Re: smtpd auth issue

Wed, 25 Apr 2001 19:11:33 -0700 

yep, i tried that, still letting every username/pass thru..

I mean, the odd part is,
should it fail if it doesn't find the auth program? or if  the password
checking fails? 

here's some food for thought: 

is i change it to
 -u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd qmail-smtpd test.com 
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1 

as the faq says.. 

i get these... 

Apr 26 02:22:35 abfm vpopmail[22502]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138
Apr 26 02:22:43 abfm vpopmail[22504]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138
Apr 26 02:22:59 abfm vpopmail[22506]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138 

interesting no? 

the same user names without the domain let me in before... and it's 
odviously
trying to check right? 

even if i change it to localhost ( testing) 

i still get some more 

Apr 26 02:28:08 abfm vpopmail[22551]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138
Apr 26 02:28:17 abfm vpopmail[22556]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138
Apr 26 02:28:52 abfm vpopmail[22570]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138
Apr 26 02:28:57 abfm vpopmail[22572]: vchkpw: No user found 
[EMAIL PROTECTED]:10.4.8.138 

( just in case, the account validates with pop3) 

do you know the syntax for connecting to port 25 and doing smtp auth, maybe 
it gives a meaning full message there ( like the loveable vpopmail
failed to mkdir ones i grew to love hehe) 


well, am gonna keep tryign combinations... and maybe see if i can pin
point somthing in the code, although i doubt it's something iw ill be able
to pick up.. 


any other pointers :( 

 

 


Ken Jones writes: 

> Javier Frias wrote:
>> 
>> Anyone ever encountered this... using the latest version found here
>> http://members.elysium.pl/brush/qmail-smtpd-auth/index.html 
>> 
>> and vpopmail 4.9.10.... 
>> 
>> and calling smtpd like this... 
>> 
>> #!/bin/sh
>> PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
>> export PATH
>> QMAILUID=`id -u vpopmail`
>> NOFILESGID=`id -g vpopmail`
>> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` 
>> 
>> exec softlimit -m 2000000 tcpserver -p -R -x ~vpopmail/etc/tcp.smtp.cdb -c
>> "$MAXSMTPD" \
>>  -u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd qmail-smtpd ~vpopmail/bin/vchkpw
>> /usr/bin/true 2>&1 
>> 
>> smtp auth takes ANY username password combination... it still requires you
>> to imput a password..
>> but it  just lets anything thru.... anyone ever seen these? am i doing
>> something wrong?
> 
> the " ~vpopmail/" text looks suspicious. Not all shells expland the
> character. It is better to set it explicitly. Make this change and
> try again.
> -- 
> Ken Jones
> "Live Free, Live GPL"
> http://www.inter7.com/

Reply via email to