SV: [vchkpw] SMTP AUTH vpopmail mysql qmail
I just want to apologize for not digging enough before mailing the list. By searching around I got things to work perfectly by patching qmail. SMTP AUTH seems to work fine with vchkpw now. \Stefan -Ursprungligt meddelande- Från: Stefan Gudmundsson [mailto:[EMAIL PROTECTED] Skickat: den 11 mars 2004 14:21 Till: [EMAIL PROTECTED] Ämne: [vchkpw] SMTP AUTH vpopmail mysql qmail Hi all. I have installed a box with qmail, vpopmail, courier imap and mysql. Things run smoothly except I don't know how to get the SMTP AUTH to work. I want the auth-check to be done from the mysql db I use with vpopmail. I assume this has been discussed before on the list and I hope someone may be able to guide me in the right direction. Regards Stefan G
[vchkpw] SMTP AUTH vpopmail mysql qmail
Hi all. I have installed a box with qmail, vpopmail, courier imap and mysql. Things run smoothly except I don't know how to get the SMTP AUTH to work. I want the auth-check to be done from the mysql db I use with vpopmail. I assume this has been discussed before on the list and I hope someone may be able to guide me in the right direction. Regards Stefan G
[vchkpw] CRAM-MD5 smtp-auth vpopmail-5.4.0 and spamcontrol-2.2.9
Hi, vchkpw-list CRAM-MD5 smtp-auth method seems to be not working under my installation of vpopmail-5.4.0 (mysql-4.0.18 as a back-end)/ spamcontrol-2.2.9 at the same time PLAIN smtp-auth is working fine As far as I know, qmail have to use the latest qmail-smtpd-auth-0.4.2 patch to work with vpopmail's vchkpw v5.4.0 and spamcontrol-2.2.9 includes this patch! I've checked CRAM-MD5 authentication procedure with cmd5 (http://www.net-track.ch/opensource/), but without any success Is there any known troubles with CRAM-MD5 authentication method at vpopmail-5.4.0 (cause I've heard about misfunctioning of this smtp-auth method at vpopmail-5.4.0-rc1) ? - Best Regards, Yuri Nosyrev Russia
Re: [vchkpw] CRAM-MD5 smtp-auth vpopmail-5.4.0 and spamcontrol-2.2.9
On Mon, 2004-02-23 at 22:58, Yuri Nosyrev wrote: [snip can't do cram-md5 with vpopmail 5.4.0 with mysql] Is there any known troubles with CRAM-MD5 authentication method at vpopmail-5.4.0 (cause I've heard about misfunctioning of this smtp-auth method at vpopmail-5.4.0-rc1) ? I know for a fact it works with cdb backend, but I as well have not gotten it to work with mysql backend. I brought this up on the list a few weeks ago, and I am working on getting a test environment set up to get some information that might be useful for debugging. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] CRAM-MD5 smtp-auth vpopmail-5.4.0 and spamcontrol-2.2.9
CRAM-MD5 (both with and without MySQL) breaks if you are using Eudora as a mail client but otherwise works fine with Outlook and Outlook Express. Over the last several days we have built three mailservers using Bill's Toaster without mysql and also modified to use mysql. In each case we have had to manually turn off CRAM-MD5 by 'undef' CRAM-MD5 on line 45 of qmail-smtpd.c. and re-compiling qmail. This is a problem with qmail smtp-auth not vpopmail. (Actually it's a problem with Eudora.) At 01:04 AM 2/24/2004, you wrote: On Mon, 2004-02-23 at 22:58, Yuri Nosyrev wrote: [snip can't do cram-md5 with vpopmail 5.4.0 with mysql] Is there any known troubles with CRAM-MD5 authentication method at vpopmail-5.4.0 (cause I've heard about misfunctioning of this smtp-auth method at vpopmail-5.4.0-rc1) ? I know for a fact it works with cdb backend, but I as well have not gotten it to work with mysql backend. I brought this up on the list a few weeks ago, and I am working on getting a test environment set up to get some information that might be useful for debugging. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE Best Regards, Jeff Koch, Intersessions
RE: [vchkpw] CRAM-MD5 smtp-auth vpopmail-5.4.0 and spamcontrol-2.2.9
From: Jeff Koch [mailto:[EMAIL PROTECTED] CRAM-MD5 (both with and without MySQL) breaks if you are using Eudora as a mail client but otherwise works fine with Outlook and Outlook Express. Neither of those does cram-md5, they talk auth login. David
RE: [vchkpw] CRAM-MD5 smtp-auth vpopmail-5.4.0 and spamcontrol-2.2.9
What you say may be true. But I can tell you from our experience that Eudora cannot smtp authenticate unless cram-md5 is 'undef' in qmail-smtpd.c whereas Outlook can. At 02:17 AM 2/24/2004, you wrote: From: Jeff Koch [mailto:[EMAIL PROTECTED] CRAM-MD5 (both with and without MySQL) breaks if you are using Eudora as a mail client but otherwise works fine with Outlook and Outlook Express. Neither of those does cram-md5, they talk auth login. David Best Regards, Jeff Koch, Intersessions
[Smtpauth] smtp-auth + vpopmail + outlook 2000?
