What happened to the toaster?

2,443 views
Skip to first unread message

Hank Eskin

unread,
Apr 5, 2011, 10:56:20 PM4/5/11
to Bill's Linux Qmail Toaster

I found a Debian version on Sourceforge, but www.shupp.org/toaster no
longer exists, and it just re-directs to Bills blog with no mention of
the toaster anywhere.

Is the Qmail toaster dead?

Thanks.

Bill Shupp

unread,
Apr 5, 2011, 11:36:43 PM4/5/11
to qmail-...@googlegroups.com, Hank Eskin

Yes. The TLS patch used in this toaster had a security problem which I was notified about recently.  The options were to upgrade the patch or take it down.  I don't use Qmail anymore, and have no need to maintain it.  Since I've not had any luck soliciting new leadership on this project, I took it down.

You can find the source of the toaster, as well as related patches, on github here:

https://github.com/shupp/legacy-qmail-related

The source code of the toaster itself was maintained here:

https://github.com/shupp/toasterdoc

Feel free to fork and repost somewhere else.

Regards,

Bill

Jeff Koch

unread,
Apr 6, 2011, 8:19:48 AM4/6/11
to qmail-...@googlegroups.com
Hi Bill:

Where would I find the text of the instructions provided previously on your website?

Jeff

Jeff Koch

unread,
Apr 6, 2011, 8:23:04 AM4/6/11
to qmail-...@googlegroups.com
HI Bill:

I didn't know you where taking it down. Any chance that you can put the site back up for a couple of days so we can copy off what we need?


Jeff

On 4/5/2011 11:36 PM, Bill Shupp wrote:

Hank

unread,
Apr 6, 2011, 9:20:11 AM4/6/11
to qmail-...@googlegroups.com
Hi Bill,

  Thanks for the logical  explanation... Might I suggest you put an easy to see/find notice on your blog/website to this effect?  I easily spent 30 minutes trying to find the Qmail toaster I've come to know and love after all these years and I'm fairly disappointed that it's now gone.  I had planned on creating one or two more Qmail toasters this year, so now I'm not sure what I'm going to do.  I'm not sure where to start with the github source.

Also, what about leaving the toaster up with a big disclaimer about the TLS patch security problem and let people use at their own risk?

Best,

-Hank

Tom Collins

unread,
Apr 6, 2011, 10:07:47 AM4/6/11
to qmail-...@googlegroups.com
I think Bill's message is clear that the toaster docs (HTML) and source files are on github. 

-Tom
(Sent from my phone; forgive my brevity)

Hank

unread,
Apr 6, 2011, 12:21:13 PM4/6/11
to qmail-...@googlegroups.com
Hi Bill,

 I downloaded the stable code from github and uploaded it to a server running PHP 5.3.6 with mbstring.  The site won't load.  I've installed PEAR, but the code is still looking for, and can't find  BTS.php.  Is this a required PEAR package? Any other requirements to run the toaster locally?

Many Thanks,

-Hank

Bill Shupp

unread,
Apr 6, 2011, 12:46:39 PM4/6/11
to qmail-...@googlegroups.com, Hank
Here's the email I got from Frederik Vermeulen, author of the TLS patch for qmail, on April 2:

#################################
Hello,

you were concerned in the development and/or packaging of qmail tls patch.
I have been notified by cert of a (relatively low-impact) flaw that has been made public today.

See http://www.kb.cert.org/vuls/id/555316

A patch is on http://inoa.net/qmail-tls/vu555316.patch
A new version of the complete qmail-tls patch is on http://inoa.net/qmail-tls/netqmail-1.06-tls-20110119.patch

Thank you for reviewing and/or packaging this fix.

Regards,

Frederik

#################################

This was sent to any concerned parties, including folks that wrap it into larger cumulative patches, like myself.

Here's a direct download link for the most recent qmail-toaster patch on github:

https://github.com/shupp/legacy-qmail-related/raw/master/patches/qmail-toaster-0.9.1.patch.bz2

According to the notes at the top, it uses this version of the TLS patch:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20070408.patch

So it's out of date, and needs to be updated.


For those of you wanting to try and run the toaster docs yourself, the BTS.php template class is available here:

https://github.com/shupp/BTS/blob/master/branches/BTS/BTS.php

Just put it in your include_path for PHP.


Lastly, I did make an attempt a couple of years ago to move the toaster over to source forge.  It appears to still be there:

http://billslinuxqmail.sourceforge.net/toaster

Looks like Rick Widmer did some work on it, so I can't speak to its current state.  But you're welcome to try that out.  At least the translations work!


Sorry for the short notice folks, but given the security issue, it was the right thing to do.

Regards,

Bill

Hank

unread,
Apr 6, 2011, 1:35:18 PM4/6/11
to qmail-...@googlegroups.com

Thanks again, Bill.

I got the Qmail Toaster page running locally (<relieved>),  and just to summarize for anyone else who might try this, here are the steps I followed:

1. Downloaded Stable release from Github from here: https://github.com/shupp/toasterdoc/tree/master/branches/stable
2. Uploaded branches/stable to my webserver running PHP 5.3.6 with mbstring
4. Installed Bill's BTS.php from https://github.com/shupp/BTS/blob/master/branches/BTS/BTS.php (all you need is the BTS.PHP file from branches/BTS). I put this in the same web directory as the toaster.
5. Installed I18Nv2 using this command:   pear install channel://pear.php.net/I18Nv2-0.11.4

And it now works great. 

One last request.. can you make the /patches directory available again on your site (even briefly) so I can archive these patches which are now 404:


Thanks,

-Hank


Bill Shupp

unread,
Apr 6, 2011, 1:45:07 PM4/6/11
to qmail-...@googlegroups.com, Hank
Those patches are in the legacy-qmail-related repository on gihub.  The entire patches directory is.

Bill

Jason Frisvold

unread,
Apr 6, 2011, 1:19:46 PM4/6/11
to qmail-...@googlegroups.com
On 04/05/2011 11:36 PM, Bill Shupp wrote:
> take it down. I don't use Qmail anymore, and have no need to maintain

I'm curious. What do you use now? And why?

> Regards,
>
> Bill


--
---------------------------
Jason Frisvold
xenop...@gmail.com
---------------------------
"I love deadlines. I like the whooshing sound they make as they fly by."
- Douglas Adams

Bill Shupp

unread,
Apr 8, 2011, 1:17:52 PM4/8/11
to qmail-...@googlegroups.com
In the past I ran a hosting company that hosted mail internally, which was my need for qmail.  I only have a need for personal mail hosting these days, so I just use Google Apps.

Bill

Tarique Saleh Mahmud

unread,
Apr 8, 2011, 1:28:29 PM4/8/11
to qmail-...@googlegroups.com

Hi Bill,

 

I follwed your instruction from http://billslinuxqmail.sourceforge.net/toaster/ and running one mail server using qmail-toaster. Appricate if you please advise me whether I am in risk or I have to update anything to avoid the risk.

 

Thanks,

 

Tarique

Bill Shupp

unread,
Apr 8, 2011, 1:38:10 PM4/8/11
to qmail-...@googlegroups.com
I don't maintain those, Rick Widmer does.  I only started it.  I'd refer to my earlier post on this thread regarding the TLS email and the qmail-toaster patch version.

Regards,

Bill
Reply all
Reply to author
Forward
0 new messages