function.

So you can do stuff (*like this*).

Also, we don't need to heavily scrutinize the closing tag when we come upon it because we already determined it was valid before we accepted the opening tag/character.

This appears to go back to a change Deuce made in 2004 (rev 1.41) where ANSI, COLOR, RIP and WIP user terminal settings were always cleared when logging in via RLogin.

I happened to notice that manually enabling iCE color support wasn't working when logging in via RLogin (the iCE color flag would be cleared every login, but worked fine when logging in via Telnet). Upon investigation, I found that *all* user's manual terminal settings were cleared for either RLogin or SSH logins (copy/pasted bug). So... stop doing that. The method of dynamic terminal capability detection/checking has changed since 2004, so we should not need to mess with the user's misc flags.

The reported problem (by John "Jay" Crutti) was:
If autodetection of the terminal is used from the defaults menu I get stuck on the prompt to hit my Delete key because on the BBS, it keeps showing me login statistics every time I hit my delete key. 

Add/use new K_CTRLKEYS mode to stop inkey() from handling/eating control-keys (e.g. Ctrl-T) when asking user to hit backspace during defaults->terminal settings.

Allow PETSCII_DELETE (Ctrl-T) as a valid option when asking for the backspace/delete key and set the PETSCII flag in the autoterm variable if hit by the user.

Defaults to "Off" ("No") and can be set per-sub-board to either:
- "Yes" parse/apply markup style to displayed message text while still displaying the markup tags
- "Hide" parse/apply markup style to displayed message text and hide (don't display) the markup tags
- "No", treat marked-up messages the same as any other message text, same as before.

The supported Markup tags at this time are:
#bold text#
/Italicized text/
_underlined text_
#inverse text#

Now, ANSI-BBS terminals (and Synchronet) do not support the concept of italic or underlined text (at least, not yet) - so those styles become combinations of the blink and high-intensity attributes which can be used to choose alternate fonts and this works well.

These 4 styles were chosen to be compatible with GoldEd's "Style Codes", though GoldEd is actually very configurable in its support of these tags/codes and its possible we're not 100% compatible. For example, GoldEd (and SemPoint) both support the combining of tags/codes to created combinations of styled text - Synchronet does not (this is consistent with Mozilla/Thunderbird's "Structured Text").

Multiple words can be styled with a single set of tags, but the first and last word must be delimited by white-space (this is not consistent with Markdown).

Multiple lines can be styled with a single set of tags, but not multiple paragraphs (this is consistent with Markdown).

The rules I chose were to minimize false positives but maintain some interoperability with GoldEd and Thunderbird with a familiar/common tag syntax.

Don't let ANSI terminal control sequence, e.g. from 1337 FILE_ID.DIZs, leak into file descriptions.

A function/method to strip all ANSI terminal control sequences from a string.

This work-around shouldn't be necessary, but at least on my Linux/Samba setup, when GitLab sends out notification emails to subscribers and creates 4+ simultaneous SMTP connections and sends email messages, sometimes (often) it ends up with a lock-timeout on the mail base. The file locking should handle the contention fine, but somehow I end up in scenarios where savemsg() takes 30 seconds to complete (the configured SMB lock-timeout is 30 seconds, likely not a coincidence) - and this causes other clients to timeout trying to lock the base. Just use a sharead-mutex here instead as a work-around. The wait time is indefinite, might want to consider using a timed-wait instead.

The default terminal columns (still 0/auto) can be overridden with the 'L' command from the user defaults menu. 

Also increased maximum manual terminal rows setting from 99 to 999 - this involved moving the record in user.dat, though the old record value is auto-migrated.

This is useful for detecting blank records.

Putting IP addresses first.

Probably only a problem on Vertrauen, but some QWKnet nodes, for some unknown reason, like to FTP-connect multiple times concurrently and request to download a QWK packet. This creates a race condition where the QWK packet gets created/downloaded/deleted before the second FTP connection can successfully download the same file, thus logging an error "opening file " on the server (VERT). So if the pack*.now file already exists, reject the download request. "What are doing?" is what I really want to ask these nodes, but better just throw them an error response and quietly move on.

Beautification for 40 column terminals.

Log the IP address first in most log messages.
Condense white-space in log messages to a single space.
Log the server IP address of incoming connections.
(more) Intelligent email address enclosure in angle-brackets.
Better duplicate address comparison (just for log message).
Fix wrong order of lprintf arguments in !UNKNOWN USER log message (new bug).

Created a function to condense all white-space in a string to single space-characters (e.g. Yoda).

Like the Terminal Server, don't count authenticated connections against the MaxConcurrentConnections limit.

Only authenticated users with passwords (not Guest) count as authenticated connections.

When enforcing the MaxConcurrentConnections limit, don't count connections for user's with blank passwords (i.e. Guest) as authenticated.

This message can be logged when a sysop is prompted for the system password and enters it incorrectly or just disconnects.

So lower the log level to DEBUG. And include the IP address that we searched for too.

This might not be so great for IPv6 connections (let me know).

Also, use macro for the maximum received SMTP bad command magic number.

Fix-up the sender and recipient info included in log messages in the sendmail thread too.

Bumped rev to 1.735.

Weird that no mail server has ever complained; I guess they're all prettty
"liberal in what they accept".

Also, eliminated an unnecessary strcpy() call.

The Linux lock() implementation in xpdev/filewrap.c requires that
_FILE_OFFSET_BITS is set to 64 or else OFD (sane) locks are not
used on Linux, defaulting back to the crazy per-process file region
locking of Linux of old. This was done in this commit:
http://cvs.synchro.net/commitlog.ssjs?99999#39639
because:
https://patchwork.kernel.org/patch/9289177/

but on 64-bit Linux, large file support is assumed and you don't
actually need to define _FILE_OFFFSET_BITS, we're peforming this
check for 32-bit Linuxes. Perhaps a check to see if sizeof(off_t)
== 8 would have been better. However, this change enables OFD
Locks for *all* flavors of Linux (not just 64-bit) - so that's
better.

Why do we care? Because using region locks on the same file in
a multi-threaded program doesn't really work right on Linux without
using OFD Locks. I saw this problem with receiving multiple
simultaneous emails in the mailserver and getting smb_locksmbhdr()
errors/failures when trying to save the message data or headers
of the one or more messages every time GitLab would send email
out to those whoe have opted-in to received email notifications
upon gitlab.synchro.net activity.

And separate the saved/imported message text into body and tail (separate SMB msg data fields) automatically to exclude signatures from quoted text.

As requested by Tracker1.

This allows a .sig file to contain "\n-- \n", the "standard" USENET signature delimiter, as requested by Tracker1.

Removed the yield line interval (this is a questionable setting anyway).

Also, made the unlimited max-connections display as "N/A" (instead of
"0") in the Terminal Server config dialog.

Cleans both debug and release build dirs.

The mail (SMTP) server is a popular target of bots. Impose a maximum-concurrent-connections limit (optionally). Similar to the terminal server option, except, don't deduct the number of authenticated connections (I can add something like that if desired). The new config option is [mail] MaxConcurrentConnections in the ctrl/sbbs.ini (defaults to 0, no maximum).

Fixed error responses in mail_server accept loop: was always sending POP3 error responses even if the connection was SMTP.

Cleaned-up the service/port checking/logging in the mail_server accept loop: no strcmp() needed, log the protocol name (e.g. "SMTPS") instead of the service name (e.g. "submissions").

Also, if getuserdat() fails, don't count that as a failed login attempt.
Also, track username and password of failed-login attempts of deleted or inactive user accounts.

When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.