-M
From: Tom Collins <[EMAIL PROTECTED]>
To: vpopmail list <[EMAIL PROTECTED]>
Subject: Re: [vchkpw] SMTP-Auth bug in passwords?
Date: Tue, 9 Sep 2003 22:23:27 -0700
On Tuesday, September 9, 2003, at 10:06 PM, Anthony Baratta wrote:
Doesn't the AUTH LOGIN state that he'
y Kitchen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [vchkpw] SMTP-Auth bug in passwords?
Date: Wed, 10 Sep 2003 00:10:30 -0500
I apologize for sending a copy directly to you Anthony, reply button in
evolution is a little crazy sometimes :)
On Wed, 2003-09-10 at 00:06, Anthony Bara
Nope. Not using MD5 passwords. 5.3.20 at present.
-M
From: Tom Collins <[EMAIL PROTECTED]>
To: vpopmail list <[EMAIL PROTECTED]>
Subject: Re: [vchkpw] SMTP-Auth bug in passwords?
Date: Tue, 9 Sep 2003 21:24:31 -0700
On Tuesday, September 9, 2003, at 08:40 PM, Mike Miller wrote:
On Tuesday, September 9, 2003, at 10:06 PM, Anthony Baratta wrote:
Doesn't the AUTH LOGIN state that he's going to use Base64 encoding??
If he put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
So this appears to be a problem with LOGIN, either in the patch or
with vPopmail.
When vpo
I apologize for sending a copy directly to you Anthony, reply button in
evolution is a little crazy sometimes :)
On Wed, 2003-09-10 at 00:06, Anthony Baratta wrote:
> Tom...
>
> Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he
> put in AUTH CRAM-MD5 then it would be ex
At 09:24 PM 9/9/2003, Tom Collins wrote:
Are you using MD5 passwords (go to your vpopmail source directory and
`grep MD5 config.h`)? If not, I think crypt() only uses the first 8
characters of the password. I'm not sure what the limit is if you're
using MD5.
Tom...
Doesn't the AUTH LOGIN sta
On Tuesday, September 9, 2003, at 08:40 PM, Mike Miller wrote:
Looking just below, the SPAMmer who made use of this, used the same
username and password. I then tried the base64 password for their
'webmaster00' password and that [d2VibWFzdGVyMDA=] works as well. I
then tried truncating their
Hi,
This is in regards to SMTP-AUTH and an interesting bug which is creeping
up somewhere.
We had a customer who recently had a username of webmaster and a password
of webmaster00. From the standard pop3 authentication, there was no issue
with this username and password. For some reason, o