Exim4u Login Failed After Debian Upgrade

Published by Torry Crass on

Exim4u is a PHP based web management portal for the Exim mail daemon. This is a great utility for anyone using the Exim e-mail daemon as it allows for ease of account administration by both site owners and account holders.

exim4u

The software has been around for many years now and, while it probably is due for an overhaul or feature expansion, it still works great for what it is intended.

Mostly…

In the latest versions of PHP which is used in Debian version Wheezy and after the encryption scheme was changed to SHA512 rather than the one that Exim4u was designed to work with, MD5.

With this change, Initial account creation still works without trouble and other services, like POP3 and IMAP, also work fine, but accounts created on the systems using the newer versions of PHP (such as Debian Wheezy) will not be able to log into the management portal.

Currently, as far as I've seen, there hasn't been any discussion of a patch to correct this problem. There is however, a work-around that was published to the mailing list by a very generous Michael Seidel (http://exim4u.org/pipermail/users/2014-August/000226.html).

The solution he poses that worked for me is shown in brevity below:

How do you know if this affects you?
– If you look in your DB and find password schemes that start with $1$XXXX these are MD5
– If you look in your DB and find password schemes that start with $6$XXXX these are SHA512
– In my case, the MD5 passwords work fine, the SHA512 do not because the exim4u code doesn't have a way to process SHA512 passwords.

To resolve this, you'll need to open the functions.php file under the config folder in your exim4u folder (exim4u/config/functions.php)

Locate the following function:

function crypt_password($clear, $salt = '')
    {
        global $cryptscheme;

        if ($cryptscheme == 'sha')
        {
...

Now, you'll want to insert the following:

                if ($cryptscheme == 'sha512')
                {
                   $salt = substr($salt, 0, 16);
                }
                else

Where it's indicated below:

            if ($salt != '')
            {

        ## INSERT CODE ABOVE HERE ##

                if ($cryptscheme == 'des')
                {
                    $salt = substr($salt, 0, 2);
                }

You will also need to change your $cryptscheme variable in the variables.php file located in the same folder as functions.php, such as to how Michael has suggested below:

/* Set to either "sha", "sha512", "des" or "md5" depending on your crypt() libraries */
  $cryptscheme = "sha512";

This should take care of the problem and allow the SHA512 accounts to now log into the management portal as well. A huge THANK YOU and credit to Michael Seidel for figuring this out and then pointing me toward the post!


0 Comments

Leave a Reply