Mailing List Archive: DBMail: users

AUTH-Methods für dbmail-imapd/dbmail-pop3d

Index | Next | Previous | View Threaded

h.reindl at thelounge

Aug 10, 2009, 8:23 AM

Post #1 of 18 (2312 views)
Permalink

AUTH-Methods für dbmail-imapd/dbmail-pop3d

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

We have migrated to dbmail and one big problem is left we found out too late
The old server (EIMS) supported more than only PASSWORD-Auth
AppleMail does not fallback if used CRAM-MD5/DIGEST-MD5 before
So we must explain all apple users how to change this :-(

Searching the web shows only matches how to enable this for postfix with sasl but this is
only the sending part, not the autheticatoon for receiving messages

Is there enything i do not see?
This are the outputs from imapsync with old/new imap and postfix on the new machine which
works fine with all auth-methods

- From capability:
QUOTA NAMESPACE AUTH=CRAM-MD5 AUTH=NTLM AUTH=DIGEST-MD5 IDLE UIDPLUS IMAP4REV1

To capability:
QUOTA NAMESPACE IDLE THREAD=ORDEREDSUBJECT AUTH=LOGIN ACL UNSELECT SORT CHILDREN IMAP4
IMAP4REV1

Postfix (SMTP)
250-AUTH=NTLM PLAIN DIGEST-MD5 LOGIN CRAM-MD5

Regards

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna | Hofmühlgasse 17
software-development / cms-solutions

phone: +43 (1) 595 3999 33
cellular: +43 (676) 40 221 40
icq: 154546673

mailto:h.reindl [at] thelounge
http://www.thelounge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAO4oACgkQhmBjz394AnlTSgCgm8GaFhJ1x5oDCH99RJllNgik
nDYAoI3U8+6xI+xUJBI2nvR2PIPIcCqZ
=ql9Z
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

daniel at gosi

Aug 10, 2009, 11:42 AM

Post #2 of 18 (2228 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-pop3d [In reply to]

>
> - From capability:
> QUOTA NAMESPACE AUTH=CRAM-MD5 AUTH=NTLM AUTH=DIGEST-MD5 IDLE UIDPLUS
> IMAP4REV1
>
> To capability:
> QUOTA NAMESPACE IDLE THREAD=ORDEREDSUBJECT AUTH=LOGIN ACL UNSELECT
> SORT CHILDREN IMAP4
> IMAP4REV1
>

Hi Harald,

in /etc/dbmail.conf you find/could add:

capability = IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-
MD5 ACL NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT
IDLE

after that, restart dbmail and maybe everything is already fine. I
just tried this and used base64 (CRAM?) and well the login worked with
IMAP:

telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK dbmail imap (protocol version 4r1) server 2.2.11 ready to run
001 authenticate login
+ dXNlcm5hbWUNCg==
ZGFuaWVs
+ cGFzc3dvcmQNCg==
UEFTU1dPUkQ=
001 OK AUTHENTICATE completed

Maybe Paul or someone of the dev team could also point out what is
supported by dbmail?

greetings,
Daniel

h.reindl at thelounge

Aug 10, 2009, 11:48 AM

Post #3 of 18 (2228 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I tried this few days ago, but thsi did not work
"capability" was published to imapsync as written in config-file but no success
I have stroed my passwords as cleartext for some other reasons

This time i am playing with dovecot, but i can not get this working again
Cleartext works but i have no idea how to say dovecot to make authentication via cram-md5
/digest-md5 AND use plaintext to the proxied destination behind :-(

