[Vmail-discuss] vmail smtp auth
Donovan Craig
donovan at snapfrozen.com
Thu, 24 Jul 2003 23:09:44 +1000
Hi Jakob,
Thank's for your config.
This all leads to one question/problem/challenge.
Is it possible to modify the password that you are getting in any way
in order to compare it to what you are looking up ?
If I could just md5() the bit I get from the user, then I could use my
md5 password using the extraction method that Jakob has provided.
It would be nice to be able to add an SMTP auth option to vmail-sql
offering for all without having to create special passwords in the db
etc..
Thank's,
Donovan
On Tue, 22 Jul 2003 11:30:39 +0200
"Jakob Hirsch" <jh@plonk.de> was rumoured to have said:
> Donovan Craig wrote:
>
> > ---
> > alter table domain add smtp_auth varchar(20) default null;
> > ---
>
> So all pop-boxes of one domain will have one special password?
>
> > I know it's not the most secure way of doing it but it works for
> > what I need.
>
> > server_secret = ${lookup mysql{select smtp_auth from domain \
> > where domain_name = '$1' and smtp_auth !=
>
> Add least you should use quote_mysql.
>
> I use this in an exim3 config with passwords stored as
> "{plaintext}secret"(and some additional features):
>
> server_secret = ${lookup mysql { \
> SELECT password_hash FROM popbox \
> WHERE ( local_part = '${quote_mysql:${extract
> {1}{@%!}{$1}}}' \
> AND domain_name = '${quote_mysql:${extract
> {2}{@%!}{$1}}}' ) \
> OR oldpopuser = '${quote_mysql:$1}'} \
> {${extract {2}{\}}{$value}}} \
> {${lookup mysql{ \
> SELECT pass FROM odmr_user \
> WHERE user = '${quote_mysql:$1}'} \
> {$value}{fail}}} \
> }
>
> (don't know how much it differs in exim4)
>
>
> regards, Jakob
>
>