[toaster] SMTP-AUTH and Checkpassword Failures

Thu, 23 Feb 2006 11:56:52 -0800 

I have a client who's qmail server was setup before I learned of Shupp
Toaster.  I'm trying to get them to allow me to reinstall the server,
but in the meantime they have a need for smtp-auth.  I've downloaded
netqmail-1.05-tls-smtpauth-20060105.patch and patched a vanilla
netqmail-1.05 and it compiles and installs fine.  No problems. 
However, when I try to authenticate I always get a failure.

Since my install uses 'checkpassword' for POP3 authentication, I
thought I could use that for smtp-auth as well.  Here is my 'run'
script:

[EMAIL PROTECTED] supervise]# more qmail-smtp-587/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=502
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 8000000 \
    /usr/local/bin/tcpserver -v -H -R -l 0 \
    -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    /usr/local/bin/rblsmtpd -t 20 \
    -r "dynablock.njabl.org:dynablock.njabl.org - see
<http://njabl.org/lookup?%IP%>" \
    -r "sbl-xbl.spamhaus.org:sbl-xbl.spamhaus.org - see
<http://www.spamhaus.org/query/bl?ip=%IP%>" \
    /var/qmail/bin/qmail-smtpd \
    /bin/checkpassword /bin/true 2>&1
[EMAIL PROTECTED] supervise]#

It's basically the same script as my smtp-25 but with the addition of
'checkpassword' and port 587.

To test auth-smtp, I downloaded 'cmd5' from
http://www.net-track.ch/opensource/cmd5/ .  Then I telnet in to port
587 of the mail server, do a 'ehlo domain.com' and look for the AUTH
lines.  It returns:

250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 5000000
250 AUTH LOGIN PLAIN CRAM-MD5

I then type in 'AUTH CRAM-MD5' and it returns:
334 PDEzNDkzLjExNDA3MjAzNzZAMD4=

I feed that in to 'cmd5' and take the output of the base64 encoded
string and paste that in.  It pauses for a few seconds and then
returns:

535 authentication failed (#5.7.1)

If I use the same username/password that I input into 'cmd5' and
telnet to port 110 and try to authenticate via POP3, I have no
problems.  This confuses me because both use 'checkpassword' for
authentication.

Does anyone see anything that I'm doing wrong?

Thanks for any help!

-ken

Reply via email to