Martin is back

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Martin is back

Post by Dravion » 2019-07-30 18:08

Martins is back in the Game and has updated the source to OpenSSL 1.0.2s :D

https://github.com/hmailserver/hmailserver/issues/289

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-07-30 20:59

Optimism can be a good thing for mental well being but can have it's downsides. Often it leads to disappointment.

Just saying.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-07-31 10:42

jimimaseye wrote:
2019-07-30 20:59
Optimism can be a good thing for mental well being but can have it's downsides. Often it leads to disappointment.

Just saying.

[Entered by mobile. Excuse my spelling.]
He might be depressed regarding tooling support which can built hMailServers and code.
hMailServer is a great peace of Software, but right now we are stuck with Visual Studio 2013 while
Visual Studio 2015, Visual Studio 2017 are already gone and Visual Studio 2019 is out for some time now
and the new Standard.

There are lots of Syntax errors if you even try to built hMailServer. This wont go away until some drastic code changes will take
place, thats why i started the HCD Project.

Problems:
*The Backup system code needs to be completely removed, it cannot be fixed
(but you, Jimimaseye did a very well Job to run backups without requiring hMailServers internal Backup and i think we should stick with it for now).

*We need to upgrade to OpenSSL 1.1.x or abandon it and switch to something like LibreSSL because OpenSSL 1.0.x is soon EOL (Dec, 21)
(which i favor right now, because Katip running it now for month in Production as x64 LTS build and it's runs more reliable then the original OpenSSL 1.0.x)

*We need to remove COM
(this unfortunately kills VBScript and JScript because it works on top of DCOM so we need a replacement. I like LUA because its simple and tiny but powerful)

*We need a complete new GUI
(hMailAdmin.exe is running on .NET, DCOM which is Windows specific and even Microsoft has deprecated some parts and will do so in the future)

That's why i created the HCD-Github Repo
My Main focus is to stay away from Visual Studio as Main Development tool, because it contributed massively to the mess we are now in.
You really can't trust Microsoft. Next Version of Visual Studio will break all new code again and i am not willing to risk this Situation again.
But instead of abandoning Visual Studio completely, HCD will use CMake, a cross build tool which newer Versions of Visual Studio can open
and work with and older Versions of VS can be included by generating VS specific Project files.

This leads us to Visual C/C++ AND GNU GCC C/C++ AND Clang Compiler compliant Codebase.
This will prevent us from Microsoft silly decisions break the code and doing harm to us. If they do, we use GCC, if GCC fools us, we use the Clang
C/C++ Compiler - Problem solved.

Once there is some progress visible in HCD i will shoot Martin an invite to the HCD Github Repo.
He even can take the lead if he want - i don't care. But we need to make sure there is some sort of progress.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-07-31 10:49

So... We are accepting the optimism will lead to disappointment then.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 4461
Joined: 2017-09-12 17:57

Re: Martin is back

Post by palinka » 2019-07-31 12:16

HCD sounds very, very optimistic to me!

teco
Normal user
Normal user
Posts: 44
Joined: 2010-12-20 14:26

Re: Martin is back

Post by teco » 2019-07-31 13:20

jimimaseye wrote:
2019-07-31 10:49
So... We are accepting the optimism will lead to disappointment then.
Why so pessimistic?

Ages Ago I have also used Visual Studio. Last try was with 2013 with trying to bring an old source from Version 2008 back working.

You need more time to upgrade the Source from one Version to another as to find and repair bugs. No way to talk about new features. When you have solved everything, the next version of VS says hello to you.

I can fully understand Martin when he is loosing his mind and interest over all the needed changings to work with VS 2019 or newer to keep Hmail running. It is a neverending story when you try to stay with VS.

Other compilers are more futureproof and does not require to do large fixings before you can use the source.

Dravion is right. You deccide to use one VS Version and keep sticking on it until the bad end. If you don't see light to move to another Version or Compiler you are on Martins situation now. You have developed for many years and a compiler upgrade ruins everything.

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-07-31 14:16

Youre right @teco

I cannot count how many Projects i have seen in the last 15 Years, crippled by Microsoft stupid Visual Studio decisions.
They always promise you, if you join their course you have nothing to worry, until reality proves it wrong.

