Steffen Daode Nurpmeso | 4 May 18:42 2012

Message written to DEAD twice (but as single MBOX entry)

Hello,

i've tried to mail without any active connection:

  ?0%0[steffen <at> sherwood home]$ mailx -A sdaoden -s subject dead@...
  deref
  .

  --steffen
  Forza Figa!
  EOT
  Could not resolve host: smtp.gmail.com
  "/Users/steffen/arena/data/mail/dead" 28/704
  . . . message not sent.
  ?1%0[steffen <at> sherwood home]$ 

and ended up with this dead box:

  Date: Fri, 04 May 2012 18:29:27 +0200
  From: Steffen Daode Nurpmeso <sdaoden@...>
  To: dead@...
  Subject: subject
  Message-ID: <4fa403e7.dn9Pq0xvlOBrW3Wl5wblq6hu@...>
  User-Agent: Heirloom mailx 12.5 7/5/10
  MIME-Version: 1.0
  Content-Type: text/plain; charset=us-ascii
  Content-Transfer-Encoding: 7bit

  deref

(Continue reading)

Ezequiel Garzón | 6 May 18:11 2012
Picon

Re: Error verifying S/MIME-signed messages sent from nail, but not in (say) Thunderbird

Greetings! I got a Comodo S/MIME certificate and successfully made it
work by adding the following lines to .mailrc:

~~~~~~~~~~~~~~~~~~
set from=user@...
set smime-sign-cert=/home/user/cert.pem
set smime-sign
~~~~~~~~~~~~~~~~~~

Thunderbird receives these messages and verifies the signatures.
Conversely, if I send a message from Thunderbird to nail *nail also
verifies such certificate*.

However, if I try to send it from mailx to mailx (same machine or
different) I get the following:

~~~~~~~~~~~~~~~~~~
? verif
Message 1: Error with certificate at depth: 0
 issuer = /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO Client Authentication and Secure Email CA
 subject = /emailAddress=user@...
 err 20: unable to get local issuer certificate
Error verifying message 1: error:21075075:PKCS7
routines:PKCS7_verify:certificate verify error
~~~~~~~~~~~~~~~~~~

I asked this question in Stack Overflow and it was suggested that nail
may not have a comprehensive list of certificate authorities. But that
doesn't make sense to me, since nail did verify the same kind of
(Continue reading)

Steffen Daode Nurpmeso | 9 May 15:29 2012

New toascc option

No regressions yet.
I know the name is sick.

    Add *toascc* option..

    By default replying to a mail combines From: and To: and leaves
    Cc: untouched.  RFC 5322 however states:

      If a reply is sent to a message that has destination fields,
      it is often desirable to send a copy of the reply to all of
      the recipients of the message, in addition to the author.
      When such a reply is formed, addresses in the "To:" and "Cc:"
      fields of the original message MAY appear in the "Cc:" field
      of the reply, since these are normally secondary recipients of
      the reply.

    So this option can be used to toggle the default behaviour
    accordingly, causing the reply to go To: the sender only and
    moving and appending all recipients that were in To: to Cc:.

diff --git a/cmd3.c b/cmd3.c
index cb19e2b..c713952 100644
--- a/cmd3.c
+++ b/cmd3.c
 <at>  <at>  -345,7 +345,7  <at>  <at>  respond_internal(int *msgvec, int recipient_record)
 			rcv = nameof(mp, 1);
 	if (rcv != NULL)
 		np = sextract(rcv, GTO|gf);
-	if ((cp = hfield("to", mp)) != NULL)
+	if (! value("toascc") && (cp = hfield("to", mp)) != NULL)
(Continue reading)

Cattus | 11 May 14:48 2012
Picon

setting a password to the output of a shell command

Is this possible?

For example, replace XXXXXXXXXXX with an output of a shell
command.

set password-first.last@...=XXXXXXXXXXX

I tried the obvious
set password-first.last@...="`XXXXXXXXXXX`"
and
set password-first.last@...=`XXXXXXXXXXX`

and this didn't work.

Thanks.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Martin Neitzel | 11 May 16:55 2012
Picon

Re: setting a password to the output of a shell command

CR> I tried the obvious
CR> set password-first.last@...="`XXXXXXXXXXX`"
CR> and
CR> set password-first.last@...=`XXXXXXXXXXX`
CR> and this didn't work.

The following sequence of nail commands will do:

	! echo "set password-first.last@...='$(date)'" > tempfile
	source tempfile
	! rm tempfile

You can issue these commands at nail's "?" prompt for a first test
and wrap them into a macro later (SEE ALSO:  "define").

