[tpop3d-discuss] Some interesting problems I ran into today regarding Exim SMTP-Auth, tpop3d, and vmail-sql

Daniel Einspanjer daniel-ml-reply at yipyip.com
Thu, 10 Jan 2002 18:01:28 -0500

Well, in a post to the exim-users group a few days ago, I=
 mentioned the problem I started having with SMTP-Auth when I=
 upgraded to Exim-3.34.  After putting some debug statements into=
 the code that Phillip suggested, I discovered that my=
 authentication sections in the exim.conf file were totally=
 fubared and that the only reason it was working prior to 3.34=
 was because of a bug where exim took the empty string crypt()=
 returned if the salt was empty and authenticated.

I fixed my plain and login authenticators and then discovered=
 that exim was attempting to compare the password given with=
 crypt() when in fact, what was stored in the database by=
 vmail-sql was an MD5 digest.  Oops.
So.  I prefixed the password with {md5} in my exim.conf, but it=
 still didn't work.  I'm not one hundred percent positive, but I=
 believe it is because exim is using a base 64 digest whereas=
 vmail-sql/tpop3d is using a base 32..

Well, I think it would be possible to tweak either of these=
 programs to match the other, but I wasn't really comfortable=
 with doing either, so I decided to take a third approach and=
 change the vmail-sql scripts to store the password in plaintext=
 as well as digest.  This is bad, and I don't like it, but it has=
 to happen eventually anyway if I want to switch to APOP from=
 what I understand.

I don't really have any questions regarding this, which is good=
 news, but I would like to know if other people out there have=
 come up with better ways to do the combination of POP and SMTP=
 authentication, preferably using tpop3d and vmail-sql.  I would=
 be happy to volunteer some of my time to compiling these=
 configurations together and making them available to the masses=
 of people who have problems in this area all the time (to judge=
 from the mailing lists). :)

Anyway, feel free to reply to me directly or on the list if you=
 have anything you'd like to donate.

Daniel Einspanjer