# Simple SMTP client with STARTTLS and AUTH support.
# Michal Ludvig <[EMAIL PROTECTED]>, 2003
# See http://www.logix.cz/~mic/devel/smtp for details.
# ./smtp-client.pl --host=<IP> --hello-host=breaded --disable-starttls --auth-plain --user=webmaster --pass=webmaster --from="[EMAIL PROTECTED]" --to="[EMAIL PROTECTED]" --data="txt"
-- works with password of 'webmaster' when the password if vpopmail is either webmaste, webmaster. As soon as I change it to webmast, it stops working. CRAM-MD5 will only work if the password is 100% acurate.
So --auth-cram-md5 won't work unless the password is right. --auth-login and --auth-plain will work if the password is webmaste, webmaster, webmaster0, webmaster00.
Very strange. Anything I can do to help. -M
From: Tom Collins <[EMAIL PROTECTED]> To: vpopmail list <[EMAIL PROTECTED]> Subject: Re: [vchkpw] SMTP-Auth bug in passwords? Date: Tue, 9 Sep 2003 22:23:27 -0700
On Tuesday, September 9, 2003, at 10:06 PM, Anthony Baratta wrote:Doesn't the AUTH LOGIN state that he's going to use Base64 encoding?? If he put in AUTH CRAM-MD5 then it would be expecting MD5 encoding.
So this appears to be a problem with LOGIN, either in the patch or with vPopmail.
When vpopmail stores passwords (at least in cdb), it either uses crypt() with a two-character salt and DES encoding (where only the first 8 characters of the password matter), or it uses an 8-character salt and MD5 encoding.
It would be interesting to see whether the problem exists when using CRAM-MD5 as well. It could also be isolated by trying to authenticate with qmailadmin or courier-imap and using just the first 8 characters of the password.
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
