Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 40010 - #ifdef used instead of #if in qmail-smtpd
Summary: #ifdef used instead of #if in qmail-smtpd
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Net-Mail Packages
: 39018 (view as bug list)
Depends on:
Blocks: 29485
  Show dependency tree
Reported: 2004-01-31 12:37 UTC by Martin Diers
Modified: 2005-06-08 11:11 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Martin Diers 2004-01-31 12:37:59 UTC
In qmail 1.03 r15, the smtp-auth-close3 patch interferes with authentication, when attempting to use the vpopmail vchkpw utility. 

Reproducible: Always
Steps to Reproduce:
1. Install recent vpopmail (from source. The current vpopmail ebuild is way out of date).
2. Install qmail build r15.
3. Edit conf-smtpd to use /var/vpopmail/bin/vchkpw as the SMTP AUTH password utility.

Actual Results:  
qmail-smtpd never asks for a username and password. It is as if the SMTP-AUTH
patch is not installed at all.

Expected Results:  
qmail-smtpd should ask for username and password.

I use the vpopmail vchkpw utility as a password checker. The r12 qmail build
worked fine for me (on a separate server, with the same config, but different
domains). I noticed bug 23658 notes a similar problem that was (supposedly)
fixed. I commented out smtp-auth-close3.patch in the r15 ebuild, and rebuilt.
This solved the problem.

To get vchkpw to work, I had only to uncomment the SMTP_AUTH lines in
conf-smtpd, and change the path of the password checker from /bin/cmd5checkpw to

Also, in my setup, qmail is running as the vpopmail user, for obvious reasons.
Comment 1 SpanKY gentoo-dev 2004-01-31 15:36:17 UTC
umm it works fine over here ... i'm using net-mail/qmail-1.03-r15 with net-mail/vpopmail-5.4.0_rc1 and the only people who can send relay mail through my server are ones who auth with ssl

and the vpopmail ebuild is not way out of date, the latest is 5.4.0_rc2, and 5.4.0_rc1 is in portage

perhaps your custom installation is messed up ?
Comment 2 Martin Diers 2004-02-03 14:47:40 UTC
OK. I finally figured this out.

The original Brisby SMTP_AUTH patch was simply that, an auth login patch. No TLS.

The patch which is currently implemented in qmail-1.03-r15 is a TLS before AUTH LOGIN patch. That means, unless you have a valid SSL certificate all setup on the server, you cannot use AUTH. This, of course, is a very reasonable and secure way of doing things. However, it is not well documented that without TLS support, AUTH does not work at all.

All that being said, it seems that the smtp-auth-close3.patch has the effect of forcing the use of TLS before AUTH, whereas without the patch, it is possible to Authenticate without issuing a STARTTLS command.

Is this the intended effect of these patches combined, or is this an unfortunate sideeffect?
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-02-03 20:15:26 UTC
smtp-auth-close3.patch fixes a problem with morercpthosts, and nothing else.

however I have found a logic error in qmail-smtpd.c, dealing with the conditions in which smtp_authout() is called.

#ifdef is used instead of #if for all lines containing TLS && TLS_BEFORE_AUTH

I'll fix it soon.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-02-04 03:10:57 UTC
note to self
patch to fix this well is at
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-05-13 20:20:53 UTC
*** Bug 39018 has been marked as a duplicate of this bug. ***
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-01-04 14:18:46 UTC
Fixed in r15 and r16, could you test it, please?
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-08 11:11:31 UTC
No response for five months. Closing.