Hi all, I have sucessfully installed the smtp-auth(0.30) patch to qmail I can authenticate using AUTH PLAIN: $perl encode '\0user%domainname.com\0test' AHRlc3Qlc2dtbG9wZW4uY29tAHRlc3Q= $telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mail.domainname.com ESMTP auth plain 334 ok, go on AHRlc3Qlc2dtbG9wZW4uY29tAHRlc3Q= 235 ok, go ahead (#2.0.0) quit so, I try to use outlook2000 ( i setup outlook correctly ) but I get the usual: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) According to the docs @: http://members.elysium.pl/brush/smtp-auth/client.html Outlook98 supports LOGIN and PLAIN So is the problem that outlook2k doesn't support PLAIN or am I missing some key info? Any tips, pointers, or smacks on the bald head (benny hill style) would be appreciated. -- - Sean P. Scanlon perl -e 'print pack(h*, 3707370426c6575646f647e2e65647), \n' -
smtp-auth / vpopmail
Does anybody have any implementation of, or plans to implement smtp-auth using vpopmail I've seen a few smtp-auth patches, but from what I can gather they all use PAM/checkpassword I'd like to offer my users relaying with smtp-auth, as an alternative or replacement for the relay after pop3 authentication method Any body got any ideas/suggestions on this? Regards, Kieran Barnes Signum 1226 Ltd Use our Web site at... http://www.1226.net Phone us on... 01772 622889 Fax us on... 01772 622558
Re: smtp-auth / vpopmail
I want to do that, and in the future I'll extend my patch (checkusers on qmail-smtpd) or write a new one, but I've not studied actual patches nor I've time to do it in near future. Tonino At 31/05/2001 31/05/2001 +0100, Kieran Barnes wrote: Does anybody have any implementation of, or plans to implement smtp-auth using vpopmail I've seen a few smtp-auth patches, but from what I can gather they all use PAM/checkpassword I'd like to offer my users relaying with smtp-auth, as an alternative or replacement for the relay after pop3 authentication method Any body got any ideas/suggestions on this? Regards, Kieran Barnes Signum 1226 Ltd Use our Web site at... http://www.1226.net Phone us on... 01772 622889 Fax us on... 01772 622558
RE: smtp-auth / vpopmail
hi there,
i'm using authenticated smtp for over a year now, and it works great. what
you should now is that there are three different authentication types:
PLAIN, LOGIN and CRAM-MD5.
here is a nice table on what clients and other mailservers are supporting
authenticated smtp:
http://members.elysium.pl/brush/smtp-auth/index.html
the author even has a patch for qmail that implements all three
authentication types, while using cmd5checkpwd (i guess) as an alternative
to djb's original checkpassword. like checkpassword it authenticates system
users (/etc/passwd /etc/shadow). if you want vpopmail authentication, you
have to use the vchkpw program which doesn't support CRAM-MD5... so there's
no real CRAM-MD5 authentication possible for vpopmail users yet.
ken - i'm not an md5 expert and don't now exactly how that works, but maybe
this would be a nice feature to implement in vchkpw.
personally, i'm happy with just the LOGIN mechanism because m$ outlook
express supports it, and this is the most used client that really has
problems with pop-before-smtp because it always does smtp-before-pop. both
pop-before-smtp and authenticated smtp can be used together, so you don't
have to choose - just use both.
CRAM-MD5 authentication would be best because no cleartext passwords would
be transferred over the net. but users already do so with pop3 and imap, so
i personally would prefer using stunnel to use smtp/pop/imap-over-ssl, then
you don't need to care for cleartext passwords as the complete
communication would be encrypted.
i'm using the following patch to qmail-smtpd.c:
http://www.cuni.cz/~vhor/qmail/smtpauth-en.html
this patch is based on the patch of mrs. brisby, but it features also a
workaround for buggy netscape clients and servers (they want to use
authenticated smtp even if there is no need to). for installation help look
here (at the bottom):
http://www.nimh.org/code.shtml
unfortunately, the author included a security patch that eliminates all
non-alphanumeric characters in usernames what breaks vpopmail as it uses at
least % and . in its usernames.
look for these lines:
/* vhor */
for(i=0;istrlen(smtpauthlogin);i++) {
if (! isalnum(smtpauthlogin[i]) ) {
smtpauthlogin[i] = 'X';
}
}
and just delete them to get back vpopmail compatibility.
