[Vmail-discuss] smtp auth
Franz Georg =?iso-8859-1?Q?K=F6hler?=
lists@xxxxxxxxxxx
Sat, 17 Nov 2001 20:30:17 +0100
On Fri, Nov 16, 2001 at 09:31:30PM +0100, Franz Georg K=F6hler <lists@openu=
nix.de> wrote:
> On Tue, Nov 13, 2001 at 12:39:14AM +0100, Jakob Hirsch <jh@plonk.de> wrot=
e:
> >> Is there anyone who is running exim smtp auth with the vmail/sql
> >> data?
> >=20
> > Sure. I had to fiddle with this for a while since I found no real
> > documentation for this, only parts of configs from others. We
> > currently use the first part (plaintext passwords), but I'll add some
> > older config lines with md5 which may work, but I don't know any more.
> > It should not be to hard to change it to one of the other hash_methods
> > and maybe it would be nice to have one for all, but I don't think it's
> > worth the work.
> > remarks:
> > - Mac-Outlook is able to use AUTH only since v5.02 and if you _don't_
> > use @ as a user-domain seperator. This seems strange, since
> > POP3-Login with user@domain works flawless.
> > - valid seperators are "@%!". You can simple add more.
> >=20
> >=20
> >=20
> > # announce AUTH to hosts not in relay_networks
> > host_auth_accept_relay =3D *
> > ...
> >=20
> > ### AUTHENTICATION CONFIGURATION ###
> >=20
> > # PLAIN: user and pass as base64-coded string
> > # used by: Netscape
> > plain:
> > driver =3D plaintext
> > public_name =3D PLAIN
> > server_condition =3D "${if and { \
> > {!eq {$2}{}} \
> > {!eq {$3}{}} \
> > {eq {\\{plaintext\\}$3}{${lookup mysql { \
> > select password_hash from popbox \
> > where local_part=3D'${extract {1}{@%!}{$2}}' \
> > and domain_name=3D'${extract {2}{@%!}{$2}}' \
> > }{$value}{*:*}}} \
> > }}{1}{0}}"
> > server_set_id =3D $2
> >=20
> > # LOGIN: challenge from server gets md5-encoded with pass, as hex
> > # with user prepended sent as md5
> > # used by: Outlook Express
> > login:
> > driver =3D plaintext
> > public_name =3D LOGIN
> > server_prompts =3D "Username:: : Password::"
> > server_condition =3D "${if and { \
> > {!eq {$1}{}} \
> > {!eq {$2}{}} \
> > {eq {\\{plaintext\\}$2}{${lookup mysql { \
> > select password_hash from popbox \
> > where local_part=3D'${extract {1}{@%!}{$1}}' \
> > and domain_name=3D'${extract {2}{@%!}{$1}}' \
> > }{$value}{*:*}}} \
> > }}{1}{0}}"
> > server_set_id =3D $1
> >=20
> >=20
> > end
> >=20
> > ### END AUTHENTICATION CONFIGURATION ###
> >=20
> >=20
> > ### untested... ###
> >=20
> > plain:
> > driver =3D plaintext
> > public_name =3D PLAIN
> > server_condition =3D "${if and { \
> > {!eq {$2}{}} \
> > {!eq {$3}{}} \
> > {eq {${md5:$3}}{${lookup mysql { \
> > select password_hash from popbox \
> > where local_part=3D'${extract {1}{@%!}{$2}}' \
> > and domain_name=3D'${extract {2}{@%!}{$2}}' \
> > }{$value}{*:*}}} \
> > }}{1}{0}}"
> > server_set_id =3D $2
> >=20
> > login:
> > driver =3D plaintext
> > public_name =3D LOGIN
> > server_prompts =3D "Username:: : Password::"
> > server_condition =3D "${if and { \
> > {!eq {$1}{}} \
> > {!eq {$2}{}} \
> > {eq {${md5:$2}}{${lookup mysql { \
> > select password_hash from popbox \
> > where local_part=3D'${extract {1}{@%!}{$1}}' \
> > and domain_name=3D'${extract {2}{@%!}{$1}}' \
> > }{$value}{*:*}}} \
> > }}{1}{0}}"
> > server_set_id =3D $1
> >=20
> > end
>=20
> This does work for me, however, as Eric Renfro pointed out, there is a
> problem with those {md5} hashes, I solved it by simply deleting the code
> which adds the {md5} thingies in line 90 of PasswordCrypt.pm , so
> everything works perfectly now.
I'm wondering if it is a good idea to switch to plain text passwords
and offer apop?
What is the reason the passwords are md5 crypted, anyway?
My database is supposed to be secure, just as the connection between the
database and the mailserver...?
--=20
+--------------------------------------------------------------------------+
| http://www.hanau.net/fgk/ When in doubt, tell the truth. |
| 0x5E7A588D -- Mark Twain |
+--------------------------------------------------------------------------+