On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been known to
not be a good
Hi,
I just checked the most recent (available) vopopmail-5.3.27.
Here, you inclued CRAM-MD5 support from Krzysztof Dabrowski. This
implementation is broken; it does not confirm with Dan Bernstein's
checkpassword API.
Dan requires: user0password0 or - in case of C/R - user0response0challenge0.
Tom Collins wrote:
On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been
Hello.
Could somebody give some instructions how to change existing vopmail vchkpw
auth type, routine (where exactly it compares passwords the user has given
and the one stored in MySQL database).
The idea is such: There is an existing user database which I have to move to
a mailsystem (qmail +
Any ideas re: this problem? I'm in bad need of some help!!
Thanks,
Duane
Original Message
From: Duane Stark [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Fri, Oct-31-2003 11:34 PM
Subject: Re: [vchkpw] vconvert
According to pkg_info, vpopmail-5.3.28.
It's
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
Tom Collins wrote:
For generating a salt, I think we're
Roze writes:
The idea is such: There is an existing user database which I have to move
to a mailsystem (qmail + vpopmail + mysql). All the passwords are
encypted (no way to get plain-text) (with standart CRYPT) though there
is also SALT provided which is 2 first symbols from username.
Paul L. Allen wrote:
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
Better than what you have,
Nick Harring wrote:
This is the Right Thing imho. It might be easier though to move the
srandom()/random() and new reads from /dev/urandom into a function of
its own, rather than replacing them whereever they're sprinkled
through the code. I realize that's even more work, but its probably
Nick Harring writes:
Storing cleartext passwords is generally horrible security, so this and
that don't really relate to each other.
Except to the extent that vpopmail now supports cleartext passwords
(I have a vague memory they're needed for CRAM authentication)
I whole heartedly agree.
On Friday, October 31, 2003, at 01:03 AM, Rick Macdougall wrote:
Try 5.2.2 from Sourceforge, a lot of bug fixes have been back ported
by Tom, Ken and the gang.
Credit where credit is due:
Michael Bowe did all of the backporting, and is entirely responsible
for the 5.2.2 release.
He also took
On Tuesday, October 28, 2003, at 01:19 PM, John Johnson wrote:
I have been working on a test system and I set enable learn password
to yes
but qmailadmin and vadduser will not let me
Add an account with out a password. Also will vpopmail learn
The password on an imap connection using courier
On Friday, October 31, 2003, at 06:36 AM, Charles Sprickman wrote:
My question is this, if I do vaddomain isp.com so that I can test my
syncing script, and I want to keep qmail in the dark about the
existence
of this domain, can I simply pull the isp.com entries out of the
rcpthosts and assign
To be sure in that way if dont provide previously used salt (in the user
passwords which havent been added using 'vadduser') in crypt will the
authorization through pop work?
Theoretically salt is the first 2 symbols, but will vpopmail (vchkpsw)
understand/use that?
- Original Message -
Tom Collins wrote:
On Friday, October 31, 2003, at 01:03 AM, Rick Macdougall wrote:
Try 5.2.2 from Sourceforge, a lot of bug fixes have been back ported
by Tom, Ken and the gang.
Credit where credit is due:
Michael Bowe did all of the backporting, and is entirely responsible for
the
Reinis Rozitis writes:
To be sure in that way if dont provide previously used salt (in the user
passwords which havent been added using 'vadduser') in crypt will the
authorization through pop work?
Theoretically salt is the first 2 symbols, but will vpopmail (vchkpsw)
understand/use that?
Hi all,
had anyone got this warning in smtp logs?
from log/smtp/current
@40003fa6d2742cc3dc9c tcpserver: status: 1/50
@40003fa6d2742cc576c4 tcpserver: pid 28174 from 81.92.196.94
@40003fa6d2742cc71ca4 tcpserver: ok 28174 0:10.0.0.200:25
:81.92.196.94::33304
@40003fa6d275254730a4
X-Istence writes:
He cant do MD 5 auths, or does vchkpw allow for MD5 auth logins?
If my unreliable memory is not letting me down, it can do CRAM-MD5 if you
have plaintext passwords set. For some versions of vpopmail.
--
Paul Allen
Softflare Support
Nick Harring writes:
That's funny, it looked a lot like signal to me.
Not only did I refer you to a seminal work by Claude Shannon from the
late 1940s, I gave you a summary of the salient details - yet you fail to
understand. A new subscriber to this list who has not checked the
archives, or
And probably this one as well:
http://untroubled.org/qmail-autoresponder/
On Mon, 3 Nov 2003, Charles Sprickman wrote:
Hi,
Is anyone else using something other than the autorespond package to
handle vacation-style messages?
I'm finding that autorespond doesn't look like a good choice for
Charles Sprickman writes:
I'm finding that autorespond doesn't look like a good choice for people
used to a standard vacation responder
It is a BAD choice for a vacation responder. It lacks many features
ESSENTIAL in a vacation responder. You might as well ask if sticking
your naughty
- Original Message -
From: Tom Collins [EMAIL PROTECTED]
To: vpopmail list [EMAIL PROTECTED]
Sent: Monday, November 03, 2003 7:02 PM
Subject: Re: [vchkpw] testing methods
Leave it in assign so vpopmail/qmailadmin will still work, but remove
it from rcpthosts (or morercpthosts and
Hello Songrit,
On Monday, November 3, 2003 at 4:28:40 PM you wrote (at least in
part):
Leave it in assign so vpopmail/qmailadmin will still work, but remove
it from rcpthosts (or morercpthosts and then rebuild morercpthosts.cdb).
How to rebuild morercpthosts.cdb and /var/qmail/users/cdb
On Tue, 4 Nov 2003, Paul L. Allen wrote:
I'm finding that autorespond doesn't look like a good choice for people
used to a standard vacation responder
It is a BAD choice for a vacation responder. It lacks many features
ESSENTIAL in a vacation responder. You might as well ask if
24 matches
Mail list logo