qmail-smtpd-auth is a patch that adds support for SMTP AUTH protocol to qmail, allowing users to authenticate when sending email.
If you're looking to learn more about SMTP AUTH itself, you can visit the SMTP AUTH page. The patch adds the ESMTP AUTH option to qmail-1.03, allowing for the implementation of the aforementioned authentication types. However, an appropriate checkpassword tool is required to support authentication. Find more information about the interface on the website.
Note that the checkpassword tool will need to support all of the AUTH types advertised by qmail-smtpd. As indicated in the modified qmail-smtpd(8) man page, qmail-smtpd must be invoked with three arguments, namely hostname, checkprogram, and subprogram. Failure to invoke these arguments correctly will result in qmail-smtpd only advertising availability of AUTH but failing with a permanent error when AUTH is used.
The hostname argument is merely used to form the CRAM-MD5 challenge. When invoked, qmail-smtpd invokes checkprogram with the username and password for LOGIN or PLAIN, and the username, challenge, and response for CRAM-MD5. If the username and password are correct, checkprogram invokes subprogram, which only has to exit with a status of 0 for the user to be authenticated. If the user isn't permitted, checkprogram exits with a non-zero status. Additionally, subprogram can usually be /usr/bin/true or /bin/true, depending on your OS.
On successful authentication, the RELAYCLIENT environment variable is set for the SMTP session, and the TCPREMOTEINFO environment variable is set to the authenticated username, overriding any value that tcpserver may have set. Additionally, the value of TCPREMOTEINFO is reflected in a Received header.
One notable change in this release is that the TCPREMOTEINFO environment variable has been set to the authenticated username. This was not the case before. However, there was also a reported bug of AUTH PLAIN 334 response not being RFC compliant, which has also been fixed.
Version 0.31: N/A