Regards
Harry

Daniel Urstöger schrieb:
>>
>> - From capability:
>> QUOTA NAMESPACE AUTH=CRAM-MD5 AUTH=NTLM AUTH=DIGEST-MD5 IDLE UIDPLUS
>> IMAP4REV1
>>
>> To capability:
>> QUOTA NAMESPACE IDLE THREAD=ORDEREDSUBJECT AUTH=LOGIN ACL UNSELECT
>> SORT CHILDREN IMAP4
>> IMAP4REV1
>>
>
> Hi Harald,
>
> in /etc/dbmail.conf you find/could add:
>
> capability = IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=CRAM-MD5
> AUTH=DIGEST-MD5 ACL NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT
> UNSELECT IDLE
>
> after that, restart dbmail and maybe everything is already fine. I just
> tried this and used base64 (CRAM?) and well the login worked with IMAP:
>
> telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK dbmail imap (protocol version 4r1) server 2.2.11 ready to run
> 001 authenticate login
> + dXNlcm5hbWUNCg==
> ZGFuaWVs
> + cGFzc3dvcmQNCg==
> UEFTU1dPUkQ=
> 001 OK AUTHENTICATE completed
>
> Maybe Paul or someone of the dev team could also point out what is
> supported by dbmail?
>
> greetings,
> Daniel
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

- --

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna | Hofmühlgasse 17
software-development / cms-solutions

phone: +43 (1) 595 3999 33
cellular: +43 (676) 40 221 40
icq: 154546673

mailto:h.reindl [at] thelounge
http://www.thelounge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAa2UACgkQhmBjz394AnnYVACglDvrGgMIKZ6mJdJ+9lrdyuRk
groAnRCs+gDkynAJHC5bYe8qVvIzD+tb
=diAg
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

daniel at gosi

Aug 10, 2009, 11:50 AM

Post #4 of 18 (2222 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

>
>
> I tried this few days ago, but thsi did not work
> "capability" was published to imapsync as written in config-file but
> no success
> I have stroed my passwords as cleartext for some other reasons
>

Hi there,

you are sure that your dbmail/dbmail-imap is giving out the correct
capabilities? I mean have you verified this with telnet/whatever?

greetings,
Daniel

h.reindl at thelounge

Aug 10, 2009, 11:56 AM

Post #5 of 18 (2222 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes i'm sure, imapsync shows something like the following while connecting
IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN
NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 STARTTLS AUTH=LOGIN AUTH=PLAIN
AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=NTLM

You can place anything in "capability" in the configuration
The Problem is that it is not really working if the server does not support, but you force
the client to use features that will fail

Sometimes i would like to die :-)
We have hundrets of accounts and since the migration the whole day there are users with
non-working clients and we have to explain every single user that he should change the
authentication

Regards
Harry

Daniel Urstöger schrieb:
>>
>>
>> I tried this few days ago, but thsi did not work
>> "capability" was published to imapsync as written in config-file but
>> no success
>> I have stroed my passwords as cleartext for some other reasons
>>
>
> Hi there,
>
> you are sure that your dbmail/dbmail-imap is giving out the correct
> capabilities? I mean have you verified this with telnet/whatever?
>
> greetings,
> Daniel
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

- --

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna | Hofmühlgasse 17
software-development / cms-solutions

phone: +43 (1) 595 3999 33
cellular: +43 (676) 40 221 40
icq: 154546673

mailto:h.reindl [at] thelounge
http://www.thelounge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAbVAACgkQhmBjz394AnnqcgCeJJbU4z/vIJQ+14ynf7Y4k/7m
Re8AnjqnilRmANPwi6F4AyB2R5a3C5kh
=wBHh
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

daniel at gosi

Aug 10, 2009, 12:01 PM

Post #6 of 18 (2236 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

> Yes i'm sure, imapsync shows something like the following while
> connecting
> IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL
> + IDLE CHILDREN
> NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 STARTTLS
> AUTH=LOGIN AUTH=PLAIN
> AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=NTLM
>
> You can place anything in "capability" in the configuration
> The Problem is that it is not really working if the server does not
> support, but you force
> the client to use features that will fail
>
> Sometimes i would like to die :-)
> We have hundrets of accounts and since the migration the whole day
> there are users with
> non-working clients and we have to explain every single user that he
> should change the
> authentication

well, sorry to hear that, but there are always some catchyas in
migrations, right?
I am aware you could put anything there, even if there is no support
in the software.
So well, not sure what dbmail supports, as I couldn´t find anything in
the wiki.
Maybe you could dig something up going through the sources?

