[Exim] SMTP AUTH using vmail tables: local_part and domain i…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Steve
Dátum:  
Címzett: exim-users
Tárgy: [Exim] SMTP AUTH using vmail tables: local_part and domain incorrect values / password hashing
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hello:

I have spent the entire day trying to resolve this myself (google search, mail archives, experimenting, etc.) but have had no luck.

I am setting up Exim (4.2.0) using the vmail-sql scripts with MySQL 4.0. (please let me know if there is other info I need to provide). I am also using tpop3d, but that does not seem to be relavant to this issue.

I am trying to enable smtp-auth using my database for use lookups.

------------
problem 1: the values of local_part:$2 and domain:$2 are incorrect.

My authentication looks like this

begin authenticators
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} \
    {crypteq{$3}{${extract{2}{:} \
    {${lookup mysql{select password_hash from popbox where mbox_name = \
    '${local_part:$2}' and domain_name = '${domain:$2}'} \
    {$value}{fail}}}}}}}{1}{0}}"
  server_set_id = $2


When I run exim -bh 209.190.205.156 -d here is the output

# exim -bh 209.190.205.149 -d
Exim version 4.20 uid=0 gid=0 pid=28707 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
Support for:
Authenticators: plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply pipe smtp
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=28707
auxiliary group list: <none>
configuration file is /etc/exim.conf
log selector = 020d99d8
trusted user
admin user
changed uid/gid: privilege not needed
uid=501 gid=12 pid=28707
auxiliary group list: <none>
originator: uid=0 gid=0 login=root name=root
sender address = root@???
sender_fullhost = [209.190.205.149]
sender_rcvhost = [209.190.205.149]

**** SMTP testing session as if from host 209.190.205.149
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in host_lookup? yes (matched "*")
looking up host name for 209.190.205.149
IP address lookup yielded steve.browsermedia.com
gethostbyname looked up these IP addresses:
name=steve.browsermedia.com address=209.190.205.149
checking addresses for steve.browsermedia.com
209.190.205.149
sender_fullhost = steve.browsermedia.com [209.190.205.149]
sender_rcvhost = steve.browsermedia.com ([209.190.205.149])
set_process_info: 28707 handling incoming connection from steve.browsermedia.com [209.190.205.149]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from steve.browsermedia.com [209.190.205.149]
SMTP>> 220 watto.browsermedia.com ESMTP Exim 4.20 Wed, 25 Jun 2003 17:09:42 -0400

220 watto.browsermedia.com ESMTP Exim 4.20 Wed, 25 Jun 2003 17:09:42 -0400
smtp_setup_msg entered
EHLO steve.browsermedia.com
SMTP<< EHLO steve.browsermedia.com
sender_fullhost = steve.browsermedia.com [209.190.205.149]
sender_rcvhost = steve.browsermedia.com ([209.190.205.149])
set_process_info: 28707 handling incoming connection from steve.browsermedia.com [209.190.205.149]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
250-watto.browsermedia.com Hello steve.browsermedia.com [209.190.205.149]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN
250 HELP
SMTP>> 250-watto.browsermedia.com Hello steve.browsermedia.com [209.190.205.149]

250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN
250 HELP
AUTH PLAIN AHVzZXIxLmNvbQB1c2VyMQ==
SMTP<< AUTH PLAIN AHVzZXIxLmNvbQB1c2VyMQ==
search_open: mysql "NULL"
search_find: file="NULL"
key="select password_hash from popbox where mbox_name = 'user1.com' and domain_name = ''" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=mysql key="select password_hash from popbox where mbox_name = 'user1.com' and domain_name = ''"
database lookup required for select password_hash from popbox where mbox_name = 'user1.com' and domain_name = ''
MYSQL query: select password_hash from popbox where mbox_name = 'user1.com' and domain_name = ''
MYSQL new connection: host=localhost port=0 socket=NULL database=virtualemail user=exim
MYSQL: no data found
lookup failed
crypteq: using crypt()
subject=
crypted=
plain authenticator:
$1 =
$2 = user1.com
$3 = user1
expanded string: 0
SMTP>> 535 Incorrect authentication data

535 Incorrect authentication data
LOG: MAIN REJECT
plain authenticator failed for steve.browsermedia.com [209.190.205.149]: 535 Incorrect authentication data (set_id=user1.com)

BTW - the AUTH string I am sending was created passing \0user1@???\0user1 to the perl script below.

use MIME::Base64;
printf ("%s", encode_base64(eval "\"$ARGV[0]\""));

(All the above I found amon the mail lists and doing Google searches)

Why are my local_part: and domain: values wrong.

-----------------

problem 2: password hashes fail

I hard coded into my exim.conf values to get around the issue I describe above. Now the sql fetches successfully, but the password is invalid. I ran across a posting where a gentleman stated that vmail and exim were using 64-bit vs 32-bit encodings (I don't recall which software was using which number of bits). However, I could not find a solution for this. Any ideas

Is anyone doing smtp auth against mysql tables created by vmail? Could you PLEASE share your settings/hints/whatever? I am new to Exim/vmail/tpop3d. Each package recommends the others, so it would seem this would be a common setup; or is this just not supported by my configuration?

TIA,

Steve B.
--