On 3 Jun 2017, at 12:31, Amitai Schleier wrote:
> I intend to factor all the SMTP AUTH behavior out to a new "ofmipup"
> program, at the end of which I suspect my ofmipd will be identical (or
> very nearly so) to DJB's original, and my three desired config options
> will work like so:
>
> 1. As root, "ofmipup checkpassword ofmipd"
> 2. As root, "ofmipup -u qmaild checkpassword ofmipd"
> 3. As qmaild, "ofmipd"
>
> stunnel has been fine for me, so I plan to avoid learning anything
> about TLS while solving this problem. ;-)
Progress: the above program is now called "authup", I'm nearly finished
with a redesigned approach to SMTP AUTH for qmail, and I've succeeded at
not needing to think much about TLS yet.
acceptutils, once released, will add a handful of small new programs
that fit together nicely with vanilla qmail/netqmail/mess822.
It _may_ offer improved security -- if I've done a good job, I believe
so -- and will definitely offer improved functionality. Teaser: it makes
both ofmipd and pymsgauth useful in new ways.
I'd love to get review and feedback on
https://schmonz.com/qmail/acceptutils/, and/or to hear from folks who
might be interested to try it out.
Thanks,
- Amitai
> I intend to factor all the SMTP AUTH behavior out to a new "ofmipup"
> program, at the end of which I suspect my ofmipd will be identical (or
> very nearly so) to DJB's original, and my three desired config options
> will work like so:
>
> 1. As root, "ofmipup checkpassword ofmipd"
> 2. As root, "ofmipup -u qmaild checkpassword ofmipd"
> 3. As qmaild, "ofmipd"
>
> stunnel has been fine for me, so I plan to avoid learning anything
> about TLS while solving this problem. ;-)
Progress: the above program is now called "authup", I'm nearly finished
with a redesigned approach to SMTP AUTH for qmail, and I've succeeded at
not needing to think much about TLS yet.
acceptutils, once released, will add a handful of small new programs
that fit together nicely with vanilla qmail/netqmail/mess822.
It _may_ offer improved security -- if I've done a good job, I believe
so -- and will definitely offer improved functionality. Teaser: it makes
both ofmipd and pymsgauth useful in new ways.
I'd love to get review and feedback on
https://schmonz.com/qmail/acceptutils/, and/or to hear from folks who
might be interested to try it out.
Thanks,
- Amitai