as chris bolt correctly stated, vchkpw has to be suid, but suid vpopmail
unfortunately is not enough; it has to be suid root (ken jones told me that
long time ago), so please re-check the vchkpw code to be sure that you
don't open security holes through higher privileges. suid root is
especially needed in situations where vpopmail domains are not all owned by
vpopmail.vchkpw but by different users (using the command line switches on
vadddomain).
hope that helped... if you have any questions, let me know.
bye, jon
_
Jonas Pasche, RHCERheinstr. 3
webagentur Domke GmbH 64283 Darmstadt
Systemadministration / Systementwicklung Germany
Hotline: 0700 46637243 (24 Pf./Min.) mailto:[EMAIL PROTECTED]
Telefax: +49 (0)6151 293173 http://www.domke.de
_
Re: smtp-auth / vpopmail
"Chris Bolt" [EMAIL PROTECTED] writes: vchkpw can be used as a drop-in replacement for checkpassword. If it supports checkpassword, it should work with vchkpw. You may just have to make vchkpw suid vpopmail:vchkpw. Be aware that when you make vchkpw suid vpopmail.vchkpw you have to add access to your tcp.smtp file for vpopmail user. -- Ondej Sur [EMAIL PROTECTED]Globe Internet s.r.o. http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Plnikova 1, 162 00 Praha 6 GPG fingerprint: CC91 8F02 8CDE 911A 933F AE52 F4E6 6A7C C20D F273
Re: smtp-auth / vpopmail
[EMAIL PROTECTED] (Ondej Sur) writes: Jonas Pasche [EMAIL PROTECTED] writes: as chris bolt correctly stated, vchkpw has to be suid, but suid vpopmail unfortunately is not enough; it has to be suid root (ken jones told me that long time ago), This is *not* true! I have vchkpw running suid vpopmail.vchkpw just fine. -- Ondej Sur [EMAIL PROTECTED]Globe Internet s.r.o. http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Plnikova 1, 162 00 Praha 6 GPG fingerprint: CC91 8F02 8CDE 911A 933F AE52 F4E6 6A7C C20D F273
Re: smtp-auth / vpopmail
hi there, [EMAIL PROTECTED] (Ondøej Surý) writes: Jonas Pasche [EMAIL PROTECTED] writes: as chris bolt correctly stated, vchkpw has to be suid, but suid vpopmail unfortunately is not enough; it has to be suid root (ken jones told me that long time ago), This is *not* true! I have vchkpw running suid vpopmail.vchkpw just fine. ok, with my old vpopmail version that didn't work; it worked just with suid root. obviously this isn't a problem with newer versions. thanks for that correction. but take care, if you create domains under different user id's (vadddomain -u/-i/-g) vchkpw _really_ has to be suid root. bye, jon. _ Jonas Pasche, RHCERheinstr. 3 webagentur Domke GmbH 64283 Darmstadt Systemadministration / Systementwicklung Germany Hotline: 0700 46637243 (24 Pf./Min.) mailto:[EMAIL PROTECTED] Telefax: +49 (0)6151 293173 http://www.domke.de _
qmail-smtp auth-vpopmail crusade
I have found some logic on my problem with vchkpw and qmail-smtpd-auth: (my problem is that, the smtp-auth login doesn't run with vpopmail/vchkpw). If I use checkpassword as checker, it runs OK (only with system accounts, I think). If I use vchkpw, it fails. I have followed all the steps from smtpd-auth FAQ, but it refuses to run properly. Also, there is permissions for reading all the directories and files, or I think so. anybody have any idea of what's happening ? (please excuse my poor english I read english source code perfect, but I write it in spanish, and so I don't write english very often.) O:-) PGP signature
Re: qmail-smtp auth-vpopmail crusade
Sonic wrote: I have found some logic on my problem with vchkpw and qmail-smtpd-auth: (my problem is that, the smtp-auth login doesn't run with vpopmail/vchkpw). If I use checkpassword as checker, it runs OK (only with system accounts, I think). If I use vchkpw, it fails. I have followed all the steps from smtpd-auth FAQ, but it refuses to run properly. Also, there is permissions for reading all the directories and files, or I think so. anybody have any idea of what's happening ? (please excuse my poor english I read english source code perfect, but I write it in spanish, and so I don't write english very often.) O:-) Part 1.2Type: application/pgp-signature it runs for me. Run tcpserver with -u vpopmailuid -g vpopmailgid Here is my init script line.. # for smtp auth #env - PATH="/var/qmail/bin:/usr/local/bin" \ # tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb -c100 \ # -uvpopmailuid -gvpopmailgid 0 smtp \ # /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true \ # 21 /dev/null Works. Ken Jones