But well, if you have changed already the config parameter
accordingly, I guess
dbmail doesn´t support the one way you need for your Mac clients.

by the way: which one is set in those Mac Mail clients?

greetings,
Daniel
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

h.reindl at thelounge

Aug 10, 2009, 1:31 PM

Post #7 of 18 (2220 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-pop3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I jump out of the window now
We patched the dbmail-source to allow mailadress with '@' or '%' as password because this
f**g fallback is set by the most customers because problems with @-char years ago

dovecot runs well BUT after debug on:
Aug 10 22:22:15 localhost dovecot: auth(default): auth(?,127.0.0.1): Invalid username:
h.reindl%thelounge.net
Aug 10 22:22:15 localhost dovecot: auth(default): plain(?,127.0.0.1): Username contains
disallowed character: 0x25
Aug 10 22:22:17 localhost dovecot: auth(default): client out: FAIL#0112

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAg6UACgkQhmBjz394AnnORACfaggQYECPAUDhvpZYikrPSF0t
1TkAnA412ksnfyUCe6/XPbsptoVeZFkQ
=Tf7n
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

daniel at gosi

Aug 10, 2009, 1:45 PM

Post #8 of 18 (2230 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-pop3d [In reply to]

> I jump out of the window now

That isn´t a solution ^^

> We patched the dbmail-source to allow mailadress with '@' or '%' as
> password because this
> f**g fallback is set by the most customers because problems with @-
> char years ago
>
> dovecot runs well BUT after debug on:
> Aug 10 22:22:15 localhost dovecot: auth(default): auth(?,127.0.0.1):
> Invalid username:
> h.reindl%thelounge.net
> Aug 10 22:22:15 localhost dovecot: auth(default): plain(?,
> 127.0.0.1): Username contains
> disallowed character: 0x25
> Aug 10 22:22:17 localhost dovecot: auth(default): client out:
> FAIL#0112
>

are you trying to move the dbmail installation to dovecot now?

greetings,
Daniel

h.reindl at thelounge

Aug 10, 2009, 1:53 PM

Post #9 of 18 (2223 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I know :-(

No i try to run dbmail only at localhost and use dovecot as imap-proxy
So auth-mechanisms are working

I tested on local machine with db form liveserver and proxy to liveserver
All worked well, im ade the change and seen the first md5-logins
BUT i could not login myself because i use "h.reindl%thelounge.net" instead of
"h.reindl [at] thelounge" as username and while testing local i forgot this

After going online a few days ago we had this problem that most users could not login
* one half used md5-digest
* the other half used % in the username

So i patched dbmail to replace the % with @ directly in the query which looks in the
database, now i made a view for dovecot who gives him all entries with both versions of
username

BUT dovecot will not like a % in the username
So what should i do
I'm searching for this check and try to patch dovecot

But why in the world dbamil-imapd/dbmail-pop3d only supports plaintext-login?

Daniel Urstöger schrieb:
>
>> I jump out of the window now
>
> That isn´t a solution ^^
>
>> We patched the dbmail-source to allow mailadress with '@' or '%' as
>> password because this
>> f**g fallback is set by the most customers because problems with
>> @-char years ago
>>
>> dovecot runs well BUT after debug on:
>> Aug 10 22:22:15 localhost dovecot: auth(default): auth(?,127.0.0.1):
>> Invalid username:
>> h.reindl%thelounge.net
>> Aug 10 22:22:15 localhost dovecot: auth(default): plain(?,127.0.0.1):
>> Username contains
>> disallowed character: 0x25
>> Aug 10 22:22:17 localhost dovecot: auth(default): client out: FAIL#0112
>>
>
> are you trying to move the dbmail installation to dovecot now?
>
> greetings,
> Daniel
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

