# Not getting email authentication

## rjreb

I've installed qmail, vpopmail, and mysql and i'm able to send mail to the server but when I try and retreive it my password isn't accepted. When I telnet localhost 25 I get the following. Did I overlook something obvious?

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 test.xxxx.net ESMTP

ehlo

250-test.xxxx.net

250-STARTTLS

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-PIPELINING

250 8BITMIME

auth login

503 auth not available (#5.3.3)

auth plain

503 auth not available (#5.3.3)

----------

## lorenb

 *rjreb wrote:*   

> I've installed qmail, vpopmail, and mysql and i'm able to send mail to the server but when I try and retreive it my password isn't accepted. When I telnet localhost 25 I get the following. Did I overlook something obvious?

 

Do you have checkpassword installed?  http://cr.yp.to/checkpwd.html (it's in Portage too)

----------

## rjreb

 *lorenb wrote:*   

>  *rjreb wrote:*   I've installed qmail, vpopmail, and mysql and i'm able to send mail to the server but when I try and retreive it my password isn't accepted. When I telnet localhost 25 I get the following. Did I overlook something obvious? 
> 
> Do you have checkpassword installed?  http://cr.yp.to/checkpwd.html (it's in Portage too)

 

It is installed and I just reinstalled it to be sure but no improvement.

----------

## lorenb

 *rjreb wrote:*   

> 
> 
> It is installed and I just reinstalled it to be sure but no improvement.

 

Not sure then.  I haven't used qmail in a while, I just remember when I had a similar problem it was because I didn't have checkpassword.

----------

## nharring

Checkpassword would typically result in a valid password resulting in a failed status message. It looks like somehow you've got the part of the auth patch applied which changes the ehlo response (when the server advertises its capabilities), but then the command is unrecognized.

I'd recommend trying downloading the actual qmail source from http://cr.yp.to/qmail.html and then getting the auth-path from http://members.elysium.pl/brush/qmail-smtpd-auth/ and applying it manually and compiling. Building qmail is a pretty simple process. If that still doesn't work the folks on the qmail mailing list tend to be pretty helpful.

I've not yet had a chance to look at the qmail ebuild, so I can't tell you if its correctly applying the most recent smtp-auth patch, or if there are patch clashes in there.

A couple other gotcha's to be aware of:

The checkpassword utility for cram-md5 that comes with the qmail-smtp-auth patch is totally unusable with vpopmail. vchkpw in the "stable" release of vpopmail doesn't do cram-md5, but instead only auth login and auth plain. So, if you want cram-md5 you'll need a 5.3.24 (the latest developement) release of vpopmail. 

When you do get auth commands working, I strongly recommend testing with auth plain, as auth login requires Base64 decoding and encoding, which is a hassle and testing cram-md5 by hand is virtually impossible.

----------

## rjreb

I'm really hating the idea of starting over but your post helped me some. I took what you posted and with what I've searched I made these adjustments. In the /var/qmail/supervise/qmail-smtpd/run file I added

/var/qmail/bin/qmail-smtpd xxxx.net /var/vpopmail/bin/vchkpw /bin/true 2>&1

Now when I try to telnet in I get

220 test.xxxx.net ESMTP

ehlo

250-test.xxxx.net

250-STARTTLS

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-PIPELINING

250 8BITMIME

auth login

334 VXNlcm5hbWU6

auth plain

501 malformed auth input (#5.5.4)

-edit-

When I try to access my mail from Mozilla I get this in the /var/log/qmail/qmail-pop3d logs

@400000003f4198422e8a063c tcpserver: status: 1/40

@400000003f4198422e8dc72c tcpserver: pid 10407 from 66.xxx.x.xxx

root@test qmail-pop3d # ps 10407

  PID TTY      STAT   TIME COMMAND

10407 ?        S      0:00 /usr/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb 0 pop-3

Then I get a dialogue box saying " Sending of password did not succeed "

 *nharring wrote:*   

> Checkpassword would typically result in a valid password resulting in a failed status message. It looks like somehow you've got the part of the auth patch applied which changes the ehlo response (when the server advertises its capabilities), but then the command is unrecognized.
> 
> I'd recommend trying downloading the actual qmail source from http://cr.yp.to/qmail.html and then getting the auth-path from http://members.elysium.pl/brush/qmail-smtpd-auth/ and applying it manually and compiling. Building qmail is a pretty simple process. If that still doesn't work the folks on the qmail mailing list tend to be pretty helpful.
> 
> I've not yet had a chance to look at the qmail ebuild, so I can't tell you if its correctly applying the most recent smtp-auth patch, or if there are patch clashes in there.
> ...

 

----------

## nharring

Ok, when you test you cannot mix auth types. First test would be to telnet to port 25, try auth plain and do the the plain text challenge response. If you want to test auth login, the first string will decode to username, and the second one to password. You'll need some way of doing base64 encoding to send the responses, which are simply your username and password base64 encoded.

Once you verify its working on the command line we can try and tackle the mozilla issue. Its possible that Mozilla is seeing cram-md5 offered and then sending it but its not working due to possible vpopmail issues (remember, you have to use a recent developement version for cram-md5 to work).

Don't sweat the thought of starting over, if you've got the auth replies coming then we'll be able to make it work without any major hassles.

----------

## rjreb

Just to follow up, I did uninstall qmail, vpopmail, ezmlm-idx (plus some others I can't remember) and installed it from scratch. I left MySQL in. Pertinent info that others may find handy are the following.

 My vpopmail config was:

./configure --enable-roaming-users=y \

--enable-default-domain=$DEFAULT_DOMAIN \

--enable-admin-email=postmaster@$DEFAULT_DOMAIN \

--enable-logging=p \

--enable-ip-alias-domains=y \

--enable-passwd=n \

--enable-clear-passwd=y \

--enable-mysql=y \

--enable-mysql-replication=y \

--enable-incdir=/usr/include/mysql \

--enable-libdir=/usr/lib/mysql \

--enable-many-domains=y \

--enable-auth-logging=y \

--enable-mysql-logging=y \

--enable-roaming-users=y \

--enable-sqwebmail-pass=y \

--enable-tcprules-prog=/usr/bin/tcprules \

--enable-valias=y

I modified my /var/qmail/supervise/qmail-pop3d/run to:

#!/bin/sh

exec /usr/bin/softlimit -m 5000000 \

    /usr/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb 0 pop-3 \

    /var/qmail/bin/qmail-popup `hostname --fqdn` \

    /var/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d .maildir 2>&1

(I just realized I may want to change /etc/tcp.smtp.cdb to /var/vpopmail/etc/tcp.smtp.cdb)

Made both the tcp.smtp:

127.:allow,RELAYCLIENT=""

To test authentication I did:

telnet localhost 110

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK <10563.1061440893@test.domain.com>

user blah@virtualdomain.com

+OK

pass 123

+OK

quit

And it only took a couple of days.

----------

