My suggestions is to give an option to select which one the user wants to
install.
So maybe we have one version with clear and one without, which means the script
will need to prompt you to select
Remo
> On Oct 5, 2018, at 11:35, Eric Broch <ebr...@whitehorsetc.com> wrote:
>
> actual:
>
> vdir=/home/vpopmail
>
> ./configure --prefix=%{vdir} \
> --enable-vpopuser=vpopmail \
> --enable-vpopgroup=vchkpw \
> --enable-libdir=%{_libdir}/mysql \
> --disable-roaming-users \
> --enable-tcprules-prog=/usr/bin/tcprules \
> --enable-tcpserver-file=/etc/tcprules.d/tcp.smtp \
> --enable-make-seekable \
> --enable-clear-passwd \
> --disable-users-big-dir \
> --enable-qmail-ext \
> --disable-ip-alias-domains \
> --enable-auth-module=mysql \
> --disable-passwd \
> --enable-logging=v \
> --enable-log-name=vpopmail \
> --disable-mysql-limits \
> --enable-valias \
> --disable-many-domains \
> --enable-non-root-build
>
>
> On 10/5/2018 12:25 PM, Eric Broch wrote:
>> vpopmail directory = /home/vpopmail
>> uid = 89
>> gid = 89
>> roaming users = OFF --disable-roaming-users (default)
>> password learning = OFF --disable-learn-passwords (default)
>> md5 passwords = ON --enable-md5-passwords (default)
>> file locking = ON --enable-file-locking (default)
>> vdelivermail fsync = OFF --disable-file-sync (default)
>> make seekable = ON --enable-make-seekable (default)
>> clear passwd = ON --enable-clear-passwd (default)
>> user dir hashing = OFF --disable-users-big-dir
>> address extensions = ON --enable-qmail-ext
>> ip alias = OFF --disable-ip-alias-domains (default)
>> auth module = mysql --enable-auth-module=mysql
>> mysql replication = OFF --disable-mysql-replication (default)
>> sql logging = OFF --disable-sql-logging (default)
>> mysql limits = OFF --disable-mysql-limits (default)
>> MySQL valias = ON --enable-valias
>> auth inc = -I/usr/include/mysql
>> auth lib = -L/usr/lib64/mysql -lmysqlclient -lz -lm
>> system passwords = OFF --disable-passwd (default)
>> pop syslog = log success and errors including passwords
>> --enable-logging=v
>> auth logging = ON --enable-auth-logging (default)
>> one domain per SQL table = --disable-many-domains
>>
>>
>> On 10/5/2018 11:03 AM, Andrew Swartz wrote:
>>> Eric,
>>>
>>> What configuration options do you use when compiling vpopmail?
>>>
>>> -Andy
>>>
>>>
>>>
>>>
>>> On 10/4/2018 9:17 AM, Andrew Swartz wrote:
>>>> Yet I believe we have solved this problem:
>>>>
>>>> Remote IMAP/POP3 authentication should be done via STARTTLS or TLS.
>>>> Therefore CRAM-MD5 is not necessary and PLAIN or LOGIN auth mechanisms
>>>> can be used.
>>>>
>>>> Local authentication (i.e. the webmail server authenticating through
>>>> IMAP) can use unsecure connection with PLAIN/LOGIN mechanisms without
>>>> substantial risk.
>>>>
>>>> If PLAIN or LOGIN mechanisms are used exclusively, then the cleartext
>>>> passwords are not needed and can be set to NULL.
>>>>
>>>> Both IMAP and webmail should be set to use PLAIN or LOGIN mechanisms.
>>>>
>>>> vpopmail should be configured with the '--disable-clear-passwd' option.
>>>>
>>>> Unless I'm missing something, the above steps solve the problem.
>>>> Dovecot using cleartext passwords for CRAM-MD5 authentication is not a
>>>> bug, it is correct functioning (because the server requires the
>>>> cleartext password to authenticate the client).
>>>>
>>>> However, the problem is unsolved for admins who want to serve IMAP/POP3
>>>> over an unencrypted channel. Then they have to maintain CRAM-MD5
>>>> capability, which means they must maintain cleartext passwords which do
>>>> not exceed 16 characters. I would argue that this should not be the
>>>> default configuration, but rather something that someone can configure
>>>> if they desire an especially insecure configuration.
>>>>
>>>> -Andy
>>>>
>>>>
>>>>
>>>> On 10/4/2018 8:00 AM, Remo Mattei wrote:
>>>>> +1
>>>>>
>>>>> When I read it..
>>>>>
>>>>>> On Oct 4, 2018, at 08:10, Andrew Swartz <awswa...@acsalaska.net> wrote:
>>>>>>
>>>>>> I have ABSOLUTELY NO IDEA what that is supposed to mean.
>>>>>>
>>>>>> -Andy
>>>>>>
>>>>>>
>>>>>> On 10/4/2018 3:56 AM, Eric Broch wrote:
>>>>>>> Here's the answer I got from the Dovecot mailing list concerning the
>>>>>>> question of clear text password authentication...not sure how to
>>>>>>> implement...ideas? :
>>>>>>>
>>>>>>> On 03.10.2018 23:30, Eric Broch wrote:
>>>>>>>> Hello list,
>>>>>>>>
>>>>>>>> I run Dovecot with the vpopmail driver and have found that it
>>>>>>>> authenticates against the clear text password in the vpopmail
>>>>>>>> database. Is there a configuration option either at compile time, link
>>>>>>>> time, or a setting in one of the configuration files that tells the
>>>>>>>> program to authenticate against the hash instead of the clear text?
>>>>>>>>
>>>>>>> Prefix your passwords in vpopmail with {SCHEME} (like, {CRYPT})
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>>>>>
>>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>>>
>>>>>
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
