DevSyS Community

The following patch is able to anonymize the entire mails routing path.

Reason about this feature is the following:

1. Customers privacy preservation
2. Nullify RBL (Source Path) SpamCheck for RBListed ISP connection (fastweb.net, tim.it, etc etc).

In the diff patch attached file you can find some commented code block. You can store an original email copy, if you would to save it, commenting out code lines (not suggested in a thousand-emails-for-day environment).

Download qmail-scanner.queue.diff.patch

Intro

ANSI Escape sequences are used to perform special operations on the terminal, such as changing the output color, making it bold, printing at a specified coordinate etc.

The sequences

Wherever you see ‘#’, that should be replaced by the appropriate number.

Cursor Controls:

ESC[#;#H or ESC[#;#f (Moves cusor to line #, column #)

ESC[#A (Moves cursor up # lines)
ESC[#B (Moves cursor down # lines)


ESC[#C (Moves cursor forward # spaces)


ESC[#D (Moves cursor back # spaces)


ESC[#;#R (Reports current cursor line & column)


ESC[s (Saves cursor position for recall later)


ESC[u (Return to saved cursor position)

Erase Functions:
ESC[2J (Clear screen and home cursor)


ESC[K (Clear to end of line)

Set Graphics Rendition:
ESC[#;#;....;#m                     

Set display attributes where # is

• 00 for normal display (or just 0)
• 01 for bold on (or just 1)
• 02 faint (or just 2)
• 03 standout (or just 3)
• 04 underline (or just 4)
• 05 blink on (or just 5)
• 07 reverse video on (or just 7)
• 08 nondisplayed (invisible) ( or just 8 )
• 22 normal
• 23 no-standout
• 24 no-underline
• 25 no-blink
• 27 no-reverse
• 30 black foreground
• 31 red foreground
• 32 green foreground
• 33 yellow foreground
• 34 blue foreground
• 35 magenta foreground
• 36 cyan foreground
• 37 white foreground
• 39 default foreground
• 40 black background
• 41 red background
• 42 green background
• 43 yellow background
• 44 blue background
• 45 magenta background
• 46 cyan background
• 47 white background
• 49 default background

 

ESC[=#;7h or (Put screen in indicated mode where # is)
ESC[=h or (0 for 40 x 25 black & white)


ESC[=0h or (1 for 40 x 25 color)


ESC[?7h (2 for 80 x 25 b&w)

• 3 for 80 x 25 color
• 4 for 320 x 200 color graphics
• 5 for 320 x 200 b & w graphics
• 6 for 640 x 200 b & w graphics
• 7 to wrap at end of line

ESC[=#;7l or ESC[=l or (Resets mode # set with above command)
ESC[=0l or ESC[?7l

Keyboard Reassignments:
ESC[#;#;...p (Keyboard reassignment. The first ASCII)


or ESC["string"p (code defines which code is to be)


or ESC[#;"string";#; (changed. The remaining codes define)


#;"string";#p (what it is to be changed to)

E.g. Reassign the Q and q keys to the A and a keys (and vice versa).
ESC [65;81p (A becomes Q)


ESC [97;113p (a becomes q)


ESC [81;65p (Q becomes A)


ESC [113;97p (q becomes a)

E.g. Reassign the F10 key to a DIR command.

ESC [0;68;"dir";13p (The 0;68 is the extended ASCII code)


for the F10 key and 13 is the ASCII


code for a carriage return.

Other function key codes       

F1=59,F2=60,F3=61,F4=62,F5=63
F6=64,F7=65,F8=66,F9=67,F10=68

Recentemente è stato aggiornato il pacchetto libapache2-mod-auth e all’utilizzo degli stessi file di configurazione provoca il seguente errore:

(9)Bad file descriptor: Could not open password file: (null)

Per risolvere la situazione è sufficiente aggiungere la seguente linea al proprio file di configurazione:

AuthBasicAuthoritative off

Come riportato dalla fonte del bug il problema è il seguente:

“The only difference between apache 2.2.3-2 and 2.2.3-3.3 that appears
relevant is that 2.2.3-3.1 *enables* authz_user by default”

Il post di seguito spiega come utilizzare la seconda versione del mod “MySQL Authentication” con un Apache Server versione 2.x.

La distribuzione utilizzata è una Debian GNU/Linux Stable.

