Re: [HELP] courier-authdaemon frustration
On Mon, Nov 22, 2004 at 09:44:54PM +0100, Mark Lijftogt wrote: Well.. looking back at my reply it was a bit short, rude and not realy helpfull (and that can be seen as an understatement). Sorry for that. Hi Mark... No prob. No offensive taken. :-) The authmysqlrc for courier is a real pain.. it took me about 10 try's to get it right. When I started over for the last time, I took the following in account; I have noticed the same thing. Looking on Google, it appears we aren't alone. Even Courier's web site mentions authdaemon it is hit and miss with some people. :-/ That's not right. I'm at more than 10 attempts myself. If the debug info was more verbose, I could figure it out. I am seriously considering filing a wish-list bug report against the Debian package when I finally get this working. Things shouldn't be this difficult to configure. I checked the mysql account information (could it be a simple username and password error), Done. It looks correct. The same username and password work correctly when postfix+mysql delivers to the virtual mailbox. I have tried other virtual mailboxes on the server besides the dummy 'foobar' one. Same result and in every case postfix+mysql delivers the mail but imap login fails. I'm almost to the point of hacking the source to see what's going on. But I shouldn't have to. :-/ made sure there were no (trailing) spaces in the authmysqlrc Done. re-done and done again. (only tabs), done and re-done. Tried only spaces, too, but that no difference. usage of only single quotes (around the GID_FIELD, UID_FIELD and HOME_FIELD) Ahhh, okay partially done. Only around HOME_FIELD but not the other two. Will change that. and that the GID_FIELD and UID_FIELD are the uid and gid of postfix.. and NOT mysql. Okay, I'm a little confused here. According to Christoph Haas's tutorial on workaround.org, he set up separate user:group for the virtual mailboxes: vmail:vmail. In my current re-attempt, I followed Christoph's instructions to the letter thinking previously I was doing something wrong. The UID:GID for vmail is 5000:5000. These are what I used in authmysqlrc GID_FIELD and UID_FIELD (but without single quotes). On my server, postfix is UID:GID 101:103 and mysql is 103:105. Are you suggesting that despite Christoph's instructions I should be using 101 and 103 for UID_FIELD and GID_FIELD, respectively? That was apparently enough to get that part running. Well, if I can get passed this problem of logging into the Courier's imap-ssl server, I think I will be in good shape! Thanks for the advice! bob -- bob billsonemail: [EMAIL PROTECTED] ham: kc2wz /) [EMAIL PROTECTED] beekeeper -8|||} Níl aon tinteán mar do thinteán féin. --DorothyLinux geek \) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] courier-authdaemon frustration
On Mon, Nov 22, 2004 at 10:10:19PM +0100, Philipp Kern wrote: The authmysqlrc for courier is a real pain.. it took me about 10 try's to get it right. When I started over for the last time, I took the following in account; It isn't. It *is* commented ok, and the easiest thing to do is to put in a customized MySQL query to suit your needs. I agree authmysqlrc is mostly commented well. Although, it is somewhat silent on where (or not) single/double quotes are needed. Unfortunately, my experience, thusfar, even following the comments is no guarantee of success. This seems to be the sticking point with all Courier's config files. The config file parser is very pedantic, which is fine to a point. The error message imaplogin: authdaemon: TEMPFAIL - no more modules will be tried is terribly unhelpful. Kind of like many Windows' error messages. You know something is wrong, but where? :-/ The customized query maybe the way to go; although it seems to be a bad hack to solve the underlaying problem, no? I am missing something? bob -- bob billsonemail: [EMAIL PROTECTED] ham: kc2wz /) [EMAIL PROTECTED] beekeeper -8|||} Níl aon tinteán mar do thinteán féin. --DorothyLinux geek \) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] courier-authdaemon frustration
