[Vmail-discuss] smtp auth again

Manuel Giorgini Manuel Giorgini <giorgini at interlogica.net>
Wed, 9 Nov 2005 16:02:04 +0100 

[2005-11-09 15:48:41] Litzler Mihaly,

LM> +-------------+------------+-------------------+-----------+-------+
LM> | domain_name | local_part | password_hash     | mbox_name | quota |
LM> +-------------+------------+-------------------+-----------+-------+
LM> | hit.hu      | litzlerm   | {plaintext}i27j3u | litzlerm  | 10M   |
LM> +-------------+------------+-------------------+-----------+-------+
LM> 1 row in set (0.00 sec)

In my version of vmail-sql I do not get the {} marker in the password hash. I
only get the md5 hash:

+--------------+------------+----------------------------------+-----------+---------+
| domain_name  | local_part | password_hash                    | mbox_name | clearpw |
+--------------+------------+----------------------------------+-----------+---------+
| mydomain.tld | abcde      | e2920f7540df417015fd7b753d619c55 | abcde     | X       |
+--------------+------------+----------------------------------+-----------+---------+

I wish someone else could confirm this, but I am afraid you might need to cut
that off in some way. Off the top of my head i can't remember whether mysql
has any kind of regex support for string functions, if it does, it should be
quite easy. If not, and you only use plaintext passwords, you might put in
place a poor man's solution and just cut off the first 11 bytes.

LM> vmail_login:
LM>         driver = plaintext
LM>         public_name = LOGIN
LM>         server_prompts = "Username:: : Password::"
LM>         server_condition = ${if eq {1}{${lookup mysql{select count(*) from
LM> popbox where concat(local_part,'@',domain_name) = '$1' and
LM> password_hash=md5('$2')}}}{yes}{no}}
LM>         server_set_id = $1
LM> # End of Exim configuration file

and therefore the query here should read,

    select count(*)
    from popbox
    where concat ( local_part,'@',domain_name ) = '$1'
    and password_hash = f('$2')

where f() is a combination of mysql string functions so designed to return
'i27j3u' from your record up there.

LM> ps: sorry for long mail

It's ok.


Cordialità / Best regards / Gxis la
------------------------------------------------------------------------
Manuel Giorgini <giorgini@interlogica.net>, Programmatore
INTERLOGICA e-business solutions -  http://www.interlogica.net
Via Fusinato, 27 - IT 30171 Mestre VE - Italia - Unione Europea
Tel +39 041 099 30 00 (6 linee r.a.) - Fax +39 041 504 11 72
------------------------------------------------------------------------