[Exim] Some interesting problems I ran into today regarding …

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Daniel Einspanjer
日付:  
To: tpop3d-discuss, exim-users
題目: [Exim] Some interesting problems I ran into today regarding Exim SMTP-Auth, tpop3d, and vmail-sql
Well, in a post to the exim-users group a few days ago, I mentioned the problem I started having with SMTP-Auth when I upgraded to Exim-3.34. After putting some debug statements into the code that Phillip suggested, I discovered that my authentication sections in the exim.conf file were totally fubared and that the only reason it was working prior to 3.34 was because of a bug where exim took the empty string crypt() returned if the salt was empty and authenticated.

I fixed my plain and login authenticators and then discovered that exim was attempting to compare the password given with crypt() when in fact, what was stored in the database by vmail-sql was an MD5 digest. Oops.
So. I prefixed the password with {md5} in my exim.conf, but it still didn't work. I'm not one hundred percent positive, but I believe it is because exim is using a base 64 digest whereas vmail-sql/tpop3d is using a base 32..

Well, I think it would be possible to tweak either of these programs to match the other, but I wasn't really comfortable with doing either, so I decided to take a third approach and change the vmail-sql scripts to store the password in plaintext as well as digest. This is bad, and I don't like it, but it has to happen eventually anyway if I want to switch to APOP from what I understand.

I don't really have any questions regarding this, which is good news, but I would like to know if other people out there have come up with better ways to do the combination of POP and SMTP authentication, preferably using tpop3d and vmail-sql. I would be happy to volunteer some of my time to compiling these configurations together and making them available to the masses of people who have problems in this area all the time (to judge from the mailing lists). :)

Anyway, feel free to reply to me directly or on the list if you have anything you'd like to donate.

Daniel Einspanjer
daniel@???