Hi,
I installed Exim4, MySQL40, PAM-MYSQL, Cyrus-SASL2,
Cyrus-SASL2-SASLAUTHD and Cyrus-IMAP22 in FreeBSD5.3.
I have verified that each authentication of login is handled by
pam-mysql and gone thru the user credential which stored in MySQL
database. However smtp authentication seems using different
authentication mech which is not supported by pam-mysql. The error when
sending email is:
2004-10-18 23:23:37 no host name found for IP address 192.168.4.235
2004-10-18 23:23:37 cram authenticator failed for ([192.168.4.235])
[192.168.4.235]: 435 Unable to authenticate at present
(set_id=postmaster): lookup of "select clear from passwd where email =
'postmaster' and clear != '' and smtp = 'yes'" gave DEFER: MYSQL
connection failed: Host 'localhost.myserver.com' is not allowed to
connect to this MySQL server
As you can see the error indicated the authtentication is using cram.
But pam-mysql only able to handle plaintext, crypt and mysql encryption
only. As far as I known cram is md5 which is not included in pam-mysql.
If this is not correcty, Can anyone show me a way how to define a
consistent authentication mech in pam-mysql and exim configure file?
Please see below for various configuration.
Your suggestion is highly appreciated.
Thanks
Sam
the /etc/pam.d/imap (and smtp) setup is:
auth required pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=name
passwdcolumn=clear crypt=0 sqllog=1
account sufficient pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=
name passwdcolumn=clear crypt=0 sqllog=1
auth sufficient pam_unix.so
account sufficient pam_unix.so
/usr/local/etc/imapd.conf config is:
lmtp_overquota_perm_failure: no
#lmtpsocket: /var/spool/imap/public/lmtp
normalizeuid: yes
partition-default: /var/spool/imap
poptimeout: 10
quotawarn: 90
reject8bit: no
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login cram-md5 digest-md5
sievedir: /var/db/imap/sieve
sendmail: /usr/local/sbin/exim
exim/configure:
# MySQL database host/db/user/pass
hide mysql_servers = 127.0.0.1/maildb/root/mypass
# Domains & Names
primary_hostname = at.myserver.com
# Domains
domainlist local_domains = \
${lookup mysql {SELECT domain FROM domains \
WHERE type="local" and domain="${domain}" }}
domainlist relay_to_domains = \
${lookup mysql {SELECT domain FROM domains \
WHERE type="relay" }}
# Relaying
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_rcpt = acl_check_rcpt
# qualify_domain = {primary_hostname}
# qualify_recipient = {primary_hostname}
# allow_domain_literals
# Never do _local_ delivery to these users.
never_users = root
# Name lookups
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
deny local_parts = ^.*[@%!/|]
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts =
+relay_from_hosts
accept authenticated =
*
deny message = relay not permitted
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
mysql_sys_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT dest FROM aliases \
WHERE email='${local_part}' AND \
type="system"}}
mysql_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{ SELECT dest FROM aliases \
WHERE email='${local_part}@${domain}' AND \
type="site"}}
mysql_user:
driver = accept
condition = ${lookup mysql{ SELECT home FROM passwd \
WHERE email='${local_part}@${domain}'}}
retry_use_local_part
transport=mysql_delivery
begin transports
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
maildir_format
directory = \
${lookup mysql{SELECT maildir FROM passwd \
WHERE email='${local_part}@${domain}'}}
user = \
${lookup mysql{SELECT uid FROM passwd \
WHERE email='${local_part}@${domain}'}}
group = \
${lookup mysql{SELECT gid FROM passwd \
WHERE email='${local_part}@${domain}'}}
begin authenticators
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{select clear from passwd where
email = '${quote_mysql:$1}' and clear !
= '' and smtp = 'yes'}}
server_set_id = $1
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{select count(*) from passwd
where email = '${quote_mysql:$2}' and c
lear = '${quote_mysql:$3}' and clear != '' and smtp = 'yes'}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${lookup mysql{select count(*) from passwd
where email = '${quote_mysql:$1}' and c
lear = '${quote_mysql:$2}' and clear != '' and smtp = 'yes'}}
server_set_id = $1