[WSSMAIL-7] Add ability for zero-trust type authentication

PHREAKSCRIPT-60
phreak script install failed without --version 22

PHREAKSCAN-2
Improve automation

PHREAKSCAN-1
Raw data upload restricted to 15M

DAHLIN-9
DAHDI Linux: Build failure against next kernel

LBBS-47
Email enhancements

PHREAKSCRIPT-59
Add PhreakScript option to enable EMPULSE

LBBS-80
mod_mimeparse: Occasional segfault when running tests

LBBS-78
node.c: node->ip can be NULL

LBBS-77
test_terminals: Test is now flaky

LBBS-79
Makefile: cp -n is deprecated

PHREAKNET-53
Change in IP address for hosted lines

LBBS-70
mod_smtp_delivery_external: Use SRS for externally forwarded messages

PHREAKSCRIPT-58
sig_analog: Allow hearpulsing gain to be adjusted

PHREAKSCRIPT-57
res_alarmsystem: Segfault due to calling ast_dtmf_stream on NULL channel

ASTERISK-122
res_pjsip_device_features: Excessive refcount on endpoint object

ASTERISK-135
Mutex errors on FreeBSD

LBBS-75
net_smtp: Allow plain text delivery if requirestarttls is false

PHREAKSCRIPT-55
dahdi_tool not installed

ASTERISK-134
chan_dahdi: Improve configuration validation

PHREAKSCRIPT-52
res_alarmsystem: IP loss reported even if no outage

LBBS-76
net_imap: Remote MOVE/COPY operations fail in some circumstances

PHREAKNET-46
Polycom IP phones not provisioning

PHREAKSCRIPT-43
Add spanconfig command

PHREAKSCRIPT-56
DAHDI Tools: Apply unmerged patches

ASTERISK-131
chan_dahdi: Automatically update time when DST starts/ends

ASTERISK-130
Verify that res_xmpp can compile and be used

WSSMAIL-5
Add full attachment support

DAHTOOL-5
Disabling span auto-assignment implodes kernel

PHREAKNET-52
Cisco end of CSR signing support

LBBS-74
net_ssh: Sessions persist even when they no longer exist

LBBS-18
net_ssh: High CPU trying to end SSH session

ASTERISK-106
chan_pjsip: Modify From header appropriately for unavailable presentation

ASTERISK-124
app_mixmonitor: Allow cancelling in-progress recording/recipients

ASTERISK-129
core: Add ref/unref for ast_moh callbacks

PHREAKSCRIPT-54
Replace LOAD_STR_INT with ast_yesno

ASTERISK-128
Rename ast_sip_presence_xml_ functions

ASTERISK-127
func_codecs: view/update codecs

DAHLIN-8
Readd native SF support

ASTERISK-126
chan_iax2: Add fixed jitterbuffer

PHREAKNET-49
ML model for 3-slot coin detection

ASTERISK-125
app_voicemail: Warning when hanging up during playback

ASTERISK-48
func_devstate: Delete empty from AstDB

ASTERISK-108
config.c: Investigate and fix various config file rewrite bugs

LBBS-25
mod_mail_trash: Attempts to open files as directories

PHREAKSCRIPT-53
app_george: Cancel in-progress recording if nobody said anything

LBBS-30
net_nntp: Complete overhaul/rewrite to use maildirs

INTERLINKED-20
Closing multiple issues simultaneously doesn't work

PHREAKNET-47
Add automation for bill mailings

PHREAKSCRIPT-51
Add 32-bit/ARM builds

DAHLIN-7
Mega-issue to upstream out-of-tree DAHDI patches

ASTERISK-123
app_voicemail: Add ability to disable "thank-you" when ending voicemail

