vchkpw fails and then succeeds!

Message

blueribbon · Post by **blueribbon** » Mon Dec 06, 2004 10:01 pm

I'm using a typical qmail+vpopmail setup, and everything is going alright, except for the smtp auth.
When a user tries to authenticate itself, the first time vchkpw fails

Code: Select all

Dec  6 21:50:08 [vpopmail] vchkpw-smtp: password fail

but then it succeeds immediatly after

Code: Select all

Dec  6 21:50:13 [vpopmail] vchkpw-smtp: (PLAIN) login success

This is very annoying, besides the fact that this only happens with Thunderbird, with other e-mail clients they give an error message and the connection is terminated. Is there any way to solve this thing?

blueribbon · Post by **blueribbon** » Tue Dec 07, 2004 11:41 am

No help? Can I be the only one who has a problem like that?

Private_X · Post by **Private_X** » Fri Dec 10, 2004 9:16 pm

I just figured that out. I have the same problem and was wondering why it is like that. It currently looks like this:

Code: Select all

# nc localhost 25
220 yourdomain ESMTP
EHLO yourdomain
250-yourdomain
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-SIZE 0
250-PIPELINING
250 8BITMIME

qmail says that he is capable of doing cram-md5 as auth methode. So the mailclient tries to do the most secure way and takes cram-md5. For this you nedd cleartext passwords on both sides. On the server side you probably don't have. But there is a useflag for this case

Try reemerging vpopmail with

Code: Select all

USE="clearpasswd" emerge -pv vpopmail

I didn't try it yet but it should do the trick.

If you like to read more about it http://www.mail-archive.com/vchkpw@inte ... 19623.html

blueribbon · Post by **blueribbon** » Sat Dec 11, 2004 2:13 am

Thanks. I see, but I don't think keeping clear text password is very secure, nor ethical.
I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays.

Private_X · Post by **Private_X** » Sat Dec 11, 2004 9:46 am

I see, but I don't think keeping clear text password is very secure, nor ethical.

I don't think it is a good idea to keep them in clear text either but I didn't find a way to disable CRAM-MD5 in qmail.

I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays.

How did you disable CRAM-MD5 as auth methode? What mta are you using?

blueribbon · Post by **blueribbon** » Sat Dec 11, 2004 12:53 pm

Private_X wrote:
I see, but I don't think keeping clear text password is very secure, nor ethical.
I don't think it is a good idea to keep them in clear text either but I didn't find a way to disable CRAM-MD5 in qmail.

I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays.
How did you disable CRAM-MD5 as auth methode? What mta are you using?

I'm using qmail.

Code: Select all

ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild unpack
cd /var/tmp/portage/qmail-1.03-r13/work/qmail-1.03
nano -w qmail-smtpd.c

Comment out/delete the line that says "#define AUTHCRAM"

Code: Select all

ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild merge
/etc/init.d/svscan restart

You should be done.

Private_X · Post by **Private_X** » Sat Dec 11, 2004 1:50 pm

Thanks a lot. I was always looking for an option where I can deactivate it. I didn't think so far to patch it in the c file.
Now it is running perfect without errors.

This was teamwork I guess

blueribbon · Post by **blueribbon** » Sat Dec 11, 2004 1:58 pm

Yeah, team work rules

Skywacker · Post by **Skywacker** » Thu Jan 20, 2005 2:55 pm

Hmmm, when I tried I got this

Code: Select all

 ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild unpack >>> md5 src_uri ;-) qmail-1.03.tar.gz
>>> md5 src_uri ;-) qmailqueue-patch
>>> md5 src_uri ;-) big-todo.103.patch
>>> md5 src_uri ;-) qmail-link-sync.patch
>>> md5 src_uri ;-) big-concurrency.patch
>>> md5 src_uri ;-) qmail-0.0.0.0.patch
>>> md5 src_uri ;-) sendmail-flagf.patch
>>> md5 src_uri ;-) qmail-1.03-qmtpc.patch
>>> md5 src_uri ;-) qmail-smtpd-relay-reject
>>> md5 src_uri ;-) qmail-local-tabs.patch
>>> md5 src_uri ;-) qmail-maildir++.patch
>>> md5 src_uri ;-) qmail-date-localtime.patch.txt
>>> md5 src_uri ;-) qmail-limit-bounce-size.patch.txt
>>> md5 src_uri ;-) qmail-103.patch
>>> md5 src_uri ;-) qregex-starttls-2way-auth.patch
>>> md5 src_uri ;-) qmail-remote-auth-patch-doc.txt
>>> md5 src_uri ;-) qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2
>>> md5 src_uri ;-) qmail-popupnofd2close.patch
>>> md5 src_uri ;-) qmail-1.03-reread-concurrency.2.patch
>>> md5 src_uri ;-) 08-capa.diff
>>> Unpacking source...
>>> Unpacking qmail-1.03.tar.gz to /var/tmp/portage/qmail-1.03-r13/work
 * Adding SMTP AUTH (2 way), Qregex and STARTTLS support                  [ ok ]

 * Cannot find $EPATCH_SOURCE!  Value for $EPATCH_SOURCE is:
 *
 *   /var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/smtp-auth-close3.patch


!!! ERROR: mail-mta/qmail-1.03-r13 failed.
!!! Function epatch, Line 262, Exitcode 0
!!! Cannot find $EPATCH_SOURCE!
!!! If you need support, post the topmost build error, NOT this status message.

I think this means I need to find this file.
/var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/smtp-auth-close3.patch

/var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/ has no files dir.

ideas how to get them?

Private_X · Post by **Private_X** » Thu Jan 20, 2005 3:42 pm

Try downloading it by hand and put it into the files dir. I think this helped me out.