- --

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna | Hofmühlgasse 17
software-development / cms-solutions

phone: +43 (1) 595 3999 33
cellular: +43 (676) 40 221 40
icq: 154546673

mailto:h.reindl [at] thelounge
http://www.thelounge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAiLIACgkQhmBjz394Ankm/gCcDH+bdrlvzEDjrKYMgP8Z5bLF
CkoAn2rj7MwYIgCuQKmfgbb8cXYm3PR6
=lZSb
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

mysql.jorge at decimal

Aug 10, 2009, 3:07 PM

Post #10 of 18 (2220 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

> I know :-(
>
> No i try to run dbmail only at localhost and use dovecot as imap-proxy
> So auth-mechanisms are working
>
> I tested on local machine with db form liveserver and proxy to
> liveserver
> All worked well, im ade the change and seen the first md5-logins
> BUT i could not login myself because i use "h.reindl%thelounge.net"
> instead of
> "h.reindl [at] thelounge" as username and while testing local i forgot
> this
>
> After going online a few days ago we had this problem that most users
> could not login
> * one half used md5-digest
> * the other half used % in the username

How do you have the password field, it has a HASH or plaintext?
And the encryption_type column, what do have on it?

_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

h.reindl at thelounge

Aug 10, 2009, 3:17 PM

Post #11 of 18 (2222 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thats all not the problem with dovecot
Here the Patch to allow % in Username
But this all would not be needed if dbmail supports MD5-Auth native as every webscript
like horde and most php-libraries do

What i really do not undertand is that there many documentations how to sepup postfix with
sasl in combination with dbmail and nobody realizes that sasl-auth for sending is useless
if you only have plain-auth while receiving

- --- dovecot-1.1.18/src/master/master-settings.c 2009-07-27 03:56:32.000000000 +0200
+++ dovecot-1.1.18-patched/src/master/master-settings.c 2009-08-10 22:57:09.728065279 +0200
@@ -310,7 +310,7 @@
MEMBER(executable) PKG_LIBEXECDIR"/dovecot-auth",
MEMBER(user) "root",
MEMBER(chroot) "",
- - MEMBER(username_chars)
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
+ MEMBER(username_chars)
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%",
MEMBER(username_translation) "",
MEMBER(username_format) "",
MEMBER(master_user_separator) "",

Jorge Bastos schrieb:
>> I know :-(
>>
>> No i try to run dbmail only at localhost and use dovecot as imap-proxy
>> So auth-mechanisms are working
>>
>> I tested on local machine with db form liveserver and proxy to
>> liveserver
>> All worked well, im ade the change and seen the first md5-logins
>> BUT i could not login myself because i use "h.reindl%thelounge.net"
>> instead of
>> "h.reindl [at] thelounge" as username and while testing local i forgot
>> this
>>
>> After going online a few days ago we had this problem that most users
>> could not login
>> * one half used md5-digest
>> * the other half used % in the username
>
> How do you have the password field, it has a HASH or plaintext?
> And the encryption_type column, what do have on it?
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

- --

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna | Hofmühlgasse 17
software-development / cms-solutions

phone: +43 (1) 595 3999 33
cellular: +43 (676) 40 221 40
icq: 154546673

mailto:h.reindl [at] thelounge
http://www.thelounge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org

iEYEARECAAYFAkqAnGYACgkQhmBjz394Annk2gCfb1KjyrNvQ5RpIrnb+kDCtSS/
hDkAn0zW8HgzlmfuJ7XFojMcy/LAbxau
=Yvr7
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

paul at nfg

Aug 11, 2009, 1:07 AM

Post #12 of 18 (2219 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

Reindl Harald wrote:

> But why in the world dbamil-imapd/dbmail-pop3d only supports plaintext-login?

Because those are the only ones required by the IMAP rfcs.