PHREAKSCRIPT-50
app_acts: Finish fine tuning and bug fixes

LBBS-2
module.c: Improve module loading process

SLACK-4
Slack client exits due to SSL_ERROR_ZERO_RETURN

ASTERISK-83
res_pjsip_device_features: Add forwarding and DND synchronization

PHREAKSCRIPT-42
Syntax Error on chan_dahdi

PHREAKSCRIPT-48
res_alarmsystem.conf.sample: Config is not commented by default

WSSMAIL-10
Can scroll down past bottom of page on larger screens

PHREAKSCRIPT-49
wanpipe doesn't compile above 6.1 kernel

LBBS-73
net_imap: Invalid memory access client->imap->tag

LBBS-21
net_imap: Proxy clients orphaned without associated IMAP session

LBBS-19
tls.c: Occasional SEGV at shutdowns of TLS connections

DAHLIN-6
Frame relay broken

PHREAKSCRIPT-47
make webvmail

PHREAKSCRIPT-46
menuselect

PHREAKSCRIPT-45
TDMoIP driver module

PHREAKSCRIPT-44
Finish ADSI applications

DAHTOOL-4
dahdi_genconf: Hangs when run initially after span assignment

WSSMAIL-6
Add option to auto-reconnect if disconnected

PHREAKSCRIPT-41
Create virtual modem application using softmodem

PHREAKNET-41
Allow for more granular billing based on switch ZIP code

PHREAKNET-33
Finish TSPS web console

ASTERISK-121
Upstream PhreakScript patches

ASTERISK-82
app_queue: Allow queue strategy to be manipulated externally

ASTERISK-101
func_tonedetect: 2600 Hz detection not working or suboptimal

LBBS-72
mod_webdav: Add WebDAV support

LBBS-71
Limit registrations from same IP within a certain amount of time

LBBS-57
Occasional 100% CPU usage on SSH session termination

ASTERISK-120
app_senddtmf: SendDTMF failure if not answering channel

ASTERISK-119
app_dial: Progress timeout doesn't cause Dial to exit

TEST-1
Test issue

ASTERISK-117
app_voicemail: Pager email generation is broken

LBBS-31
mod_sieve: Major Sieve filtering overhaul and improvements

ASTERISK-118
chan_iax2: Improve encryption support

LBBS-60
Prevent clients from monopolizing nodes (DOS)

DAHTOOL-3
Compilation warnings on 32-bit (i686)

LBBS-14
net_imap: SEGV in strncmp

WSSMAIL-11
Use accurate hyperlinks for folders

WSSMAIL-1
Preview pane doesn't take up allotted space

WSSMAIL-2
Implicitly mark messages read when deleting

LBBS-12
mod_webmail: client_flush_pending_output infinite loop

LBBS-50
mod_chanserv: NULL dereference when joining IRC channel

LBBS-68
scripts: Improve backup script error reporting

LBBS-26
server_setup.sh: Autocreate all default directories

LBBS-54
mod_mailscript: Add RECIPIENT condition

LBBS-55
net_telnet: Don't use strerror if res is 0

LBBS-67
net_ftp: Set node protocol to FTPES if using Explicit TLS

ASTERISK-116
app_dial: Strange/broken behavior with 'U' option

LBBS-62
net_imap: IMAP client frequently fails for Microsoft accounts

LBBS-53
Assertion when forwarding to external recipient

PHREAKSCRIPT-40
res_msp: Indentation messed up

PHREAKSCRIPT-32
app_alarmsystem: Add alarm system application

INTERLINKED-13
Comment and Close doesn't close issue

PHREAKSCRIPT-31
phreaknet config does not update verify.conf

PHREAKSCRIPT-27
res_msp not patched in during install

PHREAKSCRIPT-26
format_mp3 prereqs not always available

SLACK-1
slack-client: Deadlock when relaying messages

SLACK-5
Failed to receive reply... when message sent

LBBS-69
net_ssh: SFTP uploads fail with WinSCP

WSSMAIL-15
Allow navigating messages using arrow keys

DAHLIN-4
Improve manual span assignment process

ASTERISK-115
chan_iax2: Some pattern matches ignored if included in incoming context

