[Exim] smtp auth + courier userdb (solution)

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Vineet Kumar
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [Exim] smtp auth + courier userdb (solution)
--
Hi everyone,

I apologize for a slight violation of netiquette by posting before
lurking for a while.

I've been integrating exim and courier imap, and I used Friso Kuiper's
setup for incoming mail delivery as I found it in the archives. I also
wanted to allow the use of the same usernames and passwords for relay
control authentication, but couldn't find anyone's solution posted for
that. In hopes that someone trying to set up the same thing in the
future might find this post in the archives and save some time, here's
how I ended up implementing it:

userdb_plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = \
    ${if \
      crypteq {$3} \
              {${extract{imappw}{${tr{${lookup{$2} \
                                 dbmnz{/usr/local/etc/userdbshadow.dat} \
                           }}{|}{ }}}}} \
      {yes} \
      {no} \
    }
  server_set_id = $2


userdb_login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = User Name : Password
  server_condition = \
    ${if \
      crypteq {$2} \
              {${extract{imappw}{${tr{${lookup{$1} \
                                 dbmnz{/usr/local/etc/userdbshadow.dat} \
                           }}{|}{ }}}}} \
      {yes} \
      {no} \
    }
  server_set_id = $1


I'm no expert, so I'd appreciate if the local gurus might make any
constructive comments about how to improve / clean / optimize those
stanzas. I should also point out that only the PLAIN authenticator has
been tested; the LOGIN one is the same idea, but there might be some
stupid error like the server prompts aren't what your client needs, or
something.

It's also worth pointing out that I wouldn't recommend using this unless
you're also using auth_over_tls_hosts = *, for the same reason I don't
recommend using IMAP unless it's over SSL.

And for completeness, I should also mention that I used the same SSL
certificate I use for IMAP/SSL by making it owned by the mail group and
chmod g+r. I also chgrp mail /usr/local/etc/userdbshadow.dat and
chmod g+r that as well, to allow exim to read the password hashes.

good times,
Vineet
--
http://www.doorstop.net/
--
[ Content of type application/pgp-signature deleted ]
--