http://blog.gmane.org/gmane.mail.squirrelmail.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9596 I don't have an opinion about this. Do what you feel is best. Sincerely, Fredrik ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Fredrik Jervfors 2008-09-03T09:00:11 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9595 Barbara, You should not be subscribed to this mailing list. This list is for SquirrelMail *software developers* only. You apparently have an issue with *using* the SquirrelMail software. You should contact your service provider and ask them to install the "HTML Mail" plugin. Please don't reply on this mailing list. See: http://squirrelmail.org/support/enduser.php Good luck, Paul On Tue, Sep 2, 2008 at 6:12 PM, <BarbaraInMemphis< at >aol.com> wrote: ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-09-03T01:43:49 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9594 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel BarbaraInMemphis< at >aol.com 2008-09-03T01:12:25 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9593 Anyone have any feedback on this? If no one does, what I'm thinking I'll do is commit this patch, BUT comment it out. So some code will be there to use if a vulnerability is found, but for now, the functionality will be to allow all image src URIs, since I can't find any evidence that it can be exploited. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-09-03T00:50:45 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9592 The only thing I can find is this: http://ha.ckers.org/blog/20070623/hiding-js-in-valid-images/ but it's limited to the src attribute in a script tag. I created some "hacked" gif files with JavaScript in them and IE 6 (I think this might be fixed in IE 7 too) only executes the JavaScript when it's included in a script tag. When you put that into an email, SM sanitizes the script tag before the code in question here ever sees it. So, although I'm still not convinced that there should be any restriction here at all, I created some code that does just this - it keeps the file extension check since that's not resource intensive, but if that test fails, it tries to fetch the resource (fopen, fread) and then run the content through mime_content_type() to detect the content type. The file is only then blocked if not an image file. Patch is attached (for STABLE, but should be the same or very similar for DEVEL), but again, I'm not sure we need to make any restrictions here whatsoever -- ?? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-24T07:23:21 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9591 I see. IE interprets any JavaScript loaded in a remote file unless the extension is .png, .gif, etc....? That's a bit much, now, isn't it? If this is what we are fighting, then the extension list by definition of the way IE works seems like the ONLY way to prevent the problem, that is unless we were to pre-fetch the content and scan it ourselves and judge if the content was really an image file or not. There may be a PHP algorithm out there already written to do that, so *maybe* that is possible, but short of that, it looks like we are stuck: have some HTML mails with blanks where images should really be shown or open IE users up to possible attacks via this mechanism. I am going to run a test to try to reproduce the actual IE issue you described, and I am going to look around to see if there is a way we can do a pre-fetch and make a content judgment. Short of any other ideas, though, it looks to me like the only thing we can do is let the admin decide to open themselves up to this, or to build some 2nd level of unsafe image viewing, where the user could click a *second* time to show such images - but that may not be smart, since most users may not understand the risk. Oh, would it be safe to open SM up to any image URI as long as the user agent is not IE? Update - I just tried to use an image URI that loaded a php page that serves this: <script language="JavaScript" type="text/javascript"> alert("HELLO"); </script> And in IE 6 it just gives a broken image (does NOT appear to interpret the JavaScript!), as does FF. Can anyone shed light on the actual vulnerability? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-22T19:32:59 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9590 The linked image file should contain the JavaScript. E.g.: <img src='http://example.com/example.html' /> and then example.html contains javascript instead of an image. IE will allegedly interpret the javascript in the file even though it has no business doing that as it is an image. Something like that, all from the top of my head though. Thijs ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Thijs Kinkhorst 2008-08-22T09:13:02 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9589 Hmm. Can anyone confirm this? Are there any sample URIs that we can see for this? I tried this in IE6: <img src='javascript:alert("hello")' /> Even when viewing unsafe images (and the file extension list disabled), this is replaced with the "This image has been removed for security reasons" image replacement, presumably because the text "javascript" is found and removed. So, is the actual fix for the javascript issue fixed elsewhere and the image file extension list only intended to avoid showing the "image has been removed" thing when the user does not expect it (because they already clicked to view unsafe images)? Or is there some other URI type that is the real problem here? I'm still not convinced that the list can't be removed, but am hoping anyone with more details or knowledge about the issue can voice their opinion. My thoughts exactly. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-22T08:03:34 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9588 The patch is actually by Marc. He had some discussion about it with Tomas that I could find. As far as I can distill from the mails, but it's a bit of guesswork: - IE interprets JavaScript when served within an "image" (that is, something linked from <img src="">. - Apparently (?) it doesn't do this when the file has a regular image extension, it then processes it as an image. A typical Windows way of working I guess. I'm not sure that that is what it's supposed to fix as the mails aren't too clear on that. I also don't use IE so can't easily verify this theory. You could argue that pressing View Unsafe Images leaves you on your own which is sort of true, however, my perception of the function was to prevent remote tracking, and enabling it would not directly open you up to xss. cheers, Thijs ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Thijs Kinkhorst 2008-08-22T07:44:30 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9587 According to: http://www.squirrelmail.org/security/issue/2007-05-09 'Request forgery through images. It was possible to include "images" in HTML mails which were in fact GET requests for the compose.php page sending mail. These images are now properly detected, and the compose form will only send mail through a POST request.' If this is the issue, then the fact that src/compose.php only accepts the "send" variable submission *only* in POSTs, then the image extension restriction is not necessary that I can see. Can someone tell me what I might be missing? Otherwise, I am going to look at removing that restriction list. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-22T07:31:55 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9586 It's your commit, so maybe you can help. http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?view=log#rev12370 If this code is meant to stop "request forgeries through included images", I'd like to know more about what this means, since, as I noted, it wouldn't be hard for an attacker to substitute a dynamically executed script for an "image" file on the target server. Or perhaps the file extension code is not specifically what fixed that actual issue and is only a side effect? So if the extension limitation on image files is removed, does this expose SM to some XSS or something that it's not already exposed to now? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-22T07:17:08 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9585 The problem is dat the encrypted password is stored in someone's pref file and there's no real way to store that individual's encryption key other than also in pref files or things similarly readable for those reading the pref files. As said defence against such amateur hackers that they can't decrypt something given the ciphertext, key and algorithm is not useful and only distracts from the fact that the store is actually unprotected. Ok. Thijs ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Thijs Kinkhorst 2008-08-21T11:27:45 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9584 OTOH, as long as admins know it is weak, then we've done our part, and having the weak algorithm does discourage amateur hackers. What about replacing with a known better algorithm? Isn't there somewhere we are using something better? Sure, seems OK. It was probably put there because that section is a direct rip (apparently) from Gallery. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-21T11:18:07 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9583 Hey all, I've reviewed the seeding of the random number generator we do within SquirrelMail and have found the following points: 1) The mail_fetch function uses not so secure seeding of srand(). However, the encryption used there is advertised as insecure anyway. I wonder whether we should not just remove that feature altogether. Trivially cracked encryption can be worse than no encryption because the effect is the same for an attacker but it may create some sense of security. What value does the function add if it's trivially cracked? 2) php_combined_lcg() in global.php seeds the random number generator in a not so secure fashion. I believe we should just rip out this seeding and replace it with a call to sq_mt_randomize() instead so we have this code only in one place. 3) The behaviour of sq_mt_randomize() itself needs to be reviewed. We currently re-seed it with several unpredictable values. We need to find out whether re-seeding it actually adds randomness or just 'resets' the thing so only the last one is useful. PHP doesn't require seeding for versions 4.2 and up, but the PHP implementation is reportedly limited in randomness unfortunately. The newest suhosin patch is supposed to address that. cheers, Thijs ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Thijs Kinkhorst 2008-08-21T10:12:12 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9582 I would say "yes" to this, but would be curious where the original idea comes from. Isn't that tracable in the commit log? Thijs ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Thijs Kinkhorst 2008-08-21T09:58:06 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9581 All, I was looking at an HTML email today that had an image URI that was an .asp file. SM blocked it, even when I clicked to view unsafe images.... and that's because of the .asp file extension. SM replaces all images in HTML view with a blank image unless they are simple image files with .jpg, .gif, .jpeg, .xjpeg, .jpe, .bmp, .png, or .xbm extensions. In today's world, I think there are probably a lot of images being served dynamically, with URIs that have PHP, JSP, ASP or some other file extension. So, in a lot of cases, these should be allowed and are not necessarily threatening or ill-intentioned. Can someone explain the rationale of keeping the list more restricted? What can a malicious image URI do if we open the list up to such file extensions? Really, if an attacker wanted to do something here, they could easily circumvent this restriction by putting a URI with a "valid" (say .png) extension that was really a php file that is dynamically executed on the target server. So what does SM *GAIN* by keeping this list of known image extensions? (What we *LOSE* is proper display of many valid HTML mails for our users.) My feeling is that this should be addressed by either removing the restriction list completely, adding .asp, .php, .jsp, and any other common types, or putting a new configuration value in the config file for admins who would like to do this themselves. Thoughts please? - Paul ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-21T01:30:26 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9580 I read through the changes in commit 13263[1]. Fair enough. Thanks. Sincerely, Fredrik [1] http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/trunk/documentation/devel/devel.sgml?r1=13263&r2=13262&pathrev=13263 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Fredrik Jervfors 2008-08-18T09:46:39 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9579 On Sat, Aug 16, 2008 at 9:08 PM, Pablo Álvarez de Sotomayor Posadillo <i02sopop< at >gmail.com> wrote: This is in our SVN now. Thanks again! ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-17T04:31:59 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9578 Paul> Additionally, if base64_decode() returns FALSE, we need to Paul> add one more line ABOVE the while statement so that the Paul> return value is initialized (otherwise, it should generate a Paul> PHP notice): Paul> $parsed = array(); You are right once again, I'm just thinking about it. I attach the patch. Regards Pablo Álvarez de Sotomayor Posadillo 2008-08-17T04:08:01 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9577 Paul> The reason I chose !== was because with stable code, we need Paul> to treat the rest of the code as a black box and touch as Paul> little as we can with any changes, and the !== means it will Paul> only test for a single condition (the one initially Paul> identified, where base64_decode() returns specifically Paul> FALSE), whereas != can catch any other value that can be Paul> evaluated as FALSE such as 0, "", array(), and "0". It is Paul> not good to make assumptions about the meaning of those Paul> other possible values. Paul> So, if we continue on that track, we'd have to add another Paul> type-specific check, but I'm now going to step away from the Paul> black box approach and look inside the loop, where we can Paul> see that it is clear that any of the other types that can be Paul> cast as boolean FALSE are not expected therein. Therefore, Paul> the better solution is (and please, if you don't mind, test Paul> this and let us know if it works OK): Paul> while (!empty($challenge)) { Yes, it's work ok. I'm agree with you in the reasoning, and clearly the best solution is that. Regards Pablo Álvarez de Sotomayor Posadillo 2008-08-17T04:01:38 http://permalink.gmane.org/gmane.mail.squirrelmail.devel/9576 Although that would also be expected to generate more notices in digest_md5_response(), and although technically there should be some more robust error checking here, I think the overall assumption is that if you get that far, you have bigger problems (this functionality not configured correctly on the server). ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel< at >lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel Paul Lesniewski 2008-08-17T03:45:31 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.mail.squirrelmail.devel