DAHLIN-5
FXO rings off hook when rotary dialing on the line

ASTERISK-114
chan_iax2: DP cache warning when using switch

ASTERISK-113
app_disa: Unrecognized option when providing context

ASTERISK-15
chan_dahdi: Allow sending SDMF Caller ID

ASTERISK-104
Improve dahdi show channels output

ASTERISK-112
chan_dahdi: Raw power ring audible on recall ring from IAX2 to DAHDI

ASTERISK-22
general: Fix various typos

ASTERISK-111
chan_dahdi: MWI while off-hook when hung up on after recall ring

ASTERISK-64
chan_dahdi: autoreoriginate doesn't work if caller hung up on

ASTERISK-105
chan_dahdi: Add CLI command to display line voltages

ASTERISK-88
chan_dahdi: Add ADSI on-hook download support

ASTERISK-110
chan_iax2: Implement MWI

PHREAKSCRIPT-29
res_phreaknet: Don't try making API requests if not a PhreakNet node

ASTERISK-109
voicemail.conf.sample: Clarify misnamed option behavior

INTERLINKED-17
Blog: Issues with tag editing and viewing

LBBS-15
smtp: Locking errors, deadlock when queue runs during delivery

ASTERISK-68
res_pjsip_sca: Segfaults on startup with SCA

PHREAKSCRIPT-39
Add optional flag to not update system first

PHREAKSCRIPT-38
res_phreaknet: Increase cURL timeouts

LBBS-32
mod_spamassassin: Improve default spam handling

PHREAKSCRIPT-37
app_softmodem: Support speeds higher than 2400bps

LBBS-59
Add HTTP endpoint for updating IRC presence automatically

PHREAKSCRIPT-36
app_audichron: Tone not working after announcements

PHREAKSCRIPT-35
app_mail: SendMail returns SUCCESS

LBBS-66
logger: Add rate limiting of log messages

INTERLINKED-15
Improve paging API

ASTERISK-107
indications.conf.sample: Add confirmation tone

LBBS-65
net_smtp: Allow internal trusted hosts to be exempt from protocol violation checks

INTERLINKED-16
Add option to not be notified about user's own issues

LBBS-16
io_compress: Occasional memory corruption on shutdown

WSSMAIL-14
Checkbox range selection doesn't always work reliably

PHREAKSCRIPT-34
app_verify: Check additional headers for STIR/SHAKEN attestation

PHREAKSCRIPT-33
verify.conf: Flag invalid NXXs as illegitimate for NANPA calls

LBBS-64
mod_operator: Crash with more than 64 options?

ASTERISK-19
chan_dahdi: Remove sig_analog paths

LBBS-61
net_imap: Soft assertion in parse_flags_string

LBBS-63
net_imap, io_compress: Spurious warnings if quota exceeded

ASTERISK-93
chan_dahdi: DSP optimizations

PHREAKSCRIPT-30
MD5/RSA authenticated calls frequently fail

PHREAKNET-45
Operator system PSPs are outdated

LBBS-46
Block malicious mail servers after repeated failures

WSSMAIL-13
Improve multi-INBOX navigation

WSSMAIL-12
Add one-click "Not junk" button

LBBS-22
mod_mail_trash: Eliminate bbs_pthread_cancel_kill

LBBS-6
Add menu system scripting engine

LBBS-58
net_irc: Make ping interval adjustable

ASTERISK-103
GitHub Issue 661 was not autoclosed by PR

PHREAKSCRIPT-28
app_predial: Failure to retrieve user agent property

PHREAKNET-44
Show only sum of message units used per month on bills

ASTERISK-96
asterisk.adsi: Add Call Waiting Deluxe integration to resident script

