[toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Zachariah T Hall 

Followed most of the directions in the toaster, the only patch I left
out was the chkuser patch due to an error that I can't honestly
remember.  

I can send email from outside the network to an address outside the
network with AUTH LOGIN and PLAIN.  But when I use CRAM-MD5 I get bad
authentication.  I don't understand what's going on anymore and would
accept any help that might point me in the right direction.  

highspeedlink.net is the server I'm setting up.  SSL works fine as
well,infact everything works except for this.  


Thanks in advance for any help,

Zach Hall

[toaster] auth cram-md5 no work, very sad

2004-01-28 Thread Zachariah T Hall 

Ok.  I installed :

vpopmail-rc2 devel latest with auth-mysql, clear passwords w/ enc
pass's, one table for each domain.

qmail-1.03 with your large multi-patch and chkusr.mysql.tmda.patch

Used all the qmail start scripts, and all that good stufff.

Haven't added any spam detection or really anything yet other than just
integration into mysql.  



Can't get auth cram-md5 to work though.  Every other form of auth and
uncontested login is fine.  Any help I suppose in just understanding how
cram-md5 is called and how I can check that for logs, or how i can watch
it run perhaps..  

In googling I found a guy who said the qmail-smtp-auth.3.1 patch breaks
cram-md5 and has made his own smtp-auth based off the original with bug
fixes.  Now I can't find his page though. Figures.

Anyway, any help would be appreciated.

ZTH

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Bill Shupp 
Zachariah T Hall wrote:
Followed most of the directions in the toaster, the only patch I left
out was the chkuser patch due to an error that I can't honestly
remember.  

I can send email from outside the network to an address outside the
network with AUTH LOGIN and PLAIN.  But when I use CRAM-MD5 I get bad
authentication.  I don't understand what's going on anymore and would
accept any help that might point me in the right direction.  

highspeedlink.net is the server I'm setting up.  SSL works fine as
well,infact everything works except for this.  

Thanks in advance for any help,
I just checked with OS X's Mail client, and it now tries to issue the 
CAPA command when you set it to use CRAM-MD5.  When the command is not 
understood, it terminates the connection.  I suspect this might be 
what's happening with you as well.  To determine this, try putting 
"recordio" just before you call qmail-popup in your run file for pop, 
then restart the pop server.  Next, make a connection with your client, 
and watch the log file to view the actual conversation.  Mine looks like 
this:

@40004017d73a022b7544 tcpserver: pid 10338 from 4.60.15.238
@40004017d73a022c6b5c tcpserver: ok 10338 0:216.234.249.114:110 
:4.60.15.238::52038
 40004017d73a024f50f4 10338 > +OK <[EMAIL PROTECTED]>
 40004017d73a060ce1ac 10338 < CAPA
 40004017d73a060e29cc 10338 > -ERR authorization first
@40004017d73a0a3f40bc 10338 < [EOF]
@40004017d73a0a42a004 tcpserver: end 10338 status 256

However, I have entries in my syslog of other users using CRAM-MD5 
successfully, so I know it works.  I have a patch to add CAPA command 
support to qmail-popup around here somewhere, that was done by Vladimir 
Kabanov long ago.  I'll see if I can find it and test it out.  I might 
add it to my qmail patch.

Regards,

Bill Shupp

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Tom Collins 
On Jan 28, 2004, at 2:22 AM, Zachariah T Hall wrote:
I can send email from outside the network to an address outside the
network with AUTH LOGIN and PLAIN.  But when I use CRAM-MD5 I get bad
authentication.  I don't understand what's going on anymore and would
accept any help that might point me in the right direction.
With vpopmail 5.4.0-rc2, make sure you're using the latest SMTP-AUTH 
patch from .  Also note that 
that patch changes the parameter list to qmail-smtpd in the run file.  
You need to REMOVE the hostname.

I've had reports that this combination works.  I haven't been able to 
test it myself yet.

Bill, you might need to update your toaster instructions if the new 
vpopmail doesn't work with the older version of the SMTP AUTH patch.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter handheld Network Tester: http://sniffter.com/

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Bill Shupp 
Tom Collins wrote:
On Jan 28, 2004, at 2:22 AM, Zachariah T Hall wrote:

I can send email from outside the network to an address outside the
network with AUTH LOGIN and PLAIN.  But when I use CRAM-MD5 I get bad
authentication.  I don't understand what's going on anymore and would
accept any help that might point me in the right direction.


