Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
On Thursday 12 January 2006 18:35 kashani wrote: Looks like I'm a bit behind the curve. Good to know you can just connect directly. In other weirdness the Gentoo Virtual How-to manages to use the old cyrus-sasl config that went with pam_mysql and then dropped pam_mysql from the how-to. Then went on to mention using authlib, without actually compiling any support for it or changing the config. If you want to configure it, like me: If it's not working, because you can't logon to *sql-server, have a look at username and password. Maybe there is a space at the end of the line. It took me two days to find out, where's the problem. kashani HAND, Steffen pgp7Dxd5rfnpO.pgp Description: PGP signature
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Roberts wrote: By the way, I would recommend these two guides for anyone setting up an email server for the first time. They may not be perfect, but they are much easier to follow than most of the howto's I've run into. Bill Roberts Today I've found great HOWTO copy-paste style to set postfix / mysql / courier-imap / cyrus-sasl / spamassassin / razor / pyzor / dcc / amavis / clamav. I follow it now and at this time i got succeed and to end i got to setup spamassassin. http://www.howtoforge.com/virtual_postfix_mysql_quota_courier - -- Paweł Madej aka Nysander Member of QuanTeam | RLU #357047 http://wiki.quanteam.info | Gentoo Linux User http://forum-farmaceutyczne.org | GPG key: 5861680B | keyserver: http://pgp.mit.edu Kielce, Poland | UTF-8 Email Preferred -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDx8khgvSMglhhaAsRAlGeAKCI8pCEaB3nvLIwaBjYI4ZGKcea0ACeJ/jV XmwbjFOjKW/IcfN9Hjm/Wlg= =w6R4 -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Steffen Zieger wrote: If you want to configure it, like me: If it's not working, because you can't logon to *sql-server, have a look at username and password. Maybe there is a space at the end of the line. It took me two days to find out, where's the problem. I got to thinking about this some and started to recall the details. I think pam_mysql was required in order to support virtual and local users since many users are doing their own mail with local accounts and then some virtual stuff for customers or friends. I'm not sure if authdaemon can do that. Since I'm build yet another virtual mail system this weekend I might be able to do a few tests and update some fo the virtual how-tos on the wiki. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
On Wednesday 11 January 2006 22:51 kashani wrote: Courier-imap 4.0 and up began using courier-authlib. Since you have to run authlib to use courier-imap, many virtual how-to's started slaving cyrus-sasl off authlib rather than have it talk to Mysql directly through pam_mysql. Also with authlib you could use encrypted passwords SASL-Authentication for Postfix (and maybe Cyrus-Imap, I've not checked it right now) is also possible through *SQL without the need of Pam using cyrus-sasl. cyrus-sasl _must_ be compiled with support for MySQL or something like that. Content of my /etc/sasl2/smtpd.conf: pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN LOGIN log_level: 1 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_user: USER sql_passwd: PASSWORD sql_database: Hosting sql_select: SQL_SELECT_STRING sql_verbose: no sql_usessl: no kashani HAND, Steffen pgpenEFUslPMH.pgp Description: PGP signature
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Steffen Zieger wrote: SASL-Authentication for Postfix (and maybe Cyrus-Imap, I've not checked it right now) is also possible through *SQL without the need of Pam using cyrus-sasl. cyrus-sasl _must_ be compiled with support for MySQL or something like that. Content of my /etc/sasl2/smtpd.conf: pwcheck_method: auxprop auxprop_plugin: sql mech_list: PLAIN LOGIN log_level: 1 password_format: crypt sql_engine: mysql sql_hostnames: localhost sql_user: USER sql_passwd: PASSWORD sql_database: Hosting sql_select: SQL_SELECT_STRING sql_verbose: no sql_usessl: no Looks like I'm a bit behind the curve. Good to know you can just connect directly. In other weirdness the Gentoo Virtual How-to manages to use the old cyrus-sasl config that went with pam_mysql and then dropped pam_mysql from the how-to. Then went on to mention using authlib, without actually compiling any support for it or changing the config. gah. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cyrus-sasl, courier-authlib, which one? or both?
Bill Roberts wrote: I am planning on building a simpler email system (I don't use imap, virtual domains, or a user database). In my quest for Zen-like simplicity and rock-solid quality, I'm planning on using postfix, plus courier as a pop3 server. For authentication, some guides use sasl, some use authlib. Which is better?? And why would anyone use both?! They seem to both serve the same function. Any suggestions/pointer appreciated. There are a number of different services and auth'ing going on in your mail system as proposed. Courier-imap provides imap and pop. Authlib provides authentication for all Courier processes. Authlib can auth from local accounts, mysql, postgres, or ldap. cyrus-sasl provides smtp auth for Postix in order to relay from places that aren't in your allowed IP space. cyrus-sasl can use a few different backends to auth as well which is where the problems come in. Courier-imap 4.0 and up began using courier-authlib. Since you have to run authlib to use courier-imap, many virtual how-to's started slaving cyrus-sasl off authlib rather than have it talk to Mysql directly through pam_mysql. Also with authlib you could use encrypted passwords in your db whereas you could not with pam_mysql. Additionally why troubleshoot two different auth mechanisms and and have yet another package on your system. And finally authlib supports pam, ldap, mysql, and postgres in a single place. For completeness authlib updates have caused the occasional auth issue though they seem to have settled down over the last six months. In summary: sasl + pam_mysql = the suck, IMO If you don't need any virtual nonsense I'd compile postfix, courier-imap, and cyrus-sasl with -mysql. I'd also compile cyrus-sasl -authdaemond and just run a normal system. Everything will default to local system accounts, though you might need to config /etc/sasl2/smtpd.conf to do that. I do this on my personal box and haven't had any issues over the past 3 1/2 years. kashani -- gentoo-user@gentoo.org mailing list