LBBS-56
net_snpp: Add Simple Network Paging Protocol support

ASTERISK-102
app_voicemail: Play RDNIS if present when listening to envelope

ASTERISK-46
dsp.c: Remove ast_ prefixes for static functions

ASTERISK-52
dsp.c: Add ast_freq_reset

PHREAKSCRIPT-20
dsp.c: coin DSP patch breaks faxing

WSSMAIL-9
Sent email uploads can fail due to relative host difference

SLACK-3
examples: Add example program to log everything to a CSV

LBBS-52
net_smtp: Add limited support for VRFY and EXPN

PHREAKNET-42
Provisioning fails for lines with certain features

ASTERISK-100
chan_dahdi: PRI lock held at module unload

LBBS-51
General TDD improvements

PHREAKNET-39
Splice Fred Covington prompts for speaking clock

PHREAKSCRIPT-25
chan_sccp no longer compiles

PHREAKNET-40
Recent Change provisioning bug increments device name by 1

ASTERISK-99
pjsip: Add Cisco CUCM patch functionality

ASTERISK-98
Add hangup callbacks

ASTERISK-97
func_groupcount: Add group vars

LBBS-49
Add functionality expected of a traditional BBS package

LBBS-48
net_irc: Support multi-server networks

WSSMAIL-8
Add NNTP support and IRC integration

EVERGREEN-3
Add NNTP support for newsgroups

PHREAKSCRIPT-24
DAHDI builds in GitHub CI occasionally fail due to IPv6

PHREAKSCRIPT-23
res_phreaknet: Increase cURL timeout

PHREAKSCRIPT-22
Add framehook to display dialed digits

PHREAKSCRIPT-21
app_looparound: Add LoopAround application

ASTERISK-95
testsuite README: Update outdated references

ASTERISK-94
app_chanspy: Fix bad audio with single direction operation

LBBS-45
Use isoexec whenever possible

CAMI-1
Action Originate Returns -1

EVERGREEN-2
Navigation breaks when requirefromhelomatch=no in LBBS

ASTERISK-92
config.c: ast_variable_update doesn't update all instances

PHREAKSCRIPT-19
app_verify: Double free

PHREAKSCRIPT-18
Add better test coverage for 32-bit systems

PHREAKSCRIPT-17
res_phreaknet: iax.conf, et. al. are truncated when there is no disk space left

LBBS-44
io_tls: TLS errors when no certs are defined

LBBS-43
mod_discord: Improve handling of in-thread replies

LBBS-42
mod_discord: Actions not relayed properly from IRC

LBBS-41
socket.c: SEGV in bbs_node_readline

ASTERISK-91
features.c: Add warning to not set BRIDGE_NOANSWER as global variable

ASTERISK-90
chan_iax2: Add log message for rejected calls

ASTERISK-89
app_stack: Print proper exit location for PBXless channels

ASTERISK-87
asterisk.c: Prevent creation of duplicate Asterisk processes

ASTERISK-86
app_confbridge: Channel can join wrong bridge due to race condition

ASTERISK-85
chan_pjsip: Add channel encryption integration

ASTERISK-84
Add 'core show variables' command

ASTERISK-81
format_lame: MP3 read and write with LAME library

ASTERISK-80
app_record: Add RECORD_TIME function

ASTERISK-79
config.c: Make ast_variable_retrieve return last match

ASTERISK-78
sig_analog: Add Last Number Redial

ASTERISK-77
sig_analog: Add Call Waiting Deluxe support

LBBS-40
net_smtp: Add additional loop avoidance mechanisms

LBBS-39
net_smtp: Occasional memory corruption on email delivery

LBBS-38
mod_smtp_mailing_lists: Allow dynamic membership

LBBS-37
Restrict outgoing port 25 from containers while allowing other traffic

LBBS-36
net_telnet: Improve protocol support

LBBS-35
net_acap: Add ACAP protocol support

LBBS-34
net_xmpp: Add XMPP protocol support

LBBS-33
net_imap: Add/standardize commands to modify or purge keywords

ASTERISK-76
app_dial: Allow MOH until progress received

ASTERISK-75
chan_dahdi: Add Call Hold feature

ASTERISK-74
chan_dahdi: Add AMI event for callwaiting

ASTERISK-73
chan_dahdi: Hunt to next trunk in group if busy

ASTERISK-72
chan_dahdi: Move documentation to separate file

PHREAKNET-38
Send reminder emails if requests are pending

WSSMAIL-7
Add ability for zero-trust type authentication

LBBS-29
net_irc: Add reminder bot

LBBS-28
mod_discord: Warn users if IRC users are not online

LBBS-27
mod_irc_relay: Allow relaying of away/here status

PHREAKSCRIPT-16
app_selective: Missing pause after add/delete/instructions prompt