Innanzitutto installare i pacchetti necessari (dato per assunto che sia stato già  installato apache2/mysql)

# apt-get install libapache2-mod-auth-mysql

Creare la tabella nel database MySQL

mysql -uroot -p

mysql> create database apache_auth;

mysql> CREATE TABLE `users` (

`login` varchar(25) NOT NULL default ”,

`passwd` varchar(25) NOT NULL default ”,

PRIMARY KEY (`login`),

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Creare un utente (definito da auth_user/auth_password) con USAGE Privileges sulla tabella appena creata

mysql> grant all on apache_auth.* to auth_user@localhost identified by ‘auth_password‘;

mysql> flush privileges

Definire nel file di configurazione /etc/apache2/apache2.conf la directory per la quale deve essere letto il file .htaccess

Options +Indexes FollowSymLinks MultiViews

AllowOverride AuthConfig Options FileInfo Limit

Order allow,deny

Allow from all

Creare il file .htaccess fisicamente nella directory relativa sul filesystem e inserirci le seguenti righe:

AuthMYSQL on

AuthType Basic
AuthName “Autenticazione Richiesta”

AuthMySQL_User auth_user
AuthMySQL_Password auth_password
AuthMySQL_Host 127.0.0.1
AuthMySQL_Authoritative on
AuthMySQL_DB apache_auth
AuthMySQL_Password_Table users
AuthMySQL_Username_Field login
Auth_MySQL_Password_Field passwd

AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types Plaintext Crypt_DES

require valid-user

In questo modo, tutti gli utenti definiti nella tabella “apache_auth” si autenticheranno con successo nella directory definita.

Di seguito sono descritte tutte le possibili direttive utilizzabili (prese dal package sorgente mantenuto da Matthew Palmer)

—- START —-

Auth_MySQL_Info

Server-wide config option to specify the database host, username,
and password used to connect to the MySQL server.This option affects all directories which do not override it via
AuthMySQL_Host, AuthMySQL_User, and/or AuthMySQL_Password.

AuthMySQL_DefaultHost
Specifies the MySQL server to use for authentication.

This option affects all directories which do not override it via
AuthMySQL_Host.

AuthMySQL_Host
Synonym for AuthMySQL_DefaultHost, to be used in .htaccess files and
directory-specific entries.

Auth_MySQL_DefaultPort

Specifies a port to use to talk to a MySQL server. If left empty,
the default (3306) will be used.This option affects all directories which do not override it via
Auth_MySQL_Port.

Auth_MySQL_Port

Specifies a non-default port to use (other than 3306) when talking
to the MySQL server on AuthMySQL_Host or AuthMySQL_DefaultHost.Auth_MySQL_DefaultSocket
If using a local MySQL server, you can
specify a non-default named pipe to use instead of the default pipe
name compiled into your MySQL client library.

This option affects all directories which do not override it via
Auth_MySQL_Socket.

Auth_MySQL_Socket
If using a local MySQL server, you can specify a non-default named
pipe to use instead of the default one compiled into MySQL with this
option.

AuthMySQL_DefaultUser
Specifies the username for connection to the MySQL server.

AuthMySQL_User
Synonym for AuthMySQL_DefaultUser, to be used in .htaccess files and
directory-specific entries.

AuthMySQL_DefaultPassword

Specifies the password user together with the above user.AuthMySQL_Password

Synonym for AuthMySQL_Password, to be used in .htaccess files and
directory-specific entries.Auth_MySQL_General_DB
Server-wide, specifies a default database name to use.

Auth_MySQL_DB
Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
directory-specific entries.

AuthMySQL_DefaultDB
Synonym for Auth_MySQL_General_DB.

AuthMySQL_DB
Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
directory-specific entries.

AuthName “”
Describes the data you’re guarding.

AuthType
The authentication process used in the transaction. Stick with
Basic, no others work at present.

require
Specify what is considered a valid authentication. can be
either user, group, or valid-user. valid-user is the simplest -
anyone who gets the username and password right gets in. Otherwise,
the user must either have a username in the space-separated list of
identifiers (if using user) or must be a member of a group in the
list of identifiers (if user group).

Multiple require statements are allowed; if multiple require
statements are present in a configuration, then the user will be
considered authenticated if they can satisfy any of the require
statements supplied.

Auth_MySQL_Password_Table

The name of the MySQL table in the specified database which stores
username:password pairs. By default, it is ‘mysql_auth’.AuthMySQL_Password_Table

Synonym for Auth_MySQL_Password_Table.Auth_MySQL_Group_Table
As per …Password_Table above, stores username:group pairs.
Normally you’ll store username:password:group triplets in the one
table, but we are nothing if not flexible. Defaults to
‘mysql_auth’.

AuthMySQL_Group_Table
Synonym for Auth_MySQL_Group_Table.

Auth_MySQL_Username_Field
The name of the field which stores usernames. Defaults to
‘username’. The username/password combo specified in Auth_MySQL_Info
must have select privileges to this field in the Password and Group
tables.

AuthMySQL_Username_Field
Synonym for Auth_MySQL_Username_Field.

Auth_MySQL_Password_Field

As per …Username_Field above, but for passwords. Same MySQL
access privileges. Defaults to ‘password’.AuthMySQL_Password_Field

Synonym for Auth_MySQL_Password_Field.Auth_MySQL_Group_Field
As per …Username_Field above. Defaults to ‘groups’.

