[exim] pam-mysql and exim4

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: sam
Dátum:  
Címzett: exim-users
Tárgy: [exim] pam-mysql and exim4
Hi,

I installed Exim4, MySQL40, PAM-MYSQL, Cyrus-SASL2,
Cyrus-SASL2-SASLAUTHD and Cyrus-IMAP22 in FreeBSD5.3.
I have verified that each authentication of login is handled by
pam-mysql and gone thru the user credential which stored in MySQL
database. However smtp authentication seems using different
authentication mech which is not supported by pam-mysql. The error when
sending email is:

2004-10-18 23:23:37 no host name found for IP address 192.168.4.235
2004-10-18 23:23:37 cram authenticator failed for ([192.168.4.235]) 
[192.168.4.235]: 435 Unable to authenticate at present 
(set_id=postmaster): lookup of "select clear from passwd where email = 
'postmaster' and clear != '' and smtp = 'yes'" gave DEFER: MYSQL 
connection failed: Host 'localhost.myserver.com' is not allowed to 
connect to this MySQL server    
As you can see the error indicated the authtentication is using cram. 
But pam-mysql only able to handle plaintext, crypt and mysql encryption 
only. As far as I known cram is md5 which is not included in pam-mysql. 
If this is not correcty, Can anyone show me a way how to define a 
consistent authentication mech in pam-mysql and exim configure file? 
Please see below for various configuration.


Your suggestion is highly appreciated.
Thanks
Sam

the /etc/pam.d/imap (and smtp) setup is:
auth required pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=name
passwdcolumn=clear crypt=0 sqllog=1
account sufficient pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=
name passwdcolumn=clear crypt=0 sqllog=1
auth sufficient pam_unix.so
account sufficient pam_unix.so

/usr/local/etc/imapd.conf config is:
lmtp_overquota_perm_failure: no
#lmtpsocket: /var/spool/imap/public/lmtp
normalizeuid: yes
partition-default: /var/spool/imap
poptimeout: 10
quotawarn: 90
reject8bit: no
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login cram-md5 digest-md5
sievedir: /var/db/imap/sieve
sendmail: /usr/local/sbin/exim

exim/configure:
# MySQL database host/db/user/pass
hide mysql_servers = 127.0.0.1/maildb/root/mypass

# Domains & Names
primary_hostname = at.myserver.com

# Domains
domainlist local_domains = \
${lookup mysql {SELECT domain FROM domains \
WHERE type="local" and domain="${domain}" }}
domainlist relay_to_domains = \
${lookup mysql {SELECT domain FROM domains \
WHERE type="relay" }}

# Relaying
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_rcpt = acl_check_rcpt
# qualify_domain = {primary_hostname}
# qualify_recipient = {primary_hostname}
# allow_domain_literals

# Never do _local_ delivery to these users.
never_users = root

# Name lookups
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s

begin acl

acl_check_rcpt:

 # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
 # testing for an empty sending host field.
 accept  hosts = :
 deny    local_parts   = ^.*[@%!/|]
 accept  local_parts   = postmaster
         domains       = +local_domains
 require verify        = sender
 accept  domains       = +local_domains
         endpass
         message       = unknown user          verify        = recipient
 accept  domains       = +relay_to_domains
         endpass
         message       = unrouteable address
         verify        = recipient
 accept  hosts         = 
+relay_from_hosts                                                                         


 accept  authenticated = 
*                                                                                         



 deny    message       = relay not permitted



begin routers

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

mysql_sys_aliases:
 driver = redirect
 allow_fail
 allow_defer
 data = ${lookup mysql{SELECT dest FROM aliases \
           WHERE email='${local_part}' AND \
           type="system"}}


mysql_aliases:
 driver = redirect
 allow_fail
 allow_defer
 data = ${lookup mysql{ SELECT dest FROM aliases \
           WHERE email='${local_part}@${domain}' AND \
           type="site"}}
mysql_user:
 driver = accept
 condition = ${lookup mysql{ SELECT home FROM passwd \
       WHERE email='${local_part}@${domain}'}}
 retry_use_local_part
 transport=mysql_delivery


begin transports

remote_smtp:
driver = smtp

mysql_delivery:
 driver = appendfile
 maildir_format
 directory = \
   ${lookup mysql{SELECT maildir FROM passwd \
     WHERE email='${local_part}@${domain}'}}
 user = \
   ${lookup mysql{SELECT uid FROM passwd \
     WHERE email='${local_part}@${domain}'}}
 group = \
   ${lookup mysql{SELECT gid FROM passwd \
     WHERE email='${local_part}@${domain}'}}


begin authenticators

cram:
       driver = cram_md5
       public_name = CRAM-MD5
       server_secret = ${lookup mysql{select clear from passwd where 
email = '${quote_mysql:$1}' and clear !
= '' and smtp = 'yes'}}
       server_set_id = $1


plain:
       driver = plaintext
       public_name = PLAIN
       server_condition = ${lookup mysql{select count(*) from passwd 
where email = '${quote_mysql:$2}' and c
lear = '${quote_mysql:$3}' and clear != '' and smtp = 'yes'}}
       server_set_id = $2


login:
       driver = plaintext
       public_name = LOGIN
       server_prompts = Username:: : Password::
       server_condition = ${lookup mysql{select count(*) from passwd 
where email = '${quote_mysql:$1}' and c
lear = '${quote_mysql:$2}' and clear != '' and smtp = 'yes'}}
       server_set_id = $1