With vpopmail 5.4.0-rc2, make sure you're using the latest SMTP-AUTH 
patch from .  Also note that 
that patch changes the parameter list to qmail-smtpd in the run file.  
You need to REMOVE the hostname.

I've had reports that this combination works.  I haven't been able to 
test it myself yet.

Bill, you might need to update your toaster instructions if the new 
vpopmail doesn't work with the older version of the SMTP AUTH patch.
Thanks Tom, I was not aware of this.  I'll look into this later this 
week, and probably update my patch.

Regards,

Bill Shupp

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Tom Collins 
On Jan 28, 2004, at 9:00 AM, Bill Shupp wrote:
@40004017d73a022b7544 tcpserver: pid 10338 from 4.60.15.238
@40004017d73a022c6b5c tcpserver: ok 10338 0:216.234.249.114:110 
:4.60.15.238::52038
 40004017d73a024f50f4 10338 > +OK <[EMAIL PROTECTED]>
 40004017d73a060ce1ac 10338 < CAPA
 40004017d73a060e29cc 10338 > -ERR authorization first
@40004017d73a0a3f40bc 10338 < [EOF]
@40004017d73a0a42a004 tcpserver: end 10338 status 256
This looks like a POP session.  I think the original sender was talking 
about SMTP AUTH.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter handheld Network Tester: http://sniffter.com/

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Bill Shupp 
Tom Collins wrote:

On Jan 28, 2004, at 9:00 AM, Bill Shupp wrote:

@40004017d73a022b7544 tcpserver: pid 10338 from 4.60.15.238
@40004017d73a022c6b5c tcpserver: ok 10338 0:216.234.249.114:110 
:4.60.15.238::52038
 40004017d73a024f50f4 10338 > +OK <[EMAIL PROTECTED]>
 40004017d73a060ce1ac 10338 < CAPA
 40004017d73a060e29cc 10338 > -ERR authorization first
@40004017d73a0a3f40bc 10338 < [EOF]
@40004017d73a0a42a004 tcpserver: end 10338 status 256


This looks like a POP session.  I think the original sender was talking 
about SMTP AUTH.
Yeah, you're right.

I've looked over the smtp-auth link you sent, but am confused about the 
base64 part.  Would you call the base64 tool after qmail-popup (or 
qmail-smtpd), but before vchkpw?  And have you tested this?

Thanks,

Bill

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Tom Collins 
On Jan 28, 2004, at 10:19 AM, Bill Shupp wrote:
I've looked over the smtp-auth link you sent, but am confused about 
the base64 part.  Would you call the base64 tool after qmail-popup (or 
qmail-smtpd), but before vchkpw?  And have you tested this?
The base64 tool is just useful for manually testing the AUTH LOGIN 
method.

Running `echo -n "[EMAIL PROTECTED]" | base64 -e` gives you 
"cG9zdG1hc3RlckB0ZXN0LmNvbQ==", the base64 encoded text to send to the 
server.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter handheld Network Tester: http://sniffter.com/

Re: [toaster] AUTH CRAM-MD5, just can't get it to work.

2004-01-28 Thread Bill Shupp 
Tom Collins wrote:
On Jan 28, 2004, at 10:19 AM, Bill Shupp wrote:

I've looked over the smtp-auth link you sent, but am confused about 
the base64 part.  Would you call the base64 tool after qmail-popup (or 
qmail-smtpd), but before vchkpw?  And have you tested this?


The base64 tool is just useful for manually testing the AUTH LOGIN method.

Running `echo -n "[EMAIL PROTECTED]" | base64 -e` gives you 
"cG9zdG1hc3RlckB0ZXN0LmNvbQ==", the base64 encoded text to send to the 
server.
Got it, thanks.

Bill

[toaster] Authdaemond ldap

2004-01-28 Thread Manuel Portela 
Hi,

I recently setup a new Bill's Toaster on a RedHat9. Everything is fine, 
but I'm wondering about those LDAP AuthDaemons started, to be read on my 
'#ps ax':

   /usr/lib/courier-imap/libexec/authlib/authdaemond.ldap start

I just need vcheckpw as authdaemon, which was selected in 
"/usr/lib/courier-imap/etc/authdaemonrc", wherin I edited the line 
>authmodulelist="authvchkpw"<

Is that configuration allright like this. I read about the authdaemon, 
that it will run the first file in 
"/usr/lib/courier-imap/libexec/authlib/" that will fit. There is also a 
file called authdaemond.plain.

Can you fill me in about this.

Thanks

Manuel