Quoting is (as always) a bit trickyL:

In the first command, the double-quotes will be regarded by the shell,
the single-quotes will be part of the effective nail command and protect
white space _there_..  Upon check, the value string will be displayed
with double-quoting:

	? set
	[...]
	password-first.last@...="Fri May 11 16:37:55 CEST 2012"

The "tempfile" should be put into a non-public readable directory if you
care about the possible information leak.

						Regards,
(Continue reading)

Steffen Daode Nurpmeso | 12 May 14:14 2012

Re: New toascc option

"Křištof Želechovski" <yecril71pl <at> gmail.com> wrote:

 | Dnia środa, 9 maja 2012 15:29:24 Steffen Daode Nurpmeso pisze:
 | > No regressions yet.
 | > I know the name is sick.
 | > 
 | >     Add *toascc* option..
 |
 | How about --tocc instead?
 | Chris

I've already redid it as *recipients-in-cc*.
And i'll repost that patch (identical except for this name)
as a part of a series that also (tries to) add(s) reasonably
acceptable support of the Mail-Followup-To: header that is
often used on mailing-lists, once that is really ready - it
isn't yet.
I think it's useful.  Don't you use it if you don't.

--steffen
Forza Figa!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
nail-devel mailing list
(Continue reading)

neitzel | 12 May 13:45 2012
Picon

Re: New toascc option

Steffen patched:
>
>     Add *toascc* option..
>     [...]
>     So this option can be used to toggle the default behaviour
>     accordingly, causing the reply to go To: the sender only and
>     moving and appending all recipients that were in To: to Cc:.

Very much appreciated, I always missed that!  (This reply is already
using the patch, and I hope Gunnar is going to include it, too.)

Because it took me some time to understand what this patch is about
(see below), here is another description for nail-devel followers:

Assume you get an email like this:

	From: a
	To: b, c
	Cc: d, e

and repyall (r/R depending on your flipr setting) to it.
Standard nail behaviour will setup these fields:

	From: you
	To: a, b, c
	Cc: d, e

With Steffen's toascc option:

	From: you
(Continue reading)

Steffen Daode Nurpmeso | 12 May 17:01 2012

Re: New toascc option

Martin wrote:

 | Steffen patched:
 | >
 | >     Add *toascc* option..
 | >     [...]
 |
 | Very much appreciated, I always missed that!  (This reply is already
 | using the patch, and I hope Gunnar is going to include it, too.)

 | Here is my attempt at wording things:
 |
 | 	onlyfromto	On group replies, address only the sender
 | 			in the new "To:" field, any other recipients
 | 			are addressed via "Cc:".  (Default behaviour is
 | 			the preserve To/Cc structure.)

Well it became

  Causes a primary reply `To:' the sender by moving the addresses
  of the recipients of the original mail to the secondary `Cc:'.

in the meanwhile, sorry :)

What is really missing in my view is Mail-Followup-To:, but i'm
not gonna make it this weekend no more.
It's not yet completely thought through, but, as [rR]esponse is
yet only an alias for [rR]eply, i thought about changing this to
honour Mail-Followup-To: if present and create Mail-Followup-To:
(group-response: without user, User-Response: with user included).
(Continue reading)

Ezequiel Garzón | 13 May 01:46 2012
Picon

Is nail supposed to verify S/MIME messages out of the box?

Hello! I know this is the second question I raise in a short time,
which is in turn related to the first. I promise there won't be a
third on this topic, but I wanted to pose the question more broadly.

Is nail supposed to verify S/MIME messages out of the box? If not, for
those of you who can successfully verif(y) messages, what changes have
you made to your settings? For example, I see in the man page
ssl-ca-dir, ssl-ca-file, ssl-cert, smime-ca-dir, smime-ca-file... and
I get the feeling that this out-of-the-box expectation may be
wishful/ignorant thinking... Needless to say, I am not very familiar
with all the concepts related to S/MIME.

Thanks and cheers!

Ezequiel

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
MJ Ray | 14 May 11:25 2012

Re: New toascc option

Steffen Daode Nurpmeso <sdaoden@...>
> And i'll repost that patch (identical except for this name)
> as a part of a series that also (tries to) add(s) reasonably
> acceptable support of the Mail-Followup-To: header that is
> often used on mailing-lists, once that is really ready - it
> isn't yet.
> I think it's useful.  Don't you use it if you don't.

There is no useful way to support Mail-Followup-To, which is
partly why it died a death at the IETF draft stage, IMO.
http://tools.ietf.org/id/draft-ietf-drums-mail-followup-to-00.txt
but it's difficult finding the discussion archive now :-/

It'd be nice to have List-Post support in Heirloom mailx, but the user
should remain in control, not ever be overridden silently by the
Mail-Followup-To problem.

Regards,
--

-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
In My Opinion Only: see http://mjr.towers.org.uk/email.html

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Gmane