On Thu, 23 Sep 1999 pkelly@??? wrote:
> just having a go at the latest exim test (3.036) with asmtp, i have
> tried to get a few client mail progs working with different authentication
> types and there seems to be a few problem.. although im not sure if these
> are problems with exim or the various "quality" windows clients i have
> tried.
Thanks for the feedback. I think you are the first to test CRAM-MD5 with
a real client. I was just working from RFC 2195. I tested the MD5
functions in Exim against the published examples. I've also used the
same code in another application which works with someone else's code,
so I don't think the fault is in the MD5 computation. There are some
examples of CRAM-MD5 in 2195, and I checked that it agreed with them.
> C: AUTH CRAM-MD5\r\n
> S: 334 PDQzMy45MzgxMDIyMDRAZGIubm9jLnUtbmV0Lm5ldD4=\r\n
That decodes as
<433.938102204@???>
which seems fine.
> C: cGgxMCA4OTg1MjBiYTk0ZDcwMDZhYjIxNTFhMTMwN2EzYjMyMg==\r\n
That decodes as
ph10 898520ba94d7006ab2151a1307a3b322
Did you intend to try to authenticate using my id (ph10)?
> the exim config is a straight copy/paste from the NewStuff example.. and
> yes, i did type in the username/pass into winpmail correctly and in
> lower case.
I have just tried this same exchange, using Exim as a client, and for
the given challenge, it sent back the same response, viz
cGgxMCA4OTg1MjBiYTk0ZDcwMDZhYjIxNTFhMTMwN2EzYjMyMg==
So it is doing exactly the same thing as your client. Given that the
server and client code call the same function for computing the MD5
digest, this makes things very odd. The way to check is to insert
debugging code around line 194 in auths/cram_md5.c, which is where the
server computes the digest with this code:
/* Compute the CRAM-MD5 digest that we should have received from the client. */
compute_cram_md5(secret, challenge, digest);
Printing out the value of the secret and the challenge would confirm
that it is using the right values. I guess I should put some permanent
debugging in there for future use.
> Outlook Express 5 :
> outlook just seems to send carraige returns when it should be sending the
> login details.
It should be sending user name and password at those prompts.
> These are the only two clients i've tried so far, does anyone know of any
> other windows/mac clients that support asmtp?
Pine 4 supports LOGIN. Netscape supports PLAIN. I have tested both of
those with Exim, but only from the Unix versions.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.