CRAM-MD5 in itself would be very simple to add (esp. on the 2.3
codebase). However, since both CRAM-MD5 and DIGEST-MD5 require storing
passwords in plain-text on the server-side that would create some
serious compatibility problems for installations where some or all user
passwords are stored as a cryptographic tokens.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

h.reindl at thelounge

Aug 11, 2009, 1:23 AM

Post #13 of 18 (2221 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul J Stevens schrieb:

> Because those are the only ones required by the IMAP rfcs.

OK - But do we only want the minimal requirements even if they are unsecure?

Our problem for the migration was that we never ever thought that any mailsoftware only
supports plaintext since most webmailsers automatically support md5-mechanisms and ssl/tls
if available.

I found many pages before to get smtp-auth working and everyone speaks from dbmail +
postfix with sasl - So why in the world should i think that the imap/pop3-backend does not
support this (do not understand me wrong but it is simple stoopid to enable secure
passwords while sending mails and the same time send a plaintext-version over pop3/imap to
the same driection) http://www.mail-archive.com/dbmail [at] dbmail/msg16065.html

> CRAM-MD5 in itself would be very simple to add (esp. on the 2.3
> codebase). However, since both CRAM-MD5 and DIGEST-MD5 require storing
> passwords in plain-text on the server-side that would create some
> serious compatibility problems for installations where some or all user
> passwords are stored as a cryptographic tokens.

That can never be a showstopper!
A simple and commented option to enable this manually would fix the problem
On the other side to migrate from any other mailserver to dbmail is painful

Anyways - Its not the real solution have to use imap-proxies and/or stunnel to provide
secure login-methods

Please do not missunderstand me: Because of this things i got as nearly no sleep searching
and patching things that should work out of the box while our customers are standing with
a loaded gun behind me :-(

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqBKmUACgkQhmBjz394Ann1GgCaAylol8R9x6Jjl7MS1AgiOQ4r
DhkAoIGhMQxsJnohXDhmKOM4NGq1vCRh
=L/Ux
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

michael.monnerie at is

Aug 11, 2009, 1:57 PM

Post #14 of 18 (2213 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

On Dienstag 11 August 2009 Reindl Harald wrote:
> Please do not missunderstand me: Because of this things i got as
> nearly no sleep searching and patching things that should work out of
> the box while our customers are standing with a loaded gun behind me

By shouting at people you won't get more help. If you offer to pay Paul
for a feature you need, or ask very friendly, maybe he'd implement it
quickly. Just last week he implemented IPv6 support within a short time.

On the other hand, Paul, having secure methods directly implemented
would really be nice. Just because the *MD5 methods require plaintext
pwds doesn't mean it shouldn't be implemented. It should just be
disabled by those having encrypted pwds. (/me having cleartext pwds, so
could use the feature now *g*). As far as I could read from your words,
it should be easy to implement?

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4

Attachments:

signature.asc (0.19 KB)

h.reindl at thelounge

Aug 11, 2009, 3:44 PM

Post #15 of 18 (2217 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> By shouting at people you won't get more help. If you offer to pay Paul
> for a feature you need, or ask very friendly, maybe he'd implement it
> quickly. Just last week he implemented IPv6 support within a short time.

Sorry

Maybe i am very overstressed because working day and night to get the new mailserver
running, implementing a webinterface fpr dbmail/postfix with > 10.0000 lines of code in
few weeks because i have only two weeks left to get my work done before a big medical
operation on my right eye without knowing what happens in the future :-(

Additional my non-programming-english is not the best (especially when tired) and
sometimes it makes me simple crazy if i can not announce something in a way it get right
understood - sorry for that!

