[ZendTo] No error when somebody tries to use ZendTo as an open relay

Santiago Garcia Mantinan manty at manty.net
Fri May 12 23:08:15 BST 2017 

> Do you still see the Edge problem you mention with the newest
> show_dropoff.tpl in place? Or is there now an error message?

Yes, the problem is still there and still the empty page.

The problem was seen on a fully up to date edge version on windows 10
1703 (15063) fully patched.

> Can you send those other patches here as well? I'm going to try to get what
> I can sorted out this weekend, so after a few more days testing I hope to be
> able to do a new production release.

Ok, these are the other problems I have spotted, hope the cut and
paste doesn't break things...

A string that was not on the config and so it could not be translated,
of course the string must then be moved to the config file:

--- opt/zendto/www/dropoff.php  2017-03-30 14:18:04.000000000 +0200
+++ /opt/zendto/www/dropoff.php 2017-05-11 13:32:50.727543959 +0200
@@ -104,7 +104,7 @@
                                           $authExpiry);
       if (! $result) {
         $theDropbox->SetupPage();
-        NSSError("Sender address verification subsystem
failure.","Authentication Failure");
+        NSSError($smarty->getConfigVars('ErrorAuthenticationFailure'),"Authentication
Failure");
         $smarty->display('new_dropoff.tpl');
         exit;
       }

Recaptcha through proxy:
We are running things over a proxy where we are limiting the urls and
other stuff, we use the recaptcha.google.com site instead of the
generic one and also we setup the proxy. This is just an example, the
proxy should of course be on the config file and then the code setup
the array acordingly, but this is working well for now.

--- opt/zendto/www/ReCaptcha/RequestMethod/Post.php     2017-03-30
14:18:04.000000000 +0200
+++ /opt/zendto/www/ReCaptcha/RequestMethod/Post.php    2017-05-11
13:20:28.938182860 +0200
@@ -38,7 +38,7 @@
      * URL to which requests are POSTed.
      * @const string
      */
-    const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
+    const SITE_VERIFY_URL =
'https://recaptcha.google.com/recaptcha/api/siteverify';

     /**
      * Submit the POST request with the specified parameters.
@@ -55,6 +55,7 @@
         $peer_key = version_compare(PHP_VERSION, '5.6.0', '<') ?
'CN_name' : 'peer_name';
         $options = array(
             'http' => array(
+                'proxy' => "tcp://proxy:3128",
                 'header' => "Content-type:
application/x-www-form-urlencoded\r\n",
                 'method' => 'POST',
                 'content' => $params->toQueryString(),

Strings at opt/zendto/www/js/jquery.dataTables.js: there are some
strings that should be translated there, they are for the new paging
code, the this.oLanguage variable is set with the strings, but I
didn't see a way to change this other than the .js file itself :-?

Regards.
-- 
Manty/BestiaTester -> http://manty.net

More information about the ZendTo mailing list