qmail-smtpd AUTH+STARTTLS patch 20020509 Eric M. Johnston, emj@postal.net This patch adds the ESMTP AUTH and STARTTLS options to qmail-1.03, allowing the LOGIN, PLAIN, and CRAM-MD5 AUTH types and session encryption. The motivation for this patch is to make use of the LOGIN and PLAIN authentication types safer. It has been tested with both Microsoft Outlook and Netscape Communicator. This patch is unsupported. You'll have to figure it out yourself and use at your own risk. Frederik's patch (referenced below) contains a lot of useful info; also, the qmail-smtpd(8) man page has been modified to reflect the changes. Note that it's very possible use of the SSL library is completely wrong and unsafe; I have not invested a lot of time into understanding the API. Please report bugs, incompatibilities, successes, etc. to emj@postal.net. The latest version of this software will be posted at http://emj.postal.net/patches/. Acknowledgments This patch is based on work by Krzysztof Dabrowski at http://members.elysium.pl/brush/qmail-smtpd-auth/, ``Mrs. Brisby'' at http://www.nimh.org/hacks/qmail-smtpd.c, and Frederik Vermeulen at http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch. Changes 20020509: bug: AUTH PLAIN 334 response not RFC compliant. Reported by Mark Crispin . 20011021: initial release --- THIS SOFTWARE IS IN THE PUBLIC DOMAIN, IS PROVIDED BY THE AUTHOR ``AS IS,'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.