John P. wrote:
> I have patched qmail-smtpd with Krzysztof Dabrowski's SMTP-AUTH patch and
> have changed the line in /var/qmail/supervise/qmail-smtpd/run to end "..
> /var/qmail/bin/qmail-smtpd /bin/checkpassword /bin/true &2>&1" and have
been
> trying to send e-mail from an IP address that is not permitted in the
> tcp.cdb for relaying purposes.
Dabrowski's version of the authenticated SMTP patch supports two
authentication schemes, simple passwords and CRAM-MD5 challenges and
responses. Therefore, qmail-smtpd modified with the patch will require two
"checkpassword" type arguments, one to handle simple passwords, the other to
handle CRAM-MD5.
Dabrowski also wrote his own replacement for checkpassword, cmd5checkpw,
specifically to handle the CRAM-MD5 scheme. However, the latest version of
cmd5checkpw also handles simple passwords, so it can be used for both
purposes. My qmail-smtpd start-up script looks like this:
... /var/qmail/bin/qmail-smtpd \
/bin/cmd5checkpw /bin/true /bin/cmd5checkpw /bin/true ...
Note that if you do use cmd5checkpw, you will have to create a new password
file that stores passwords unencrypted; the default is /etc/poppasswd. The
source package for cmd5checkpw provides an example to help you set up this
new password file. Details and downloads at:
http://members.elysium.pl/brush/cmd5checkpw/
---Kris Kelley