Mean while, Mingw-w64 can built 32-Bit and 64-Bit Windows Apps and Services out of the box as well.
I use QTCreator so i can switch any time from Visual C/C++ Compiler to Mingw-w64 C/C++ Compiler and back,
which makes testing a lot easier. Also we have a plan b if Microsoft is trying to fool us again.

But first i have to remove all the nasty DCOM and ATL stuff first.
I have a replaced a lot of CString ANSI Strings to Standard C++ std::string and it works well on both C++ Compilers now.
But there is a lot of other Windows specific code which needs to be replaced, for example __int64 to "long long" and int to size_t ect.

My next goal is to make hMailServer.exe run as console app, with removed backup code and and removed DCOM+VBScript code (which is
almost completely removed by now). If this works, hMailServer can be run and configured by direct modification of the Database and by editing hMailServer.ini.
It's not a convenient or complete situation but its the new code base we can improve and built on. After this i will work on a new hMailAdmin App which will connect via
TCP/IP+TLS instead of DCOM.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-07-31 14:34

teco wrote:
2019-07-31 13:20
jimimaseye wrote:
2019-07-31 10:49
So... We are accepting the optimism will lead to disappointment then.
Why so pessimistic?
Because...
teco wrote:
2019-07-31 13:20
I can fully understand Martin when he is loosing his mind and interest over all the needed changings to work with VS 2019 or newer to keep Hmail running. It is a neverending story when you try to stay with VS.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-07-31 15:21

Right now, we are not without support

Visual Studio 2013 Update 5
Extended Support End Date 4/9/2024

There is still time to built with Visual Studio 2013 but as said before, compatibility to previous Project files are really problematic.
The good news is, there are plenty of good and free C/C++ Compilers out there we can use. Problem is, Microsoft has polluted its Visual C/C++
Compilers with some Windows depended extras, if when used restricts you on Windows. But thats not the case with all of hMailServers code.
A lot of Code is directed to BOOST which is 100% C++ Standard compliant and OpenSSL which can be replaced by LibreSSL.

We are talking about peaces of C/C++ code which had to be rewritten in Standard C/C++ code, not this freaking Microsoft extension stuff
which isn't really required, old and restricts us to Windows and Visual Studio. We don't need to re-invent the Wheel, just a few parts of it.

teco
Normal user
Normal user
Posts: 44
Joined: 2010-12-20 14:26

Re: Martin is back

Post by teco » 2019-08-01 16:52

jimimaseye wrote:
2019-07-31 14:34
teco wrote:
2019-07-31 13:20
jimimaseye wrote:
2019-07-31 10:49
So... We are accepting the optimism will lead to disappointment then.
Why so pessimistic?
Because...
teco wrote:
2019-07-31 13:20
I can fully understand Martin when he is loosing his mind and interest over all the needed changings to work with VS 2019 or newer to keep Hmail running. It is a neverending story when you try to stay with VS.
Fully understandable.
But which alternative will you use under Windows? Most vendors of commercial Email Server are moving to a subscription only model. You pay or you can not use it.
Linux has "maybe" yandex. But their email server is restricted in some way in their free version. Here again, most vendors moving to a subscription model.

Imho we should wait until Dravion has finished his version or has given up (I don't hope/expext the latest). After this we can be happy or can begin with other ideas and becomming nevous, crying, mad, etc.

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-01 19:17

Imho we should wait until Dravion has finished his version or has given up (I don't hope/expext the latest). After this we can be happy or can begin with other ideas and becomming nevous, crying, mad, etc.
That's true.
I hate Subscriptions models and even Dovecot is beginning with this Crap on Linux (required for Postfix if you want POP3 and IMAP)

It makes absolutely sense to focus on hMailServer because the BOOST ASIO Event based asynchronous connection handler model outperforms
even MS-Exchange and for Example Kerio Mailserver. Because of this, hMailServer is famous for handling gazillions of connections same time without
extreme Memory or CPU or Network band which usage, this why it scales extremely well.

One of the few bottlenecks are the DCOM stuff. It can slow down hMailServer and this is a additional reason why we need to get rid of it.

