In qmail 1.03 r15, the smtp-auth-close3 patch interferes with authentication, when attempting to use the vpopmail vchkpw utility.
Steps to Reproduce:
1. Install recent vpopmail (from source. The current vpopmail ebuild is way out of date).
2. Install qmail build r15.
3. Edit conf-smtpd to use /var/vpopmail/bin/vchkpw as the SMTP AUTH password utility.
qmail-smtpd never asks for a username and password. It is as if the SMTP-AUTH
patch is not installed at all.
qmail-smtpd should ask for username and password.
I use the vpopmail vchkpw utility as a password checker. The r12 qmail build
worked fine for me (on a separate server, with the same config, but different
domains). I noticed bug 23658 notes a similar problem that was (supposedly)
fixed. I commented out smtp-auth-close3.patch in the r15 ebuild, and rebuilt.
This solved the problem.
To get vchkpw to work, I had only to uncomment the SMTP_AUTH lines in
conf-smtpd, and change the path of the password checker from /bin/cmd5checkpw to
Also, in my setup, qmail is running as the vpopmail user, for obvious reasons.
umm it works fine over here ... i'm using net-mail/qmail-1.03-r15 with net-mail/vpopmail-5.4.0_rc1 and the only people who can send relay mail through my server are ones who auth with ssl
and the vpopmail ebuild is not way out of date, the latest is 5.4.0_rc2, and 5.4.0_rc1 is in portage
perhaps your custom installation is messed up ?
OK. I finally figured this out.
The original Brisby SMTP_AUTH patch was simply that, an auth login patch. No TLS.
The patch which is currently implemented in qmail-1.03-r15 is a TLS before AUTH LOGIN patch. That means, unless you have a valid SSL certificate all setup on the server, you cannot use AUTH. This, of course, is a very reasonable and secure way of doing things. However, it is not well documented that without TLS support, AUTH does not work at all.
All that being said, it seems that the smtp-auth-close3.patch has the effect of forcing the use of TLS before AUTH, whereas without the patch, it is possible to Authenticate without issuing a STARTTLS command.
Is this the intended effect of these patches combined, or is this an unfortunate sideeffect?
smtp-auth-close3.patch fixes a problem with morercpthosts, and nothing else.
however I have found a logic error in qmail-smtpd.c, dealing with the conditions in which smtp_authout() is called.
#ifdef is used instead of #if for all lines containing TLS && TLS_BEFORE_AUTH
I'll fix it soon.
note to self
patch to fix this well is at http://forums.gentoo.org/viewtopic.php?t=131572
*** Bug 39018 has been marked as a duplicate of this bug. ***
Fixed in r15 and r16, could you test it, please?
No response for five months. Closing.