Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
Tom Collins wrote: On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? 5.5.0 Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored I think no. How could I convert my password in vpasswd file to clear text? thanks for any suggestion Regards Andrea
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
On Monday 18 October 2004 01:49 am, Andrea Riela wrote: Tom Collins wrote: On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? 5.5.0 Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored I think no. How could I convert my password in vpasswd file to clear text? you can't, it's a one way hash. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpYyZP175ebv.pgp Description: PGP signature
Re: [vchkpw] about smtp auth and vpopmail: MD5 problem
On Oct 17, 2004, at 3:54 PM, Andrea Riela wrote: Now the smtp auth with pass in PLAIN text works fine, in CRAM-MD5 not. Vpopmail 5.4.0 or later? Do you have a clear password for that user in your vpasswd file or database? CRAM-MD5 only works if you have a cleartext password stored -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: Do you have clear password support in vpopmail? I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 I need WITH_CLEAR_PASSWD=yes too? Regards Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: try authenticating right there. http://fehcom.de/qmail/smtpauth.html I need tls support too. the patch is that? http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040927.patch thanks for any suggestion Andrea
Re: [vchkpw] about smtp auth
I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 normally when I try to connect with bincimap I see: Oct 16 19:02:01 observe vpopmail[33603]: vchkpw-imaps: (PLAIN) login success [EMAIL PROTECTED]:192.168.17.23 What I've to check? Regards Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: I've installed vpopmail with make WITH_QMAIL_EXT=yes WITH_DOMAIN_QUOTAS=yes WITH_SPAMASSASSIN=yes SPAM_THRESHOLD=15 RELAYCLEAR=15 WITH_CLEAR_PASSWD=yes I've tryed it. Now in my maillog I see that: Oct 16 19:01:54 observe vpopmail[33600]: vchkpw-smtps: vpopmail user not found [EMAIL PROTECTED]:192.168.17.23 partial solution: I've changed my runscript (as Jeremy says): /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u 89 -g 89 0 465 /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 Now my log is: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 What about this? Regards Andrea
Re: [vchkpw] about smtp auth
Andrea Riela wrote: Oct 16 19:16:39 observe vpopmail[34852]: vchkpw-smtps: password fail [EMAIL PROTECTED]:192.168.17.23 telnet 127.0.0.1 25 EHLO 250-nesys.it 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 AUTH CRAM-MD5 503 auth not available (#5.3.3) AUTH PLAIN 503 auth not available (#5.3.3) ... Andrea
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 04:42 am, Andrea Riela wrote: Hi folks, there's someone here that use Freebsd and qmail+vpopmail+smtp auth? the smtp auth patch in freebsd ports could use vchkpw? there's an howto about that? I'm sure it can. There are two types of smtp auth patches out there. Ones that require that you have the hostname, and ones that don't. I highly recommend, however, that you do not use the qmail from ports and simply roll your own tarball. The recommended smtp auth patch to use is the one found at http://fehcom.de/qmail/smtpauth.html -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgp0mky8XHuzq.pgp Description: PGP signature
Re: [vchkpw] about smtp auth
Well, I've tested http://students.imsa.edu/~ngroot/qmail-1.03-starttls-smtp-auth.patch (that is in /usr/ports/mail in Freebsd), my steps was: cd /usr/ports/mail/qmail-smtp_auth+tls make cp work/.../qmail-smtpd /var/qmail/bin/qmail-smtpd observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME My runscript is: #!/bin/sh CERTFILE=/var/qmail/certs/pop3s.cert KEYFILE=/var/qmail/certs/pop3s.key DHFILE=/var/qmail/certs/dh1024.pem export CERTFILE KEYFILE DHFILE QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD ]; then echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/sslserver -e -v -R -h -l 0 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 465 /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 well, the problem is: when I try to connect to send an email, I receive a password request for the user (the same as account user), I type the same password as account user, but, I couldn't send the email, and I receive always the password request. What I've to do? Regards Andrea
Re: [vchkpw] about smtp auth
Jeremy Kitchen wrote: there's someone here that use Freebsd and qmail+vpopmail+smtp auth? The recommended smtp auth patch to use is the one found at http://fehcom.de/qmail/smtpauth.html Which works fine. Installation instructions are either on the site or included in the tarball; can't remember. -- Regards, Charles. signature.asc Description: OpenPGP digital signature
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 10:40 am, Andrea Riela wrote: QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` [snip] /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 well, the problem is: when I try to connect to send an email, I receive a password request for the user (the same as account user), I type the same password as account user, but, I couldn't send the email, and I receive always the password request. Can the qmaild user read your vpopmail information? I certainly hope not :) Change qmail-smtpd to run as the vpopmail user and it should Just Work. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpI7HeaMaCVo.pgp Description: PGP signature
Re: [vchkpw] about smtp auth
On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
On Oct 15, 2004, at 9:24 AM, Jeremy Kitchen wrote: /var/qmail/bin/qmail-smtpd nesys.it /usr/local/vpopmail/bin/vchkpw-noroaming /bin/true 21 Change qmail-smtpd to run as the vpopmail user and it should Just Work. But he's using the old patch (it requires a hostname as the first arg to qmail-smtpd) which isn't compatible with vpopmail 5.4.x. Use the fehcom patch. Either the latest version from Erwin's site, or the older one included in vpopmail's contrib directory. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] about smtp auth
Tom Collins wrote: On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). Well, I've installed the last fehcom (0.43), but nothing, the same problem (the email client send a password request ... always). now: observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 what I've to check? Now I use bincimap with vchkpw-noroaming, and qmail-smtpds (with ucspi-ssl) with vchkpw-noroaming. thanks for all Regards Andrea
Re: [vchkpw] about smtp auth
On Friday 15 October 2004 05:51 pm, Andrea Riela wrote: Tom Collins wrote: On Oct 15, 2004, at 8:40 AM, Andrea Riela wrote: 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN That's an old, outdated patch. Use the other patch mentioned (or the one included in the vpopmail contrib directory). Well, I've installed the last fehcom (0.43), but nothing, the same problem (the email client send a password request ... always). now: observe# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 nesys.it ESMTP ehlo 250-nesys.it 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 what I've to check? try authenticating right there. http://fehcom.de/qmail/smtpauth.html tells you the protocol for SMTP auth... also, your server advertises cram-md5, most mail clients will use the most secure method available, which in this case is cram-md5.. but in order for cram-md5 to work you have to have the clear text password on both sides of the authentication. Do you have clear password support in vpopmail? -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpYfNR2qPJgD.pgp Description: PGP signature