1 message in net.sourceforge.lists.courier-users[courier-users] authorization doesn't...
FromSent OnAttachments
Andreas StollarAug 18, 2000 3:17 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] authorization doesn't fail when it shouldActions...
From:Andreas Stollar (andr@speakeasy.net)
Date:Aug 18, 2000 3:17:56 pm
List:net.sourceforge.lists.courier-users

Hello,

I'm experiencing a rather odd problem using the authuserdb authentication module with qmail-pop using David McNicol's <davi@strath.ac.uk> authpop patch. It works great for normail clients, but really breaks and client (like Eudora) which defaults to using APOP. It seems to never tell the client that a bad password is being used, or that APOP authentication is failing. Here's a typical command line session:

Normal POP [root@corundum qmail-authpop-0.9a]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK <28403.966635875@corundum> user andreas +OK pass badpass +OK <28403.966635888@corundum> (I DON'T THINK SO) LIST -ERR authorization first (YES I KNEW THAT THANKS) quit +OK Connection closed by foreign host.

Or with APOP [root@corundum qmail-authpop-0.9a]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK <28417.966636484@corundum> apop 89193f21c1609f698e0ea970b28c5c3a -ERR syntax error APOP andreas 89193f21c1609f698e0ea970b28c5c3a (got this from md5sum of string after +OK) +OK <28417.966636521@corundum> Connection closed by foreign host.

This makes APOP clients think that APOP works, but it really doesn't. I don't really care to support APOP clients, but a proper error would be nice so that they revert to using normal POP. Here's what a session looks like now on our production machine, which clients like Eudora seem to be happy with:

[root@gonzo qmail-pop3d]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK <28194.966636532@gonzo> apop andreas 8fee21118995c5207b64c4a8c1ec95b7 -ERR authorization failed Connection closed by foreign host.

(then it will revert to using normal POP)

So if anyone has any ideas about how to make authuserdb send back -ERR instead of +OK when passwords or protocols are wrong, I'd like to hear them. BTW, since converting to courier-imap (which works great using authuserdb) from UW-imap, our server's load has dropped dramatically. Thanks for the great work.

Andreas Stollar Speakeasy Network Administrator