AuthMySQL_Group_Field
Synonym for Auth_MySQL_Group_Field.

Auth_MySQL_Group_User_Field
The name of the field in the groups table which stores the username.
Defaults to the field name specified for usernames in the passwords
table.

AuthMySQL_Group_User_Field
Synonym for Auth_MySQL_Group_User_Field.

Auth_MySQL_Password_Clause
Adds arbitrary clause to username:password matching query, for example:
” AND Allowed=1″. Clause has to start with space. Default is empty.

Auth_MySQL_Group_Clause
Adds arbitrary clause to username:group matching query, for example:
” AND Allowed=1″. Clause has to start with space. Default is empty.

Auth_MySQL_Empty_Passwords
Whether or not to allow empty passwords. If the password field is
empty (equals to ”) and this option is ‘on’, users would be able to
access the page by just specifying their username WITHOUT ANY
PASSWORD CHECKING. If this is ‘off’, they would be denied access.
Default: ‘on’.

AuthMySQL_Empty_Passwords
Synonym for Auth_MySQL_Empty_Passwords.

Auth_MySQL_Encryption_Types

Select which types of encryption to check, and in which order to
check them. It overrides the legacy Auth_MySQL_Scrambled_Passwords
and Auth_MySQL_Encrypted_Passwords directives. Multiple encryption
types may be specified, to instruct the module to check each
password in multiple encryption schemes – a useful feature for
legacy transitions. For example:

Auth_MySQL_Encryption_Types Plaintext Crypt_DES

Would instruct the module to do a direct comparison of the entered
password with the contents of the password field, and if that fails,
to do a DES crypt() check, a la Unix password handling.

The available encryption types supported at this time are:

Plaintext
Pretty self-explanatory. Not recommended.

Crypt_DES
Check the password via the standard Unix crypt() call, using
DES hashing.

Crypt_MD5
Check the password via the standard Unix crypt() call, using
an MD5 hash.

Crypt
Check the password via the standard Unix crypt() call,
without preference for the hashing scheme employed. This is
the generally preferred means of checking crypt()ed
passwords, because it allows you to use other schemes which
may be available on your system, such as blowfish.

PHP_MD5
Compares with an MD5 hash, encoded in the way that PHP and
MySQL handle MD5 hashes – 32 character hex code, with
lowercase letters.

SHA1Sum
Compares with a SHA1 hash, encoded the way that MySQL, PHP,
and the sha1sum command produce their output (a 40 character
lowercase hex representation).

MySQL
The hashing scheme used by the MySQL PASSWORD() function.

AuthMySQL_Encryption_Types
Synonym for Auth_MySQL_Encryption_Types.

Auth_MySQL_Encrypted_Passwords (DEPRECATED)
Equivalent to: Auth_MySQL_Encryption_Types Crypt_DES
Only used if …Encryption_Types is not set. Defaults to ‘on’. If
both this option and …Scrambled_Passwords are ‘off’ and
…Encryption_Types is not set, passwords are expected to be in
plaintext.

AuthMySQL_Encrypted_Passwords (DEPRECATED)
Synonym for Auth_MySQL_Encrypted_Passwords.

Auth_MySQL_Scrambled_Passwords (DEPRECATED)
Equivalent to: Auth_MySQL_Encryption_Types MySQL
The same restrictions apply to this directive as to
…Encrypted_Passwords.

AuthMySQL_Scrambled_Passwords (DEPRECATED)
Synonym for Auth_MySQL_Scrambled_Passwords.

Auth_MySQL_Authoritative
Whether or not to use other authentication schemes if the user is
successfully authenticated. That is, if the user passes the MySQL
authentication, they may still be rejected by a later module if this
option is set ‘off’. The default is ‘on’ (i.e. if the user passes
the MySQL module, they’re considered OK).

AuthMySQL_Authoritative
Synonym for Auth_MySQL_Authoritative.

Auth_MySQL_Non_Persistent
If set to ‘on’, the link to the MySQL server is explicitly closed
after each authentication request. Note that I can’t think of any
possible good reason to do this, unless your platform makes MySQL go
crazy when it has plenty of simultaneous threads (bad handling of
file descriptors may cause that). In my opinion, one should
increase the maximum number of simultaneous threads in MySQL and
keep this option off. Default: off, and for good reason.

AuthMySQL_Persistent
An antonym for Auth_MySQL_Non_Persistent.

AuthMySQL_AllowOverride
Whether or not .htaccess files are allowed to use their own
Host/User/Password/DB specifications. If set to ‘off’, then the
defaults specified in the httpd.conf cannot be overridden.

Auth_MYSQL
Whether or not to enable MySQL authentication. If it’s off, the
MySQL authentication will simply pass authentication off to other
modules defined.

AuthMySQL
Synonym for Auth_MYSQL.

— END —