ASTERISK-71
app_if: ElseIf executed even if If is true

ASTERISK-70
loader.c: Print module build opt sums if they differ

ASTERISK-69
res_cli_originate: Allow specifying Caller ID on CLI

DAHTOOL-2
dahdi_cfg: Compiler warnings

DAHLIN-3
build: Compiler warnings

PHREAKSCRIPT-15
app_dialtone: t option should exclude matches that include #

LBBS-24
build: Pre-reqs don't compile on Fedora

LBBS-23
net_smtp: DMARC reports not sent due to rejection of localhost

LBBS-20
node.c: Occasional race conditions during node shutdown cause deadlock

LBBS-17
Temporary files not always cleaned up

LBBS-13
pty.c: Attempt to lock previously destroyed mutex

ASTERISK-67
voicemail.conf.sample: maxsilence/minsecs trigger warning

ASTERISK-66
app_sf: ReceiveSF not detecting incoming SF

PHREAKNET-37
Chirp should be audible upon on-hook of calls on a 2600 trunk

ASTERISK-65
sig_analog: Allow simple switch to time out to dialplan

LBBS-11
door_evergreen: Use isonetexec instead of exec

EVERGREEN-1
Use default identity per folder

SLACK-2
README: Add missing pre-reqs

WSSMAIL-4
Add PHPMailer support for format=flowed

← All Issues || New Issue →

Sort Normal || Priority

Details

Category: wssmail

Type: New Feature

Severity: Minor

Priority: Low

Resolution Effort: Major

Visibility: Public

Topic:

Milestone:

External Link:

Reported: 6/28/2024 8:07 AM

Last Active: 6/28/2024 8:07 AM

Status: Open

Reporter: InterLinked

Watching: InterLinked

Assigned To: Nobody

Current webmail applications have a lot of trust put in them by their users, who directly provide their IMAP/SMTP usernames and passwords to the webmail application. Doesn't matter if the webmail application and mail server are operated by the same entity (think Gmail.com), but more so if the webmail application is completely separated and operated by a third-party that is neither the end user nor the mail server. This is the case for some users of wssmail, who use this application as an alternative to the native webmail interfaces for mail servers that are not very accessible for some clients.

Currently, these users are forced to trust us with their username and password and hope nothing goes wrong. Prior modifications made it so the server doesn't even store this information directly; this information is sent by the client as needed so mail server credentials are never stored at rest by the server (and are only stored encrypted by the client). However, at some point, they are processed by the server. The user just has to trust the application isn't malicious to some extent, and while we aren't, it would be great to do even better and have mechanisms that don't require the server ever seeing the plaintext credentials at all.

For example, PAKE (Password authenticated key agreement) is an interesting concept here.
CRAM-MD5 is also interesting since it allows digest authentication. Unfortunately, it requires the server storing the plaintext password, which is not a good property. Otherwise, it would be great since challenge-response is an excellent approach for this kind of application.
OAUTH2 support will become more important as more major mail providers continue to make basic authentication harder to use, resulting in projects like this: https://github.com/simonrob/email-oauth2-proxy - it would be neat if the OAuth2 transaction process could be implemented in some kind of low/no-trust manner here.
If connecting to an LBBS mail server, the user's .imapremote can contain credentials for other mail servers, allowing a single webmail session to access many IMAP servers at once. However, not every user may be comfortable putting their mail server credentials on a file in plain text that is permanently stored on the BBS (even if it's private in their home directory - maybe they don't trust the sysop!) A nice enhancement would be to have the ability to store this information locally on the client and send it on demand over the Websocket connection to the LBBS server, which can on the fly apply this for that particular connection. Similar to how password authentication is done now. This means none of this information is ever stored permanently by the mail server, and a sysop would have to be more intentionally malicious to intercept credentials.

Comments

You must be logged in to leave a comment.