The problems shortly after testing day and night with new accounts and thunderbird hitted
like a chill in my heart seeing all go down instead of relax and look at at hard piece of work

> On the other hand, Paul, having secure methods directly implemented
> would really be nice. Just because the *MD5 methods require plaintext
> pwds doesn't mean it shouldn't be implemented. It should just be
> disabled by those having encrypted pwds. (/me having cleartext pwds, so
> could use the feature now *g*). As far as I could read from your words,
> it should be easy to implement?

i do not know how this works in c/c++ and i am lucky to get three pataches into my
rpmbuild-environment which was hardly needed, but as i see that horde uses tls/cram-md5
for smtp as for imap and one small php-script from a freelancer since yesterday uses also
cram-md5 on the dovecot proxy i guess it should not be the big deal get this supported in
the mailserver - Of course i like the dovecot-proxy-solution too but its hard to find a
software solving this if any websearch shows how to get it work with postfix/sasl against
the dbmail-database, as said -> quite useless as long as the plaintext-password is going
over the same connection for check mails

https://bugzilla.redhat.com/show_bug.cgi?id=515056
Dovecat-Patch from last night to allow percent
And changing one line in demail-auth query to make possible user % or @ in username
- - "SELECT user_idnr FROM %susers WHERE lower(userid) = lower('%s')",
+ "SELECT user_idnr FROM %susers WHERE lower(userid) = lower(replace('%s','\%','@'))",

I do not understand really the history whe we using this for many customers, has something
todo with some broken outlook-installations and it is really not easy to get tjis away as
long 50% of customers uses their mailaddress as username (defined so in the database) and
the other half using % instead @, it gets very hard if parts of the two groups can not
connect because the client is using cram-md5/digest-md5 thinking "yesterday this
servername supported and it has today too".

I know a good client should look what the server says he supports and select the best
available mechanism (like horde webmail seems to do), but as long we live not in a perfect
world this will not happen :-(
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqB9GUACgkQhmBjz394AnluCQCfWxgH1L21+1New9+BtLHwoqGR
je0An0ReGnW5LdWRahm9OCIC7jxZPjkR
=cSsU
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

paul at nfg

Aug 12, 2009, 2:43 AM

Post #16 of 18 (2222 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

Michael Monnerie wrote:
> On Dienstag 11 August 2009 Reindl Harald wrote:
>> Please do not missunderstand me: Because of this things i got as
>> nearly no sleep searching and patching things that should work out of
>> the box while our customers are standing with a loaded gun behind me
>
> By shouting at people you won't get more help. If you offer to pay Paul
> for a feature you need, or ask very friendly, maybe he'd implement it
> quickly. Just last week he implemented IPv6 support within a short time.
>
> On the other hand, Paul, having secure methods directly implemented
> would really be nice. Just because the *MD5 methods require plaintext
> pwds doesn't mean it shouldn't be implemented. It should just be
> disabled by those having encrypted pwds. (/me having cleartext pwds, so
> could use the feature now *g*). As far as I could read from your words,
> it should be easy to implement?

Not *that* simple, but I did it nonetheless. My GIT master tree now
supports AUTH=CRAM-MD5.

This will however *only* work for people using authsql and plaintext
passwords.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

daniel at gosi

Aug 12, 2009, 2:45 AM

Post #17 of 18 (2216 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

> Not *that* simple, but I did it nonetheless. My GIT master tree now
> supports AUTH=CRAM-MD5.
>
> This will however *only* work for people using authsql and plaintext
> passwords.

Thanks very much Paul!
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

michael.monnerie at is

Aug 12, 2009, 3:13 AM

Post #18 of 18 (2219 views)
Permalink

Re: AUTH-Methods für dbmail-imapd/dbmail-po p3d [In reply to]

On Mittwoch 12 August 2009 Paul J Stevens wrote:
> Not *that* simple, but I did it nonetheless. My GIT master tree now
> supports AUTH=CRAM-MD5.
>
> This will however *only* work for people using authsql and plaintext
> passwords.

Thank you. Is that dbmail-2.3 only I guess?

BTW, you should be called "Scotty", like the guy from Star Trek when he
was asked by Captain James T. Kirk "how long you need to fix it?"
Scotty: "3 days, it's very complicated, everythings broken"
Kirk: "you got 20 minutes"
Scotty: "OK"
:-)

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4

_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads