# authentication always fails with smtp-auth (qmail)

## meyerm

Hi,

just look at the following session:

 *my bash wrote:*   

> 
> 
> meyerm@yavin meyerm $ ssh root@atlas
> 
> Last login: Sun Jun 15 12:18:44 2003 from 10.151.4.68
> ...

 

As you can see, qmail just don't accept my auth requests. What could be the reason? Where is my error?

BTW: Does anybody know how to enforce using TLS if you want to auth? 

Thank you really very much!

Marcel

----------

## meyerm

Zefix!  :Wink: 

```

atlas service # /var/qmail/bin/qmail-smtpd atlas.mydomain.tld /root/justCallMyArgument /bin/true

220 atlas.mydomain.tld ESMTP

ehlo

250-atlas.mydomain.tld

250-STARTTLS

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-PIPELINING

250 8BITMIME

auth login

334 VXNlcm5hbWU6

bWV5ZXJt

334 UGFzc3dvcmQ6

dGVzdHB3

535 authorization failed (#5.7.0)

```

What am I making wrong (or understanding wrong)? Shouldn't it work with directly calling /bin/true? My "justCallMyArgument" only contains

```

#!/bin/bash

$1

```

Meanwhile I'm really confused...

BTW: I'm using the r10 ebuild.

----------

## meyerm

another try... (this time with strace and calling smtpd by hand)

using my own "callMyArguments" script

```

...

fcntl64(1, F_DUPFD, 2)                  = 2

pipe([3, 4])                            = 0

fork()                                  = 29553

close(3)                                = 0

write(4, "meyerm\0testpw\0\0", 15)      = 15

close(4)                                = 0

wait4(29553, [WIFEXITED(s) && WEXITSTATUS(s) == 1], 0, NULL) = 29553

--- SIGCHLD (Child exited) ---

rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0

rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

nanosleep({5, 0}, {5, 0})               = 0

select(2, NULL, [1], NULL, {1200, 0})   = 1 (out [1], left {1200, 0})

write(1, "535 authorization failed (#5.7.0"..., 35535 authorization failed (#5.7.0)

) = 35

select(1, [0], NULL, NULL, {1200, 0}

```

using checkpassword

```

...

fcntl64(1, F_DUPFD, 2)                  = 2

pipe([3, 4])                            = 0

fork()                                  = 29534

--- SIGCHLD (Child exited) ---

close(3)                                = 0

write(4, "meyerm\0testpw\0\0", 15)      = -1 EPIPE (Broken pipe)

--- SIGPIPE (Broken pipe) ---

select(2, NULL, [1], NULL, {1200, 0})   = 1 (out [1], left {1200, 0})

write(1, "454 oops, unable to write pipe a"..., 58454 oops, unable to write pipe and I can't auth (#4.3.0)

) = 58

select(1, [0], NULL, NULL, {1200, 0}

```

Wah! What's that again?

----------

## meyerm

OK, switched to postfix...   :Razz: 

----------

## Petyr

Okay I was having the EXACT same problem

Some nice person however posted a fix for this on bugtraq

As it turns out it's the smtp-auth patch that's mucking with things. It expects the morerctphosts file to be there and when it's not, then everything goes to hell in a hand cart.

A real fix should be issued (seeing as this has been a problem for a while maybe I'll take a crack at it since someone was so nice as to point out exactly what the problem was ^_^) but the temporary kludge is just this

```
cd /var/qmail/control

touch morercpthosts

../bin/qmail-newmrh

```

That should create a morercpthosts.cdb file for you and suddenly everything starts working.

Go figure *shrug*

Petyr Rahl

p.s. mad props go out to the person who opened Bugzilla Bug 23658

----------

## garion911

I had the same problem, and the above didn't totally fix it for me.. It worked when I was sending from the qmail machine, but not from any of my workstations..

I did eventaully firgure out what it was.. It seems that /bin/checkpassword needs to be SUID..  So I did a 

```

chmod 4755 /bin/checkpassword

```

and then everything start working again.......

----------

## fo0bar

 *Petyr wrote:*   

> As it turns out it's the smtp-auth patch that's mucking with things. It expects the morerctphosts file to be there and when it's not, then everything goes to hell in a hand cart.

 

Whee!  I was having the same problem, but couldn't put my finger on it.  There are dozens of other threads that deal with smtp-auth problems, but this seems to be the only one that actually explains that the smtp-auth patch needs morerctphosts.  Thank you!

----------

