RE: [Exim] Exim SPA Authentication

Top Page
Delete this message
Reply to this message
Author: Spencer, Brent
Date:  
To: Spencer, Brent, 'exim-users@exim.org'
Subject: RE: [Exim] Exim SPA Authentication
After some troubleshooting, my Microsoft Secure Password Authentication
(SPA) problem has been solved by out in house programmer. The problem is as
follows:

- Exim is indicating in its Authentication Request message (Type 1) that it
can
transmit text in either Unicode or OEM format.

- Microsoft's SMTP server (smtp.email.msn.com) is responding in its
Challenge
message (Type 2) that it will be expecting the OEM format.

- Exim does not pay attention to the text format requested by Microsoft's
SMTP
server and, instead, defaults to using the Unicode format.

Here is the "diff" of the original "auth-spa.c" and the new "auth-spa.c"
that uses the text format requested by the SMTP server in its Challenge
message (Type 2).

----------------------------------------------------------------------------
-------

--- auth-spa.c 2003-05-12 06:39:18.000000000 -0700
+++ /auth-spa.c.working 2003-08-06 16:09:27.000000000 -0700
@@ -1416,6 +1416,7 @@
{
uint8x lmRespData[24];
uint8x ntRespData[24];
+ uint cf;
char *d = strdup (GetUnicodeString (challenge, uDomain));
char *domain = d;
char *u = strdup (user);
@@ -1434,11 +1435,19 @@
memcpy (response->ident, "NTLMSSP\0\0\0", 8);
SIVAL (&response->msgType, 0, 3);

-  spa_bytes_add (response, lmResponse, lmRespData, 24);
-  spa_bytes_add (response, ntResponse, ntRespData, 24);
-  spa_unicode_add_string (response, uDomain, domain);
-  spa_unicode_add_string (response, uUser, u);
-  spa_unicode_add_string (response, uWks, u);
+  cf = IVAL(&challenge->flags, 0);
+  spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0);
+  spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x80000) ? 24 :
0);
+
+  if (cf & 0x1) {      /* Unicode Text */
+       spa_unicode_add_string (response, uDomain, domain);
+       spa_unicode_add_string (response, uUser, u);
+       spa_unicode_add_string (response, uWks, u);
+  } else {                                     /* OEM Text */
+       spa_string_add (response, uDomain, domain);
+       spa_string_add (response, uUser, u);
+       spa_string_add (response, uWks, u);
+  }
   spa_string_add (response, sessionKey, NULL);


response->flags = challenge->flags;

----------------------------------------------------------------------------
-------

I hope this helps someone else in the MSN world. If anyone has questions,
please feel free to contact me.

Brent Spencer

-----Original Message-----
From: Spencer, Brent [mailto:Brent.Spencer@avnet.com]
Sent: Tuesday, August 05, 2003 1:21 PM
To: 'exim-users@???'
Subject: [Exim] Exim SPA Authentication


I am using the Cygwin port of Exim 4.20 as follows:

Exim version 4.20 #1 built 15-May-2003 19:33:41
Copyright (c) University of Cambridge 2003
Probably GDBM (native mode)
Support for: OpenSSL
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply pipe smtp
Configuration file is /etc/exim.conf

I have configured Exim as outlined at
http://slackware.duffs.org/Documentation/eximconfig.html, using the
"exim.conf" file provided and inserting my actual MSN username and password
where instructed.

I, however, receive the following SMTP messages which may indicate that
Exim's SPA implementation is not working. I am able to successfully send
directly to smtp.email.msn.com using Microsoft Outlook Express with SPA
activated. So, I know that the SMTP server is functioning properly.

LOG: queue_run MAIN
Start queue run: pid=668 -qff
Connecting to smtp.email.msn.com [65.54.241.131]:25 ... connected
SMTP<< 220 BAY0-SMTP12.adinternal.hotmail.com Microsoft ESMTP MAIL
Service, Version: 5.0.2195.5600 ready at Tue, 5 Aug 2003 12:36:21 -0700
SMTP>> EHLO

  SMTP<< 250-BAY0-SMTP12.adinternal.hotmail.com Hello [207.95.234.150]
         250-TURN
         250-ATRN
         250-SIZE 3145728
         250-ETRN
         250-PIPELINING
         250-DSN
         250-ENHANCEDSTATUSCODES
         250-8bitmime
         250-BINARYMIME
         250-CHUNKING
         250-VRFY
         250-AUTH MSN
         250 OK

SMTP>> AUTH msn

SMTP<< 334 MSN supported.
SMTP>> ************************************************************

SMTP<< 334 TlRMTVNTUAACAAAACwALACAAAAACAgAANCgyjX/eiHhCQVkwLVNNVFAxMg==
SMTP>>
****************************************************************************
****************************************************************************
****************************************************************************
****
SMTP<< 451 Requested action aborted: local error in processing
SMTP>> QUIT

LOG: MAIN
SMTP error from remote mailer after
****************************************************************************
****************************************************************************
****************************************************************************
****: host smtp.email.msn.com [65.54.241.131]: 451 Requested action aborted:
local error in processing
LOG: MAIN
== brent.spencer@??? R=send_to_gateway T=remote_smtp defer (0): SMTP
error from remote mailer after
****************************************************************************
****************************************************************************
****************************************************************************
****: host smtp.email.msn.com [65.54.241.131]: 451 Requested action aborted:
local error in processing
LOG: queue_run MAIN
End queue run: pid=668 -qff

If someone has an updated Exim "spa" driver or can see a problem with my
configuration, I would greatly appreciate the assistance.

Thank you,

Brent Spencer


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##