It is my understanding that this is not using CRAM-MD5 but PLAIN login, so those methods aren't affected. I used the http://members.elysium.pl/brush/qmail-smtpd-auth/ patch and haven't had difficulty using it from within netscape or other clients. I will be investigating further.
As far as I can tell, it's only on the AUTH LOGIN which I'm having this issue (although more testing is needed). It just doesn't seem to keep enough significant characters to return true. And in theory, the patch should just pass it's information off to vpopmail.
I'll do some more investigating later today and see what I can come up with. AUTH LOGIN sends the base64 (http://makcoder.sourceforge.net/demo/base64.php) encoded username and password [which is two-way, so really not as secure, but it's better than nothing], one per line.
-M
From: Jeremy Kitchen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [vchkpw] SMTP-Auth bug in passwords? Date: Wed, 10 Sep 2003 00:10:30 -0500
I apologize for sending a copy directly to you Anthony, reply button in evolution is a little crazy sometimes :)
On Wed, 2003-09-10 at 00:06, Anthony Baratta wrote:
> Tom...
>
> Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he
> put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
>
> So this appears to be a problem with LOGIN, either in the patch or with
> vPopmail.
>
> Do I have my logic wrong??
the smtp-auth patch you are probably using wrongly advertises that it can handle CRAM-MD5. Simply edit qmail-smtpd.c, search for the CRAM-MD5, remove it, rebuild qmail-smtpd, and you're set. I just did this today, and it worked fine.
-- Jeremy Kitchen Systems Administrator ..................... Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
