There's some work i had done last year. See this message. My memory is a bit foggy on the specifics right now but please do try it out. Not on a production server of course!!! Don't go by the version numbering - it is not a branch that is part of the official release.
http://permalink.gmane.org/gmane.mail.qmail.toaster.devel/999 Bharath Johannes Weberhofer <[email protected]> wrote: > > >Am 10.09.2013 15:59, schrieb Eric Shubert: >> On 09/10/2013 02:34 AM, Johannes Weberhofer wrote: >>> Dear all! >>> >>> For security reasons I have disabled the storage of vpopmail's >>> plain-text passwords. Upon connection the qmail-server still >responds with >>> >>> 250-server.test.com - Welcome to Qmail Toaster Ver. 1.03.5 SMTP >Server >>> 250-STARTTLS >>> 250-PIPELINING >>> 250-8BITMIME >>> 250-SIZE 20971520 >>> 250 AUTH LOGIN PLAIN CRAM-MD5 >>> >>> Qmail's implementation of cram-md5 is implemented in a way, that the >>> plain-text password is required [1] for CRAM-MD5 authentication. My >>> problem is, that some clients are sending the CRAM-MD5 response, but >>> Qmail is not able to process it correctly. Unfortunately I have not >>> found a way to turn this feature off. Does someone know, how to? >>> >>> Best regards, >>> Johannes >>> >>> [1] http://en.wikipedia.org/wiki/CRAM-MD5 >>> >> >> You're one step ahead of me, Johannes. :) >> >> I had planned to do so by having spamdyke handle authentication. The >current version doesn't implement this quite rightly though, but it'll >be fixed in the soon to be released version. >> >> In the meantime, check for qmail config options in the .spec file. >There might be a ./configure option for turning cram-md5 off. I don't >know off hand, but I would expect so. Either that or vpopmail. I don't >recall off hand how qmail makes the determination of which auth methods >are available. >> >> Please let me know how you make out with this. >> Thanks! > >I'll let you know (if). It's a matter of time... >> >> P.S. Just to be clear, plain-text passwords are required for any >implementation of cram-md5, not just qmail's. That's a weakness which >is inherent in the protocol. > >The wiki page says, that some (dovecot) implementation stores a >intermediate step of HMAC, so I guess there is anoter way to do that, >too. > >Best regards, >Johannes > >-- >Johannes Weberhofer >Weberhofer GmbH, Austria, Vienna > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: >[email protected] -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
