buchar
n00b
Joined: 03 Mar 2007
Posts: 5
|
 Posted: Thu Feb 07, 2008 9:25 am Post subject: Qmail SMTP AUTH with checkpassword |
 |
|
I use Qmail with checkpassword for SMTP authentication, but I'm unable to authenticate during SMTP session.
I have enabled smtp session logging so I know that smtp client is using valid syntax. However the server always replies (after delay of few seconds) with:
| Code: | | 535 authentication failed (#5.7.1) |
I can't find any useful information in any of system logs. The problem is that I don't have good enough knowledge in linux to progress with following:
- is checkpassword really being run when I attempt to authenticate ?
- does qmail have permission to run checkpassword ?
- does checkpassword have permission to access passwords ?
This command worked for me, so it looks that checkpassword itself is able to authenticate:
| Code: | | printf "%s\0%s\0%s\0" fred bloggs Y123456 | /bin/checkpassword id 3<&0 |
checkpassword's octal permissions - 104755, owner=root, group=users
Contents of /var/qmail/control/conf-smtpd:
| Code: |
# Configuration file for qmail-smtpd
# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/files/conf-smtpd-r16,v 1.2 2005/08/14 11:01:44 hansmi Exp $
# Stuff to run before tcpserver
#QMAIL_TCPSERVER_PRE=""
# Stuff to run qmail-smtpd
#QMAIL_SMTP_PRE=""
# Stuff to after qmail-smtpd
#QMAIL_SMTP_POST=""
# this turns off the IDENT grab attempt on connecting
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
# fixcrio inserts missing CRs at the ends of lines. See:
# http://cr.yp.to/ucspi-tcp/fixcrio.html
# http://cr.yp.to/docs/smtplf.html
# DO NOT enable this when you are using SSL/TLS (USE=ssl)!
#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} fixcrio"
# You might want to use rblsmtpd with this, but you need to fill in a RBL
# server here first, see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more
# details
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r sbl-xbl.spamhaus.org"
# If you are interested in providing POP or IMAP before SMTP type relaying,
# emerge relay-ctrl, then uncomment the next 2 lines
#QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"
# In /etc/courier-imap/authdaemonrc add the next line to the end:
#authmodulelist="${authmodulelist} relay-ctrl-allow"
# Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl}
# Add this at the end
#PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir"
# This next block is for SMTP-AUTH
# WARNING: If you've installed qmail with USE=noauthcram, and you want to use
# the following programs, you proably need to install them.
# Example using cmd5checkpw
# See the manpage for cmd5checkpw for details on the passwords
#QMAIL_SMTP_CHECKPASSWORD="/bin/cmd5checkpw"
QMAIL_SMTP_CHECKPASSWORD="/bin/checkpassword"
# Example for checkpassword-pam (emerge checkpassword-pam)
# Don't forget to make /usr/bin/checkpassword-pam sticky (see README.auth)
#QMAIL_SMTP_CHECKPASSWORD="/usr/bin/checkpassword-pam -s system-auth"
[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {
[[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true
QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
}
|
Thanks for help ! Any advice would be really appreciated. |
|
Networking & Security
