Re: qpsmtpd with TLS and AUTH

[Ask Bjørn Hansen]

Tak Rasmus!

Could you make the diff with "diff -u"?

  - ask

--  
http://localrobot.com/

On Feb 18, 2010, at 14:18, Rasmus Skaarup <ras...@gal.dk> wrote:


Patch is attached. User can now choose between cram-md5 and plain  
authentication. If no option is chosen, it defaults to cram-md5 -  
which is backwards compatible.

Br
Rasmus Skaarup

<auth_flat_file.patch>



On 18/02/2010, at 22.45, Rasmus Skaarup wrote:


Gmail apparently only supports AUTH PLAIN.

But why their mail servers responds with "AUTH CRAM-MD5" and  
proceeds with a plain mechanism is not really playing nice.

I added support for the plain mechanism in the auth_flat_file  
plugin (which was rather easy - why isn't this a selectable  
feature? Should I post a patch?) so my mail server now tells "AUTH  
CRAM-MD5 PLAIN" and Gmail now chooses "AUTH PLAIN" and  
authentication succeeds.

Br
Rasmus


On 16/02/2010, at 18.33, Baltasar Cevc wrote:

Hi Rasmus,

...
@400000004b7ac0e606cba59c 44729 running plugin (auth-cram-md5):  
auth::auth_flat_file
@400000004b7ac0e606cd9d84 44729 auth::auth_flat_file plugin:  
Authentication for: <secretu...@secretdomain.invalid>
@400000004b7ac0e606cfeb5c 44729 trying to get config for  
flat_auth_pw
@400000004b7ac0e606d51b7c 44729 auth::auth_flat_file plugin:  
passClear NOT defined
@400000004b7ac0e606d80594 44729 auth::auth_flat_file plugin:  
passHash defined: 5a8cf0b98d4e09d155f6cd64f5b708fb - <87e78.4b7ac...@denene.dvconsulting.dk 
> - 7a66033f5c7208945ad2c36b9e92100c
@400000004b7ac0e606db265c 44729 Plugin auth::auth_flat_file, hook  
auth-cram-md5 returned DENY, authflat/cram-md5 - wrong password
@400000004b7ac0e606de04bc 44729 535 Authentication failed for m...@dvconsulting.dk 
 - authflat/cram-md5 - wrong password
@400000004b7ac0e606e196cc 44729 Authentication failed for m...@dvconsulting.dk 
 - authflat/cram-md5 - wrong password
...
I don't use the auth plugins myself, but maybe this general  
information will help you as I've noticed the corresponding error  
in your trace:
If you want to use the MD5-mechanisms, you need a clear-text  
password. Only plain and login will function with a password hash.  
Be sure that your server only announces mechanims that are  
supported for all users - the announcement takes place before the  
user is known, thus if you have one single user without a  
plaintext password, it would be unable to login otherwise (the  
client would probably try CRAM-MD5 and then - by definition - fail  
to authenticate).

Cheers,
Baltasar

((( Baltasar Cevc


) World wide web:
# http://www.openairkino.net/ (a project for the local youth;  
German only)
# http://technik.juz-kirchheim.de/ (programming and admin projects)
# http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 178 691 22 33
)