Meanwhile, a lot of work is already done, but not pushed to the HCD Github repo but you can see and compare whats already published in the
HCD repository

https://github.com/hMailServer-ComDevs/hmailserver

As you can see, test compiles are already running for Windows, Linux, MacOS, OpenBSD (UNIX) and Solaris (UNIX) (HP UX was just a experiment and is now removed)
https://github.com/hMailServer-ComDevs/ ... eLists.txt

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-01 20:01

There are lots of Syntax errors if you even try to built hMailServer.
I can compile it without syntax error (and so can the build environment). What syntax errors are you getting?

Or do you mean you get errors when trying to compile using VS2017/VS2019? Because that would be expected due to the C++ language-changes, right?

(Also: hey guys :D )

Another question: If HCD is a complete fork, wouldn't it be better to have that on a separate site and a separate name? It sounds like it could be confusing to user to have something "hmailserver" but in reality it's a completely different code-base? I see posts in forum now about people running 5.7 LTS, but there's no hmailserver 5.7. So that may be confusing?
Martin Knafve

User avatar
katip
Senior user
Senior user
Posts: 1161
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Martin is back

Post by katip » 2019-08-01 21:47

martin wrote:
2019-08-01 20:01
(Also: hey guys :D )
Hi Maestro :D
i'm so glad....
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-01 21:57

martin wrote:
2019-08-01 20:01
There are lots of Syntax errors if you even try to built hMailServer.
I can compile it without syntax error (and so can the build environment). What syntax errors are you getting?

Or do you mean you get errors when trying to compile using VS2017/VS2019? Because that would be expected due to the C++ language-changes, right?
Yes, thats the Problem.
I found out that the Header StdString.h is a big trouble maker as well as XMLite.cpp and XMLite.h and it wont compile with a newer Visual C/C++ Compiler
than VS-2013. I was trying really hard to make it work on newer Compilers like VS 2015, VS 2017 and 2019 but i had no luck so far. Unfortunately
its referenced all over in the code which makes a replacement very difficult. The same goes for XMLite which is a very poor XML Parser in my opinion.
Another question: If HCD is a complete fork, wouldn't it be better to have that on a separate site and a separate name?
HCD stands for hMailServer Community Developers which is focused on a complete rewrite of hMailServers Core code and bringing it to Linux and MacOS.
The HCD Github Repo is setup as a Organization, so anyone interested in this version of hMailServer can join, can contribute and send patches.
If you want, i can invite you to it and i can promote you to the Organization's admin.

You can see what is already done regarding HCD in it's public GitHub Repo so you can decide yourself if you think this could be the future of hMailServer
https://github.com/hMailServer-ComDevs/hmailserver
It sounds like it could be confusing to user to have something "hmailserver" but in reality it's a completely different code-base? I see posts in forum now about people running 5.7 LTS, but there's no hmailserver 5.7. So that may be confusing?
The LTS Release is simply the unchanged code of your official Github Repo, but its an x64 Release only release and it has LibreSSL
instead of OpenSSL 1.0.2.x because OpenSSL 1.0.2.x series getting out of Support soon (see: https://www.openssl.org/source/ )

LibreSSL works great with hMailServers official code and some Users (like Katip) using it for Month in production as x64 without any Problems.
LTS stands for Long Term Support and means it will receive only important security fixes and LibreSSL updates but not improvements or new features like
HCD. The LTS Repo and Codesigned Inno Installer can be found here: https://github.com/Dravion/hMailServer/releases

LTS comes like hMailServer 32-Bit official with a slightly modified Innosetup Installer and has already included the latest libmysql.dll.
It also supports TLS 1.2 for MySQL and PostgreSQL. On MS-SQL TLSv1.2 is mandatory and done by installing MS ODBC Driver 18 first and than
running the LTS Installer on top of it. The LTS Installer says in the Welcome screen its not the official version,so a User is always is informed.

