******************************************************************* POP3 AUTH CRAM-MD5 PATCH ******************************************************************* This patch adds AUTH CRAM-MD5 to qmail-popup. The POP3 protocol supports the AUTH extension for other authentication mechanisms besides the cleartext USER/PASS sequence or the APOP authentication. The required AUTH command is described in RFC1734 [1], the CRAM-MD5 method is described in RFC2195 [2]. AUTH CRAM-MD5 is supported by a selection of POP3 clients. The introduction of AUTH requires qmail-popup to respond to the CAPA command, so CAPA is part of this patch. +OK CAPA +OK Capability list follows TOP UIDL LAST USER APOP SASL CRAM-MD5 . To use this patched version of (net)?qmail you need a checkpassword [3] compatible password checking tool that understands to manage CRAM-MD5 authentication. As CRAM-MD5 is one of the authentication methods available with all current SMTP-AUTH patches, any tool that works with CRAM-MD5 as SMTP authentication should also work with CRAM-MD5 as POP3 authentication (at least with minor modifications) as the same interface is used. ******************************************************************* Usage ******************************************************************* Get the patch from the following location: http://alex.zeitform.de/qmail/qmail-popup-auth_cram_md5/ If you do not use SMTP authentication, just install the patch over netqmail-1.05 [4]: patch -p0 < netqmail-1.05-popup-auth_cram-md5_capa.patch The patch modifies qmail-popup.c, Makefile, TARGETS and adds the two files base64.[ch]. If you use SMTP authentication (qmail-smtpd-auth-0.4.2 by Erwin Hoffmann [5] is recommened), just apply the changes to qmail-popup.c and the second hunk of the changes to Makefile (adding base64 to qmail-popup.c). You can also do this by doing: patch -p0 < netqmail-1.05-with_smtp_auth-popup-auth_cram-md5_capa.patch ATTENTION: this patch is not thorougly tested yet. Use with caution. ******************************************************************* Notes on vpopmail ******************************************************************* This patch does work with current versions of vpopmail (5.4.x) only if you patch vchkpw.c to enable CRAM-MD5 authentication for POP3. This can be done by adding two line to vchkpw.c or applying the following patch: patch -p0 vpopmail-5.4.x.patch ******************************************************************* Credits ******************************************************************* I did not do much by myself. This patch uses much code from: * qmail-smtpd-auth-0.4.2 by Erwin Hoffmann [5] I copied most of his code from qmail-smtpd.c to qmail-popup.c and did some minor modifications to make it work for qmail-popup.c. * qmail-smtp-vlad by Vladimir Kabanov [6] I took the CAPA command from him. He also provided me with a CRAM-MD5 version and patches for vpopmail 5.2.x I successfully used over years. I did not use his AUTH code for this patch but remember his friendly advice. ******************************************************************* Author and License ******************************************************************* In case of trouble or questions contact: Alex Pleiner, zeitform Internet Dienste, alex@zeitform.de This code is free. The terms of the GNU GPL [7] apply. ******************************************************************* References ******************************************************************* [1] http://www.ietf.org/rfc/rfc1734.txt [2] http://www.ietf.org/rfc/rfc2195.txt [3] http://cr.yp.to/checkpwd.html [4] http://qmail.mirrors.space.net/netqmail/ [5] http://www.fehcom.de/qmail/smtpauth.html [6] http://shupp.org/patches/qmail-smtp-vlad.patch [7] http://www.gnu.org/licenses/gpl.html -alex