On Tue, 2004-11-23 at 17:27, Bob Billson wrote: The customized query maybe the way to go; although it seems to be a bad hack to solve the underlaying problem, no? I am missing something? I used courier-webadmin to set the MySQL authdaemon as the way to go... Then I have this set of queries: MYSQL_SELECT_CLAUSE SELECT CONCAT(localpart, '@', domain), \ ENCRYPT(password), \ password, \ uid, \ gid, \ '/var/mail/vdomains/$(domain)/$(local_part)', \ '', \ quota, \ fullname, \ options \ FROM users \ WHERE localpart = '$(local_part)' \ AND domain = '$(domain)' MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(localpart, '@', domain), \ uid, \ gid, \ '/var/mail/vdomains/$(domain)/$(local_part)', \ '' \ FROM users \ WHERE localpart = '$(local_part)' \ AND domain = '$(domain)' MYSQL_CHPASS_CLAUSE UPDATE users \ SET password='$(newpass)' \ WHERE localpart='$(local_part)' \ AND domain='$(domain)' Although I don't know of the latter that it really works. You get rid of all the other fields except of MySQL session information. You could replace things like ``uid'' and ``gid'' to the integer value used on your system (I used DEFAULT values in the table instead) like common in SQL. There's also the possibility to use CONCAT('/var/mail/vdomains/', domain, '/', localpart) instead of the hackish way I chose. Regards, Philipp Kern signature.asc Description: This is a digitally signed message part
Re: [HELP] courier-authdaemon frustration
On Mon, Nov 22, 2004 at 07:54:42AM +0100, Mark Lijftogt wrote: Could this be a bit more logical ? I'm missing session information for your courier authdaemon. Hi Mark! Thanks for answering. I intentionally X'd it out. I'd rather not post passwords to an open list. My firewall blocks outside attempts to access the mysql server, so posting this information is not very useful, is it? bob -- bob billsonemail: [EMAIL PROTECTED] ham: kc2wz /) [EMAIL PROTECTED] beekeeper -8|||} Níl aon tinteán mar do thinteán féin. --DorothyLinux geek \) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] courier-authdaemon frustration
On Mon, Nov 22, 2004 at 03:23:31PM -0500, Bob Billson wrote: On Mon, Nov 22, 2004 at 07:54:42AM +0100, Mark Lijftogt wrote: Could this be a bit more logical ? I'm missing session information for your courier authdaemon. Hi Mark! Thanks for answering. I intentionally X'd it out. I'd rather not post passwords to an open list. My firewall blocks outside attempts to access the mysql server, so posting this information is not very useful, is it? Well.. looking back at my reply it was a bit short, rude and not realy helpfull (and that can be seen as an understatement). Sorry for that. The authmysqlrc for courier is a real pain.. it took me about 10 try's to get it right. When I started over for the last time, I took the following in account; I checked the mysql account information (could it be a simple username and password error), made sure there were no (trailing) spaces in the authmysqlrc (only tabs), usage of only single quotes (around the GID_FIELD, UID_FIELD and HOME_FIELD) and that the GID_FIELD and UID_FIELD are the uid and gid of postfix.. and NOT mysql. That was apparently enough to get that part running. bob -- bob billsonemail: [EMAIL PROTECTED] ham: kc2wz /) [EMAIL PROTECTED] beekeeper -8|||} N?l aon tinte?n mar do thinte?n f?in. --DorothyLinux geek \) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] courier-authdaemon frustration
On Mon, 2004-11-22 at 21:44, Mark Lijftogt wrote: The authmysqlrc for courier is a real pain.. it took me about 10 try's to get it right. When I started over for the last time, I took the following in account; It isn't. It *is* commented ok, and the easiest thing to do is to put in a customized MySQL query to suit your needs. Regards, Philipp Kern -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[HELP] courier-authdaemon frustration
Hi all! Helppp!! I am having a frustrating time and can use some help! Using Christoph Haas's tutorial (http://workaround.org/articles/ispmail-sarge/) I am trying to set up a server with virtual mailboxes using postfix, mysql and courier-imap-ssl. The machine is an up-to-date Debian testing box. I have the postfix/mysql part working great. Mail is delivered to the virtual mailboxes. Getting courier-imap-ssl working is proving extremely frustrating. The culprit seems to be courier-authdaemon, which annoyingly, doesn't provide much useful debug info in the logs. :-/ Googling turns up quite a few references to courier-authdaemon's TEMPFAIL errors but no real solutions. Mention is made to be sure there are no trailing spaces in /etc/courier/ config files. Some say spaces can be used to separate the values in each line. Others say only use tabs. I have tried both ways--no difference. I have gone over the config files carefully. From a remote machine I tried: telnet -z ssl theshed.dhs.org 993 (which connects gets a response from IMAP) . login foobar foobarsecret (dummy test account I created) . NO login failed.