The goals of HCD are:
*Replacing DCOM with a TCP/IP TLSv1.2 secured API (i added a new Protocol to it, and it works on top of BOOST ASIO, the same way as SMTP or POP3)
*Rewriting hMailServers core code so it can be built by the GNU GCC Compiler and run in POSIX Environments like Linux/Unix and MacOS and ARM64 CPU's Devices.
*Using CMake to make sure it works for Visual Studio and GNU GCC Compiler (code compiles witch MSVC and GNU GCC C/C++ Compiler)
*Rewriting the Database Interface so its not longer depended on ADO and enforces encrypted TLSv1.2 connections
*Replacing MS-SQL CE with SQLLte4 because it is now deprecated and out of Support soon, see https://www.hmailserver.com/forum/viewt ... 21&t=33506
*Replacing the VBScript Host with LUA as Main Scripting Language, because LUA is tiny but very powerful and OS independent and can be well integrated.
*Creating a new native hMailAdmin Cross platform (Windows -> Win32, Linux -> GTK2, MacOS -> Cocoa API)
*Better organization of Community contributions and collaborations.

There is no Money or what so ever involved. It's drivven by the wish to improve hMailServer.
Last edited by Dravion on 2019-08-01 22:06, edited 1 time in total.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-01 22:05

I understand the purpose of HCD and it makes sense to have a cross-platform easy-to-use email server. My point was more like it sounds like it will be confusing to call it hMailServer or have it as a part of its name, since it's essentially a completely different piece of software. The original fork was made of hMailServer, but after that it has diverged completely. Right? At least that's what I can understand from reading your description, where the core parts (such as API, user interface, database layer has been replaced).
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-01 22:16

martin wrote:
2019-08-01 22:05
I understand the purpose of HCD and it makes sense to have a cross-platform easy-to-use email server. My point was more like it sounds like it will be confusing to call it hMailServer or have it as a part of its name, since it's essentially a completely different piece of software. The original fork was made of hMailServer, but after that it has diverged completely. Right? At least that's what I can understand from reading your description, where the core parts (such as API, user interface, database layer has been replaced).
Correct.
But i think the inner workings (the BOOST/ASIO related portions of the code) stays the same.
It works like the original hMailServer 5.6.x, but anything DCOM+VBScript related is replaced and rewritten in a Cross platform independent way.

This is the plan right know.
For Windows Users i think we could provide a OutOfProcess COM Server DLL which emulates the original hMailServer DCOM API, but redirects it to the new
hRMS TCP/IP TLSv1.2 secured protocol, so hMailServer VB-Script Enthusiast can continue to use VBScript on Windows.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-01 22:26

martin wrote:
2019-08-01 22:05
My point was more like it sounds like it will be confusing to call it hMailServer or have it as a part of its name, since it's essentially a completely different piece of software. The original fork was made of hMailServer, but after that it has diverged completely. Right? At least that's what I can understand from reading your description, where the core parts (such as API, user interface, database layer has been replaced).
I have to agree. I have my reservations some weeks ago on why dravions project must not be confused with hmailserver and why hardened life time users of hmailserver are unlikely to persuaded to change unless they are forced to due to lack of development or obsolescence of hmailserver (the scripting engine is to important to those that have established systems). As a new project, for new take ons, his project will be off interest to some and it looks like he will make a great effort to make it work and future proof. Perhaps it should be called dMailserver (as libreSSL played on a change of OpenSSL)

So, Martin, could you give us an idea on if you have any immediate plans for your software to be developed with the problems we are facing regarding, amongst other things, security (openssl, tls etc) and mysql incompatibility? There are a VERY many nervous users.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-01 22:33

Can you tell me what problems you're facing with OpenSSL? You mean the fact that hMailServer relies on it (rather than LibreSSL), or that the latest stable version is using an old version? (I put up a new beta some hours ago with the latest OpenSSL version).

Also, when you say TLS are you thinking about the TLS1.2 connectivity with SQL Server and other database engines, or something else?

Edit: With "Latest" above, I'm refererring to the latest 1.0.2-version.
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-01 22:42

@Martin

Its about this
OpenSSL 1.0.2.x series getting out of Support soon
(on Sep 21. 2019).

