>I'm not completely sure how the authenticated SMTP conversation
>looks like. You have two possible approaches:
>
>1. qmail-popup like. You start SMTP conversation as a root, grab a
>username/password, verify it, drop root and go on. (That's what
>qmail-popup -> checkpassword -> qmail-pop3d sequence
>accomplishes.)
possible but requires major rewrite of both programs (new qmail-popup
(smtpup) and qmail-smtpd).
>2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an
>external program to check the password. That program is suid and
>is executable only for root and group of qmaild user (nofiles - doh!
>create a special group for qmaild user, and don't put anyone else in
>it). The program also has the correct logging of failed attempts and
>correct timeouts.
so this is basicaly what i have now except that logging (= make
checkpassowrd suid and accessible only to root and qmaild).
Kris