(server's response) Connection closed by foreign host. On the server side I get: in /var/log/debug ... Nov 21 15:43:02 pigpen imapd-ssl: LOGIN: DEBUG: ip=[:::x.x.x.x], command=LOGIN Nov 21 15:43:02 pigpen imapd-ssl: LOGIN: DEBUG: ip=[:::x.x.x.x], [EMAIL PROTECTED] Nov 21 15:43:02 pigpen imapd-ssl: LOGIN: DEBUG: ip=[:::x.x.x.x], password=foobarsecret Nov 21 15:43:02 pigpen imapd-ssl: authdaemon: starting client module Nov 21 15:43:02 pigpen imapd-ssl: authdaemon: TEMPFAIL - no more modules will be tried Nov 21 15:43:07 pigpgen imapd-ssl: LOGIN FAILED, ip=[:::x.x.x.x] In /var/log/mysql/mysql.log ... 041121 19:22:18 136 Connect [EMAIL PROTECTED] on 136 Init DB provider 136 Query SELECT email, , , 5000, 5000, '/home/vmail', concat(email,'/'), , , FROM users WHERE email = [EMAIL PROTECTED] 136 Quit 137 Connect [EMAIL PROTECTED] on 137 Init DB provider 137 Query SELECT email, , , 5000, 5000, '/home/vmail', concat(email,'/'), , , FROM users WHERE email = [EMAIL PROTECTED] 137 Quit NOTE: The before 'FROM users' seems wrong. But don't know where it comes from, i.e. there are no extra quotes in the config files. I'll append the config files below. I'd appreciate any help getting Courier authdaemon going. From Google searches, etc. I have learned lots of folks seem to have problems with authdaemon--and many don't. Seems to be very black magic stuff, which is very annoying when you don't have the spells. I like Courier but this becoming a real bear to configure. At this point, I would gladly switch if there were a better IMAP-SSL server UW's is to slow. I'm open to suggestions. Help? Clues would be most welcome!! I'm running out of hair to pull. :-) Thanks for the help... bob And the config files set up as recommended in Christoph's tutorial... /etc/courier/authmysqlrc: MYSQL_SERVER127.0.0.1 MYSQL_USERNAME XXX MYSQL_PASSWORD MYSQL_SOCKET/var/run/mysqld/mysqld.sock #MYSQL_PORT 3306 MYSQL_PORT 0 MYSQL_OPT 0 MYSQL_DATABASE provider MYSQL_USER_TABLEusers MYSQL_CLEAR_PWFIELD DEFAULT_DOMAIN theshed.dhs.org MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD/home/vmail MYSQL_MAILDIR_FIELD concat(email,'/') # /etc/courier/authdaemonrc: authmodulelist=authmysql authmodulelistorig=authcustom authcram authuserdb authldap authmysql authpam daemons=5 version= authdaemonvar=/var/run/courier/authdaemon /etc/courier/imapd ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=20 PIDFILE=/var/run/courier/imapd.pid TCPDOPTS=-nodnslookup -noidentlookup AUTHMODULES=authdaemon AUTHMODULES_ORIG=authdaemon #DEBUG_LOGIN=0 DEBUG_LOGIN=2 IMAP_CAPABILITY=IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE # IMAP_KEYWORDS=1 IMAP_IDLE_TIMEOUT=60 IMAP_CAPABILITY_TLS=$IMAP_CAPABILITY AUTH=PLAIN IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/etc/courier/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=/home/vmail And /etc/courier/imapd-ssl: SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/imapd-ssl.pid IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 DEBUG_LOGIN=2 COURIERTLS=/usr/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/etc/courier/imapd.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288
Re: [HELP] courier-authdaemon frustration
On Sun, Nov 21, 2004 at 08:13:43PM -0500, Bob Billson wrote: Hi all! Helppp!! /etc/courier/authmysqlrc: MYSQL_SERVER 127.0.0.1 MYSQL_USERNAMEXXX MYSQL_PASSWORD MYSQL_SOCKET /var/run/mysqld/mysqld.sock #MYSQL_PORT 3306 MYSQL_PORT0 MYSQL_OPT 0 MYSQL_DATABASEprovider MYSQL_USER_TABLE users MYSQL_CLEAR_PWFIELD DEFAULT_DOMAINtheshed.dhs.org MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD /home/vmail MYSQL_MAILDIR_FIELD concat(email,'/') # Could this be a bit more logical ? I'm missing session information for your courier authdaemon. #DEFAULT_DOMAIN domain.tld MYSQL_CRYPT_PWFIELD password MYSQL_DATABASE postfix MYSQL_GID_FIELD '102' MYSQL_HOME_FIELD'/usr/local/virtual' MYSQL_LOGIN_FIELD username MYSQL_MAILDIR_FIELD maildir MYSQL_NAME_FIELDname MYSQL_OPT 0 MYSQL_PASSWORD ## --- mysql session login #MYSQL_PORT 0 #MYSQL_QUOTA_FIELD quota MYSQL_SERVERlocalhost # MYSQL_SOCKET /var/run/mysqld/mysql.sock # Default RedHat Socket #MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_UID_FIELD '102' MYSQL_USERNAME postfix --- username serssion login. MYSQL_USER_TABLEmailbox #MYSQL_WHERE_CLAUSE server='mailhost.example.com' Cheers, Mark -- bob billsonemail: [EMAIL PROTECTED] ham: kc2wz /) [EMAIL PROTECTED] beekeeper -8|||} N?l aon tinte?n mar do thinte?n f?in. --DorothyLinux geek \) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]