vpopmail, open_smtp_relay and non-PLAIN auth mechs
I've noticed that if using the vpopmail auth setup, that the roaming-user functionality provided via open_smtp_relay() is only done if the auth mechanism is PLAIN. For example, if the client authenticates via DIGEST-MD5, the open relay file is not updated, as it should be.
This is due to the call to open_smtp_relay only being done via vpopmail_verify_plain(). Instead, imo, that call should be done in auth_request_success() in the auth-request.c file, so that it is done however the authentication is done, as long as it is successful.
Attached is a patch for 2.2.15. Let me know if attachments are not the preferred method and I'll cut/paste.
tia!
-- Jim Jagielski
On 30 Oct 2014, at 05:50, Jim Jagielski jimjag@gmail.com wrote:
I've noticed that if using the vpopmail auth setup, that the roaming-user functionality provided via open_smtp_relay() is only done if the auth mechanism is PLAIN. For example, if the client authenticates via DIGEST-MD5, the open relay file is not updated, as it should be.
This is due to the call to open_smtp_relay only being done via vpopmail_verify_plain(). Instead, imo, that call should be done in auth_request_success() in the auth-request.c file, so that it is done however the authentication is done, as long as it is successful.
Attached is a patch for 2.2.15. Let me know if attachments are not the preferred method and I'll cut/paste.
Well, your method works, and I'm not sure if there's really any other way to do it currently.. But I really don't want any vpopmail code outside *db-vpopmail.c, so I think if people want to do this they'll need to patch. And why are people still using pop3/imap-before-smtp instead of SMTP auth that everything supports nowadays? (And in general nowadays I think vpopmail should have been an external plugin since the beginning, but too much trouble for everybody to change it now.)
Agreed... Ideally, there would be some sort of post-auth-verified callback that mechanisms could register; that would completely compartmentalize these sorts of things.
-- Jim Jagielski
On Fri, Oct 31, 2014 at 2:33 AM, Timo Sirainen tss@iki.fi wrote:
On 30 Oct 2014, at 05:50, Jim Jagielski jimjag@gmail.com wrote:
I've noticed that if using the vpopmail auth setup, that the roaming-user functionality provided via open_smtp_relay() is only done if the auth mechanism is PLAIN. For example, if the client authenticates via DIGEST-MD5, the open relay file is not updated, as it should be.
This is due to the call to open_smtp_relay only being done via vpopmail_verify_plain(). Instead, imo, that call should be done in auth_request_success() in the auth-request.c file, so that it is done however the authentication is done, as long as it is successful.
Attached is a patch for 2.2.15. Let me know if attachments are not the preferred method and I'll cut/paste.
Well, your method works, and I'm not sure if there's really any other way to do it currently.. But I really don't want any vpopmail code outside *db-vpopmail.c, so I think if people want to do this they'll need to patch. And why are people still using pop3/imap-before-smtp instead of SMTP auth that everything supports nowadays? (And in general nowadays I think vpopmail should have been an external plugin since the beginning, but too much trouble for everybody to change it now.)
participants (2)
-
Jim Jagielski
-
Timo Sirainen