Re: [Exim] asmtp questions

Top Page
Delete this message
Reply to this message
Author: Paul Kelly
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] asmtp questions
hi,
The problem with pegasus mail astmp and cram-md5 seems to be in the
length checking of the reply string the clients sends back to the servers
initial challenge.

expand_nlength[1] = clear - expand_nstring[1] - 1;
if (len - expand_nlength[1] - 1 != 32) return FAIL;

ok if you try using the login: ph10 len comes back from auth_b64decode()
as 38 characters, the code will deduct 4 for the ph10 username from 38 and
then minus 1.. i would presume this is to take account of the whitespace
between ph10 and the 32bit challenge response. so... 38 - 4 - 1 = 33 and
not 32. a strlen() on the clear pointer returns 37 characters.

Im not really sure, but i think the problem may be in b64decode.c not
decrementing one from the value it returns for the extra added 0 as stated
at the top of the file.?
changing:

return result - *ptr;

to

return result - *ptr-1;

seems to work ok and the client sends

Still havent had any luck getting outlook to work with AUTH LOGIN, maybe
if i mail Microsoft ;)

Thanks
Paul Kelly

----------------------------------------------
Paul Kelly        pkelly@???
U-NET Internet Noc    Some day now!


On Fri, 24 Sep 1999, Philip Hazel wrote:

> On Thu, 23 Sep 1999 pkelly@??? wrote:
>
> > just having a go at the latest exim test (3.036) with asmtp, i have
> > tried to get a few client mail progs working with different authentication
> > types and there seems to be a few problem.. although im not sure if these
> > are problems with exim or the various "quality" windows clients i have
> > tried.
>
> Thanks for the feedback. I think you are the first to test CRAM-MD5 with
> a real client. I was just working from RFC 2195. I tested the MD5
> functions in Exim against the published examples. I've also used the
> same code in another application which works with someone else's code,
> so I don't think the fault is in the MD5 computation. There are some
> examples of CRAM-MD5 in 2195, and I checked that it agreed with them.
>
> > C: AUTH CRAM-MD5\r\n
> > S: 334 PDQzMy45MzgxMDIyMDRAZGIubm9jLnUtbmV0Lm5ldD4=\r\n
>
> That decodes as
>
> <433.938102204@???>
>
> which seems fine.
>
> > C: cGgxMCA4OTg1MjBiYTk0ZDcwMDZhYjIxNTFhMTMwN2EzYjMyMg==\r\n
>
> That decodes as
>
> ph10 898520ba94d7006ab2151a1307a3b322
>
> Did you intend to try to authenticate using my id (ph10)?
>
> > the exim config is a straight copy/paste from the NewStuff example.. and
> > yes, i did type in the username/pass into winpmail correctly and in
> > lower case.
>
> I have just tried this same exchange, using Exim as a client, and for
> the given challenge, it sent back the same response, viz
>
> cGgxMCA4OTg1MjBiYTk0ZDcwMDZhYjIxNTFhMTMwN2EzYjMyMg==
>
> So it is doing exactly the same thing as your client. Given that the
> server and client code call the same function for computing the MD5
> digest, this makes things very odd. The way to check is to insert
> debugging code around line 194 in auths/cram_md5.c, which is where the
> server computes the digest with this code:
>
> /* Compute the CRAM-MD5 digest that we should have received from the client. */
>
> compute_cram_md5(secret, challenge, digest);
>
> Printing out the value of the secret and the challenge would confirm
> that it is using the right values. I guess I should put some permanent
> debugging in there for future use.
>
> > Outlook Express 5 :
>
> > outlook just seems to send carraige returns when it should be sending the
> > login details.
>
> It should be sending user name and password at those prompts.
>
> > These are the only two clients i've tried so far, does anyone know of any
> > other windows/mac clients that support asmtp?
>
> Pine 4 supports LOGIN. Netscape supports PLAIN. I have tested both of
> those with Exim, but only from the Unix versions.
>
> -- 
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>