It is my understanding that this is not using CRAM-MD5 but PLAIN login, so those methods aren't affected. I used the patch and haven't had difficulty using it from within netscape or other clients. I will be investigating further.
As far as I can tell, it's only on the AUTH LOGIN which I'm having this issue (although more testing is needed). It just doesn't seem to keep enough significant characters to return true. And in theory, the patch should just pass it's information off to vpopmail.
I'll do some more investigating later today and see what I can come up with. AUTH LOGIN sends the base64 ( encoded username and password [which is two-way, so really not as secure, but it's better than nothing], one per line.


From: Jeremy Kitchen <[EMAIL PROTECTED]>
Subject: Re: [vchkpw] SMTP-Auth bug in passwords?
Date: Wed, 10 Sep 2003 00:10:30 -0500

I apologize for sending a copy directly to you Anthony, reply button in
evolution is a little crazy sometimes :)

On Wed, 2003-09-10 at 00:06, Anthony Baratta wrote:
> Tom...
> Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he
> put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
> So this appears to be a problem with LOGIN, either in the patch or with
> vPopmail.
> Do I have my logic wrong??

the smtp-auth patch you are probably using wrongly advertises that it
can handle CRAM-MD5.  Simply edit qmail-smtpd.c, search for the
CRAM-MD5, remove it, rebuild qmail-smtpd, and you're set.  I just did
this today, and it worked fine.

Jeremy Kitchen
Systems Administrator
Inter7 Internet Technologies, Inc.
866.528.3530 toll free
847.492.0470 int'l
847.492.0632 fax

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*

Reply via email to