From: Mark Daniel [Mark.Daniel@wasd.vsm.com.au]
Sent: Wednesday, September 06, 2000 7:04 PM
To: Info-VAX@Mvb.Saic.Com
Subject: Re: Problems with yahMAIL

Hi Fabio,

thanks for an excellent problem report ... all the info possible, plus
you've obviously tried to solve it yourself (evidence: YAHMAIL$CHECK).

You must have authentication and authorization up and running on your
Apache.  This *must* trigger a browser authentication dialog on the path
"/cgi-bin/yahmail/~".  If you are not getting that dialog you cannot use
authenticated yahMAIL, it checks for the REMOTE_USER CGI variable.  I
cannot help you with setting up VMS Apache authorization, it's something
I haven't tackled yet.  Perhaps when you've succeeded let me know the
basics and I'll include it in the yahMAIL documentation.

Also, I doubt Apache will supply an AUTH_GROUP (the middle 1\2\3 string,
which is a WASD-ism allowing greater granularity on authorization
processing), so you'll probably need to change the private section of
the configuration file to:

  [private]
  becherini\*\postmaster
  *\*\*

PLEASE NOTE:  Apache 1.3.9 will support yahMAIL's MIME processing for
non-text inclusions.  If you upgrade to 1.3.12 IT WILL NOT.  My
investigations indicate that it is *impossible* to send a binary stream
from a script to the 1.3.12 Apache server as it *insists* on adding a
<CR><LF> to each record (which needless-to-say breaks any non-textual
response).  The VMS Apache team have been notified and are currently
addressing the issue.

If you would like to *play* with authenticated yahMAIL before getting
Apache authentication going then you can fudge the REMOTE_USER
variable.  Remember, this can compromise your mail because with this
active anyone accessing private yahMAIL will get your account's (which
in an experimental setup probably won't be a big problem).  Edit the
APACHE_ROOT:[CGI-BIN]YAHMAIL.COM and add a third-to-last line so that it
looks like the following:

  $ REMOTE_USER = "becherini"
  $ yahmail = "$" + exeDir + fileName + "_" + archName
  $ yahmail "''P1'" "''P2'" "''P3'" 

Obviously remove this before putting it into production :^)

Hope this helps, Mark Daniel.

becherini@vortex.ufrgs.br wrote:
> 
> _______________________________________________________________________________
> 
>         Hi !
> 
>         The environment is:
> 
>   DIGITAL TCP/IP Services for OpenVMS Alpha Version V5.0A
>   on a AlphaServer 800 5/500 running OpenVMS V7.2
> 
>   Apache/1.3.9 Server
> 
>   yahMAIL version 1.3, 4th May 2000
> 
>         yahMAIL has been installed with:
> 
>                 @BUILD_YAHMAIL MIME LINK
> 
>                 @INSTALL INSTALL APACHE
> 
>         Here is the configuration file:
> 
> ----------------------------------------------------------------------
> [#] example WASD YAHMAIL configuration file
> 
> [body]
> BGCOLOR="#ffffff" TEXT="#000000" LINK="#0000ff" VLINK="#00000066"
> 
> [createfooter]
> <A TARGET="yahMAILhelp" HREF="/yahmail/doc/guide_create.html">Create-Send Guide</A>
> 
> [folderheader]
> <FONT COLOR="#ff0000">
> Unauthorized access via <B>yahMAIL</B> is prohibited!<P>
> </FONT>
> 
> [folderfooter]
> <A TARGET="yahMAILhelp" HREF="/yahmail/doc/guide_folder.html">Folder Browse Guide</A>
> <BR><A TARGET="yahMAILhelp" HREF="/yahmail/doc/">yahMAIL Usage Guide</A>
> 
> [listfooter]
> <A TARGET="yahMAILhelp" HREF="/yahmail/doc/guide_lists.html">Address List Guide</A>
> 
> [readfooter]
> <A TARGET="yahMAILhelp" HREF="/yahmail/doc/guide_read.html">Message Read Guide</A>
> 
> [private]
> becherini\VMS\postmaster
> *\VMS\*
> *\*\*
> 
> [public]
> 
> ----------------------------------------------------------------------
> 
>         Well, yahMAIL works fine, in our tests, in public access
>         (not in configuration file now).
> 
>         But private access not.
> 
>         With logical YAHMAIL$CHECK = 1
>         is possible to check what is wrong in the source of the page.
> 
>         If I try this:
> 
>                 http://somenode.ufrgs.br/cgi-bin/yahmail/~
> 
>         it returns this:
> 
> ----------------------------------------------------------------------
> <FONT SIZE=+1><B><U>yahMAIL is currently unavailable!</U></B></FONT>
> <P>Apologies for any inconvenience. Please try again later.
> <!--
> [public] ~
> reject: path
> end of configuration!
> -->
> ----------------------------------------------------------------------
> 
>         But I am trying private access, not public access.
> 
>         Please, what is wrong ?
> 
>         Best regards,
> 
>  _____________________________________________________________________________
> |                                                                             |
> | Fabio Becherini                   System & Network Manager, Webmaster UFRGS |
> | CPD-UFRGS                         Centro de Processamento de Dados da UFRGS |
> |                                   Universidade Federal do Rio Grande do Sul |
> |_____________________________________________________________________________|

-- 
"This electronic message and any attachments could not possibly be
confidential otherwise it would not be sent unencrypted, via the
Internet, through countless mailing agents, gateways, and using a
plethora of other completely insecure and extremely public media.
Even if you are not the intended recipient of this message you are
free to use and abuse any and all of the contents as everyone knows
full-well that that with zero security available the only conclusion
can be zero accountability.  No virus scanning software is used when
composing or mailing this message, end-use automatically nullifying
liability for infestation or subversion caused by opinions or ideas
it may contain."