# vchkpw fails and then succeeds!

## blueribbon

I'm using a typical qmail+vpopmail setup, and everything is going alright, except for the smtp auth.

When a user tries to authenticate itself, the first time vchkpw fails

```
Dec  6 21:50:08 [vpopmail] vchkpw-smtp: password fail
```

but then it succeeds immediatly after

```

Dec  6 21:50:13 [vpopmail] vchkpw-smtp: (PLAIN) login success
```

This is very annoying, besides the fact that this only happens with Thunderbird, with other e-mail clients they give an error message and the connection is terminated. Is there any way to solve this thing?

----------

## blueribbon

No help? Can I be the only one who has a problem like that?

----------

## Private_X

I just figured that out. I have the same problem and was wondering why it is like that. It currently looks like this:

```
# nc localhost 25

220 yourdomain ESMTP

EHLO yourdomain

250-yourdomain

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-STARTTLS

250-SIZE 0

250-PIPELINING

250 8BITMIME

```

qmail says that he is capable of doing cram-md5 as auth methode. So the mailclient tries to do the most secure way and takes cram-md5. For this you nedd cleartext passwords on both sides. On the server side you probably don't have. But there is a useflag for this case  :Smile:  Try reemerging vpopmail with 

```
USE="clearpasswd" emerge -pv vpopmail
```

I didn't try it yet but it should do the trick.

If you like to read more about it http://www.mail-archive.com/vchkpw@inter7.com/msg19623.html

----------

## blueribbon

Thanks. I see, but I don't think keeping clear text password is very secure, nor ethical.

I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays.

----------

## Private_X

 *Quote:*   

> I see, but I don't think keeping clear text password is very secure, nor ethical. 

 

I don't think it is a good idea to keep them in clear text either but I didn't find a way to disable CRAM-MD5 in qmail.

 *Quote:*   

> I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays.

 

How did you disable CRAM-MD5 as auth methode? What mta are you using?

----------

## blueribbon

 *Private_X wrote:*   

>  *Quote:*   I see, but I don't think keeping clear text password is very secure, nor ethical.  
> 
> I don't think it is a good idea to keep them in clear text either but I didn't find a way to disable CRAM-MD5 in qmail.
> 
>  *Quote:*   I disabled CRAM-MD5 from my server, not the best solution of all, but at least I don't get any more errors/delays. 
> ...

 

I'm using qmail.

```

ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild unpack

cd /var/tmp/portage/qmail-1.03-r13/work/qmail-1.03

nano -w qmail-smtpd.c 
```

Comment out/delete the line that says "#define AUTHCRAM"

```

ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild merge

/etc/init.d/svscan restart

```

You should be done.

----------

## Private_X

Thanks a lot. I was always looking for an option where I can deactivate it. I didn't think so far to patch it in the c file.

Now it is running perfect without errors. 

This was teamwork I guess  :Wink: 

----------

## blueribbon

Yeah, team work rules  :Smile: 

----------

## Skywacker

Hmmm, when I tried I got this

```

 ebuild /usr/portage/mail-mta/qmail/qmail-1.03-r13.ebuild unpack >>> md5 src_uri ;-) qmail-1.03.tar.gz

>>> md5 src_uri ;-) qmailqueue-patch

>>> md5 src_uri ;-) big-todo.103.patch

>>> md5 src_uri ;-) qmail-link-sync.patch

>>> md5 src_uri ;-) big-concurrency.patch

>>> md5 src_uri ;-) qmail-0.0.0.0.patch

>>> md5 src_uri ;-) sendmail-flagf.patch

>>> md5 src_uri ;-) qmail-1.03-qmtpc.patch

>>> md5 src_uri ;-) qmail-smtpd-relay-reject

>>> md5 src_uri ;-) qmail-local-tabs.patch

>>> md5 src_uri ;-) qmail-maildir++.patch

>>> md5 src_uri ;-) qmail-date-localtime.patch.txt

>>> md5 src_uri ;-) qmail-limit-bounce-size.patch.txt

>>> md5 src_uri ;-) qmail-103.patch

>>> md5 src_uri ;-) qregex-starttls-2way-auth.patch

>>> md5 src_uri ;-) qmail-remote-auth-patch-doc.txt

>>> md5 src_uri ;-) qmail-gentoo-1.03-r12-badrcptto-morebadrcptto-accdias.diff.bz2

>>> md5 src_uri ;-) qmail-popupnofd2close.patch

>>> md5 src_uri ;-) qmail-1.03-reread-concurrency.2.patch

>>> md5 src_uri ;-) 08-capa.diff

>>> Unpacking source...

>>> Unpacking qmail-1.03.tar.gz to /var/tmp/portage/qmail-1.03-r13/work

 * Adding SMTP AUTH (2 way), Qregex and STARTTLS support                  [ ok ]

 * Cannot find $EPATCH_SOURCE!  Value for $EPATCH_SOURCE is:

 *

 *   /var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/smtp-auth-close3.patch

!!! ERROR: mail-mta/qmail-1.03-r13 failed.

!!! Function epatch, Line 262, Exitcode 0

!!! Cannot find $EPATCH_SOURCE!

!!! If you need support, post the topmost build error, NOT this status message.

```

I think this means I need to find this file. 

/var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/smtp-auth-close3.patch

/var/db/pkg/mail-mta/qmail-1.03-r13/files/1.03-r13/    has no files dir.

ideas how to get them?

----------

## Private_X

Try downloading it by hand and put it into the files dir. I think this helped me out.

----------