And the new OpenSSL 1.1.x Series breaks hMailServers code. I was looking in to it and it caused dozens of Syntax errors because code was removed and changed in OpenSSL 1.1.x

On the other hand LibreSSL builds fine, will not change its API and is more security focused.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-01 22:51

OpenSSL 1.0.2.x series getting out of Support soon
(on Sep 21. 2019).
Are you sure about that date? Reading on https://www.openssl.org/policies/releasestrat.html, it says "Version 1.0.2 will be supported until 2019-12-31 (LTS)." and on https://www.openssl.org/source/ it says "Our previous LTS version (1.0.2 series) will continue to be supported until 31st December 2019". Maybe I misunderstand?
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-01 23:06

You are right.

OpenSSL 1.1.0.x is out of Support in September 2019
and OpenSSL 1.0.2.x Series will get support and security updates til 12/31/2019.

But it's still a short time and i think we need a solution.
One proven way is using LibreSSL or rewriting hMailServers OpenSSL Code so it works with OpenSSL 1.1.x Series.

I also tested WolfSSL because they claim they have a OpenSSL 1.0.2.x compatibility Layer but it dit not work.out.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-01 23:09

I'll give this a look next week to see what compilation errors I get at least. I agree it would make sense to use Libre, but for a minor upgrade like 5.6.x I'm a bit hesitant to switch to another SSL library.
Martin Knafve

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-01 23:32

martin wrote:
2019-08-01 23:09
I'll give this a look next week to see what compilation errors I get at least. I agree it would make sense to use Libre, but for a minor upgrade like 5.6.x I'm a bit hesitant to switch to another SSL library.
Any plans for 5.7?

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-02 00:46

Any plans for 5.7?
x86 support will be removed.
This means no 32-Versions versions of hMailServer will be released starting with 5.7 and hopefully LibreSSL Support.

https://github.com/hmailserver/hmailserver/issues/290

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-02 01:36

That is not a plan, it is an intention... as it has been for 3 years. It is only a plan when actions are made and continual working towards making it so.

This is why i ask Martin if he has any plans.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Martin is back

Post by mattg » 2019-08-02 02:45

martin wrote:
2019-08-01 22:33
Can you tell me what problems you're facing with OpenSSL? You mean the fact that hMailServer relies on it (rather than LibreSSL), or that the latest stable version is using an old version? (I put up a new beta some hours ago with the latest OpenSSL version).

Also, when you say TLS are you thinking about the TLS1.2 connectivity with SQL Server and other database engines, or something else?
TLSv1.3 support for both connections between servers and to the database

Also please check these builds
viewtopic.php?f=10&t=30193&start=180#p212268

There is some great additions and bug fixes in there
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 06:25

Any plans for 5.7?
In short: No, there's no plans such as scope or date.

I'm still not sure exactly what the issue is when it comes to TLS. Is the lack of TLS1.3 an actual for emailserver-to-emailserver a big issue? I would guess 99% of the email servers on internet doesn't support it, so in reality the communication would fall back to 1.2. It sounds almost like this is a misunderstanding? (It would be nice to have TLS 1.3 of course and I'll add that).
Martin Knafve

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Martin is back

Post by mattg » 2019-08-02 07:20

Oh yeah it is a 'would be nice', not a need...

On this subject, I think that we've shown that hmailserver will downgrade connections if asked by the client - which isn't ideal.

I've actually turned off TLS1.1 and below, and so my hMailserver (and my web sites) are all TLSv1.2, and that works well. I've had to manually switch on TLSv1.1 for a couple of messages, but very rarely.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 07:36

I think that we've shown that hmailserver will downgrade connections if asked by the client - which isn't ideal.
Unless I misunderstand you, that's just how TLS works though? During the TLS handshake, the client and server will agree on what TLS versions and ciphers to use. If the server supports 1.0/1.1/1.2 and the client supports 1.0 then the client+server will agree to use TLS 1.0. This is true for SMTP, web servers and everywhere TLS is used.

The alternative is to disable TLS1.0/1.1-support on the server. The sending client will then have the option between using TLS1.2 or no encryption at all. Most email servers I've tested with will not require STARTTLS so if the handshake fail due to incompatible TLS-versions, they'll just send it in plain text.

So if you disable TLS1.0/1.1, it may mean that some messages just ends up being transmitted unencrypted instead.

(All of this is quite backwards but just the way STARTTLS+TLS works)
Martin Knafve

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-02 09:01

martin wrote:
2019-08-02 06:25
Any plans for 5.7?
In short: No, there's no plans such as scope or date.
Ok. Thanks for that, at least we now are able to have our expectations set. I guess for completeness we should ask if you have intentions or plans to handle the existing issues (listed on github)? (We often refer to RvdH's offering as Matt linked to earlier as he has done a great job applying some fixes and improvements to his as an unofficial build but would be nice if the existing users can expect any movements on the official release).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 09:12

I will go through them and either close them or fix them. Can't give you a schedule for this though.

Anyone is of course free to create their own forks of hMailServer and incorporate fixes, but for me it's just ha hobby project. I won't set of weeks to implement "nice-have" features unless they are somehow fun to work on.
Martin Knafve

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-02 09:18

Understood. Thanks for the clarity.

People can now have their expectations set appropriately (we can refer to your above post of needed). Although it's a hobby to you, many use it as a critical production server software and often expect a larger support base and more reactive fixing. Your clarity now helps for them to better understand (I hope).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 09:22

Yes, it's quite strange that some people assume that just because you can download something for free, you're entitled to free support and maintenance for +10 years and a stream of features created by a single person. People get sick and die all the time. Companies should know better than that.
Martin Knafve

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: Martin is back

Post by jimimaseye » 2019-08-02 09:28

The key question: how are you for a little 'hobby time' right now? (You have seemingly been away from the project for a while - have you found some time currently?)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-02 09:30

What about Pull requests and patches?

Is there a way we can assist you regarding coding?

I assume you favor small patches as pull requests
instead of big ones.

Should we enque pull request to origin/master or the latest 5.7 dev branch?

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 10:16

I think it would make most sense from 5.7-branch. I'm in the process of updating to latest boost and openssl now (both for 5.6 and 5.7). OpenSSL only gave a single compilation error (and some side effects). So would probably make sense to wait for that, and the removal of x86.

The main issue I've had with pull request is that they don't follow the existing structure. Instead of adding settings to the installation wizard / hMailServer Administrator and the COM API, it's been ini-file tweaks which has altered the behavior and only rarely unit tests have been added. While that of course "works", it doesn't follow the idea with hMailServer that stuff should be user-friendly and that automated test coverage should be good. So that has put me in a weird spot where some code may work fine and solve an actual issue and someone has invested time into it, but it doesn't really fit into the implementation and to make it fit, I would have to spend a considerable amount of time myself. Such pull-requests I'll just reject with info that they don't fulfill the requirements.
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-02 10:34

martin wrote:
2019-08-02 10:16
I think it would make most sense from 5.7-branch. I'm in the process of updating to latest boost and openssl now (both for 5.6 and 5.7). OpenSSL only gave a single compilation error (and some side effects). So would probably make sense to wait for that, and the removal of x86.
Sounds great. If OpenSSL 1.1.x could be integrated this make things easier regarding TLSv1.3 because it already supports it.
LibreSSL sounds better regarding the security focus of the Project but it has no TLSv1.3 support right now.
The main issue I've had with pull request is that they don't follow the existing structure. Instead of adding settings to the installation wizard / hMailServer Administrator and the COM API, it's been ini-file tweaks which has altered the behavior and only rarely unit tests
Do we have Unit tests for hMailServer.exe native C/C++ code?

As far as i understand NUnit has a focus on .NET Languages and CLR level, which should be ok for hMailAdmin and DBSetup but what about
hMailServer.exe? If this isn't covered by NUnit, maybe GTest (Google Test) could be an option. It supports C and C++ code and has a PlugIn for
Visual Studio but it also runs outside of it.
have been added. While that of course "works", it doesn't follow the idea with hMailServer that stuff should be user-friendly and that automated test coverage should be good. So that has put me in a weird spot where some code may work fine and solve an actual issue and someone has invested time into it, but it doesn't really fit into the implementation and to make it fit, I would have to spend a considerable amount of time myself. Such pull-requests I'll just reject with info that they don't fulfill the requirements.
Yeah, reviewing pull requests can take so time, but it looks like this is the best way right now to contribute code.

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Martin is back

Post by mattg » 2019-08-02 11:50

martin wrote:
2019-08-02 07:36
I think that we've shown that hmailserver will downgrade connections if asked by the client - which isn't ideal.
Unless I misunderstand you, that's just how TLS works though?
https://en.wikipedia.org/wiki/POODLE
(specifically the attacks against TLS more than half way down.)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 3235
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Martin is back

Post by RvdH » 2019-08-02 12:26

mattg wrote:
2019-08-02 11:50
martin wrote:
2019-08-02 07:36
I think that we've shown that hmailserver will downgrade connections if asked by the client - which isn't ideal.
Unless I misunderstand you, that's just how TLS works though?
https://en.wikipedia.org/wiki/POODLE
(specifically the attacks against TLS more than half way down.)
POODLE is SSL 3.0 as far as i know, Disable SSL 3.0 and you are good, no?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-02 12:39

POODLE is SSL 3.0 as far as i know, Disable SSL 3.0 and you are good, no?
Yes. And fallback prevention was added to OpenSSL years ago (2014).

Either way, if you're using hMailServer with "STARTTLS (Optional)" which I assume to be the case 99% of the time, this is moot, since a MITM can easily fallback such a connection anyway.
Martin Knafve

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Martin is back

Post by mattg » 2019-08-03 02:11

RvdH wrote:
2019-08-02 12:26
POODLE is SSL 3.0 as far as i know, Disable SSL 3.0 and you are good, no?
Poodle has been reborn against TLS
mattg wrote:
2019-08-02 11:50
(specifically the attacks against TLS more than half way down.)
https://www.imperialviolet.org/2014/12/ ... again.html

The only way to stop it is to disable ALL BUT TLSv1.2 (Which I've done nearly a year ago)
The fall back for most systems is unsecure connections (Which isn't better).


I'll look for the thread here about this...
martin wrote:
2019-08-02 12:39
Either way, if you're using hMailServer with "STARTTLS (Optional)" which I assume to be the case 99% of the time, this is moot, since a MITM can easily fallback such a connection anyway.
Couldn't verify external certs be used for incoming connections?
I now that outgoing connections is hard because there are so many mis-matches, but it is getting better.
Perhaps even spam scoring rather then rejecting where there is a mis-match
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-04 13:20

Do we have Unit tests for hMailServer.exe native C/C++ code?

As far as i understand there is none.

Would it be an welcome addition to write some native code tests with BOOST Test or GTest?

It's a lot of work to get it done, but if you think native code Unit testing should be done, i could contribute some tests.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-04 15:20

99% of the tests of the C++ code are integration-tests which runs through full flows, such as retrieval of email from an external POP3 account, delivery using STARTTLS, backup/restore and so on.

There are a few "unit-test"-level tests in ClassTester, but it's very rudimentary.
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-04 15:33

martin wrote:
2019-08-04 15:20
99% of the tests of the C++ code are integration-tests which runs through full flows, such as retrieval of email from an external POP3 account, delivery using STARTTLS, backup/restore and so on.

There are a few "unit-test"-level tests in ClassTester, but it's very rudimentary.
Do you want to go ahead with ClassTester or do you prefer BOOST own Unit Test System https://www.boost.org/doc/libs/1_70_0/l ... index.html
or Google GTest Unit Test System? https://github.com/google/googletest/

I am down for all 3 variants but you should decide which should be used.

IMHO: I like GTest a lot because it has mockup tests which allows very detailed tests and also test within tests and its pretty straight forward

like this:
#include <gtest/gtest.h>

TEST(MyTestSuitName, MyTestCaseName) {
int actual = 1;
EXPECT_GT(actual, 0);
EXPECT_EQ(1, actual) << "Should be equal to one";
}

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Martin is back

Post by martin » 2019-08-04 20:51

From what I can understand from a quick read, google's variant is easier to use. Since I don't really have any other preference, I think it would make sense to go for that one.

If you want to discuss this further please create a new thread because this one is covering too many topics now.
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Martin is back

Post by Dravion » 2019-08-04 21:23

Ok, i created a new Unit Test Topic in the Developer section
https://www.hmailserver.com/forum/viewt ... 10&t=34210

Post Reply