Re: [exim] Exim + Dbmail md5 passwords

Top Page
Delete this message
Reply to this message
Author: Matiss
Date:  
To: exim-users
Subject: Re: [exim] Exim + Dbmail md5 passwords
Hey,
I thought I'd give a heads up on how I solved it. Let me first
describe a problem again in a couple of short words.
It was necessary to use passwords from dbmail mysql database to
authenticate users for SMTP. Since it was undesirable to create new
passwords for all 200+ users, and the previous mail system was keeping
passwords in shadow file, the shadow file password format had to be
accepted.
Configuring authenticators, it was clear that exim's md5 function
returns 16 character md5 sum, just as php returns it when using md5
etc. (or, as dbmail documentation calls it, md5-digest, which to me
doesn't sound correct). However, passwords imported from shadow file
has another md5 format, in dbmail documentation called md5-hash.
Now, the solution was to use saslauthd with rimap authentication
mechanism. Here's the config I used on FreeBSD.
1) in /etc/rc.conf
saslauthd_enable="YES"
saslauthd_flags="-a rimap -O localhost"
2) following authenticators
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
3) Launch saslauthd
/usr/local/etc/rc.d/saslauthd start
4) Restart exim
/usr/local/etc/rc.d/exim restart
So, hopefully this will save somebody couple of hours of head
scratching.
Best regards,
Matiss
Quoting Matiss : Hey all!
I have a question about exim+dbmail, and more specifically, about
exim MD5 function.
Now, my problem is that exim md5 returns md5-digest, right?
(example:
b59c67bf196a4758191e42f76670ceba) And, if I store the password in
md5-hash (which happens if I pull it from shadow file, example:
$1$5yTU7x61$W5QYRVZN6HVcuJFuB/WEi.) , it doesn't authenticate
against
it, of course.
The question is - can I somehow make exim read this md5-hash and
authenticate against it? Because I'd really hate to change
passwords
for all users (200+), and it happens so that now all of my users
have
their mail passwords in shadow file.
Here's my authenticators just in case
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT user_idnr FROM
dbmail_users
WHERE userid = '${quote_mysql:$2}' AND passwd =
'${md5:${quote_mysql:$3}}'}{1}fail}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{SELECT user_idnr FROM
dbmail_users
WHERE userid = '${quote_mysql:$1}' AND passwd =
'${md5:${quote_mysql:$2}}'}{1}fail}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users

## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
-- Tavs bezmaksas pasts Inbox.lv

Links:
------
[1] mailto:move@inbox.lv
From boris@??? Sat Jan 31 05:38:31 2009
Envelope-to: exim-users@???
Received: from mx.tagnet.ru ([80.64.16.35]:60411 helo?il.tagnet.ru)
    by tahini.csx.cam.ac.uk with esmtp (Exim 4.69)
    (envelope-from <boris@???>) id 1LT8Yd-0003rq-9d
    for exim-users@???; Sat, 31 Jan 2009 05:38:31 +0000
Received: from mx.tagnet.ru ([80.64.16.35] helo~bmail.tagnet.ru)
    by mail.tagnet.ru with esmtp (Exim 4.69 (FreeBSD))
    (envelope-from <boris@???>) id 1LT8Yc-000Lad-9a
    for exim-users@???; Sat, 31 Jan 2009 10:38:18 +0500
Received: from 80.64.28.33 (SquirrelMail authenticated user boris@???)
    by webmail.tagnet.ru with HTTP;
    Sat, 31 Jan 2009 10:38:18 +0500 (YEKT)
Message-ID: <d3f585a2c74c3224311e3f09008e46f9.squirrel@???>
In-Reply-To: <4982FEE0.1070305@???>
References: <372b2b13e182786ee186316d3aec01de.squirrel@???>
    <4982FEE0.1070305@???>
Date: Sat, 31 Jan 2009 10:38:18 +0500 (YEKT)
From: boris@???
To: exim-users@???
User-Agent: SquirrelMail/1.4.17
MIME-Version: 1.0
Content-Type: text/plain;charset?f-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Score: -0.3 (/)
X-Spam-Status: No, score?.3 required~0 tests?L.100, BAYES_00?.5,
    FORGED_RCVD_HELO.135,
    NO_REAL_NAME.961 autolearnO version^1.8
Subject: Re: [exim] smtp authenticators do domain auto qualify??
X-BeenThere: exim-users@???
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A user list for the exim MTA <exim-users.exim.org>
List-Unsubscribe: <http://lists.exim.org/mailman/listinfo/exim-users>,
    <mailto:exim-users-request@exim.org?subject?subscribe>
List-Archive: <http://lists.exim.org/lurker/list/exim-users.html>
List-Post: <mailto:exim-users@exim.org>
List-Help: <mailto:exim-users-request@exim.org?subject?lp>
List-Subscribe: <http://lists.exim.org/mailman/listinfo/exim-users>,
    <mailto:exim-users-request@exim.org?subject?bscribe>
X-List-Received-Date: Sat, 31 Jan 2009 05:38:31 -0000


Hello!

Thanks! That's exactly what I need.
>> Hello!
>>
>> I have a strange problem with plaintext authenticators. It looks like
>> auto
>> domain qualify. Authenticator configuration:
>>
>> As I use virtual domains, users are authenticated useing
>> username@domain.
>
> You have to tell exim that you're doing that:
>
> http://lists.exim.org/lurker/message/20080108.212216.6f151774.en.html
>
> - Marc
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


Respect,
Boris