[tpop3d-discuss] Some interesting problems I ran into today regarding Exim SMTP-Auth, tpop3d, and vmail-sql

Paul Warren pdw at ex-parrot.com
Fri, 11 Jan 2002 09:24:47 +0000

On Thu, Jan 10, 2002 at 11:28:29PM +0000, Chris Lightfoot wrote:
> On Thu, Jan 10, 2002 at 06:01:28PM -0500, Daniel Einspanjer wrote:
> > I don't really have any questions regarding this, which
> > is good news, but I would like to know if other people out
> > there have come up with better ways to do the combination
> > of POP and SMTP authentication, preferably using tpop3d
> > and vmail-sql.  I would be happy to volunteer some of my
> > time to compiling these configurations together and making
> > them available to the masses of people who have problems
> > in this area all the time (to judge from the mailing
> > lists). :)
> Paul is the expert here, but basically we have implemented
> this by having the authentication running in perl; this
> allows you to re-use the PasswordCrypt module which comes
> with vmail-sql. I expect that this will make it into the
> vmail-sql distribution some time.

This is correct.  This has the advantage that it uses the {prefix}hash
style passwords used by vmail and tpop3d, allowing you to mix and match
hash methods as you please.  It also supports {plaintext}foo so that
tpop3d can do APOP.

You need a perl function like this:

use lib '/path/to/vmail/lib';
use PasswordCrypt;

sub md5check {
    $password = shift;
    $hash = shift;
    if (PasswordCrypt::authenticate($password,$hash)) {
        return "yes";
    } else {
        return "no";

You can then use a perl function in the authentication stage.

Please feel free to email the vmail list[0] with queries about this
sort of config.


[0] http://lists.beasts.org/mailman/listinfo/vmail-discuss