1. 10 Aug, 2019 5 commits
  2. 09 Aug, 2019 4 commits
    • rswindell's avatar
      Don't store the original RCPT TO argument (forward-path) when the message · c1c78bb4
      rswindell authored
      is being forwarded to an external email address. Introduced in rev 1.690,
      user-forwarded emails wouldn't work because sending envelope would contain
      the original forward-path. Thanks again to Alterego (ALTERANT) for testing
      this stuff and reporting issues with detail!
    • rswindell's avatar
    • rswindell's avatar
      Fix off-by-two issue with fgets() calls in printfile() line-at-a-time mode · bf297492
      rswindell authored
      (new). Reported by Alterego (ALTERANT)
    • rswindell's avatar
      Fix long standing bug with the global JS function login(): · c65542f8
      rswindell authored
      A few *service.js scripts call this function without a password argument
      (the second argument), e.g. login("guest");
      If there was no guest account (or the guest account had a password assigned),
      this would result in a failed login attempt as "guest" along with a garbage
      password (e.g. a floating point number, like 3.7042561) and since it would
      be a unique garbage password for each login() call without an actual password
      specified, these login() calls would be counted as unique failed login attempts
      and potentially cause the client's IP address to be added to the hack.log
      and even ip.can (IP address filter).
      As seen on Mortifis' system where VERT was filtereed due to
      "SUSPECTED NNTP LOGIN HACK ATTEMPT", likely due to the daily sbbslist
      verifications when just perform a TCP connection and no actual login attempt,
      but nntpservice.js would still call login("guest") before the client (vert)
      would be disconnected.
  3. 08 Aug, 2019 14 commits
  4. 07 Aug, 2019 9 commits
  5. 06 Aug, 2019 8 commits