auth_imap plugin
I just installed qpsmtpd tonight, it's quite nice. One piece of functionality that appears to be missing is a useful SMTP auth (besides auth_vpopmail_sql, which isn't useful to me inparticular) plugin. Here's one I threw together that uses my local IMAP server for authentication. If anyone is interested in using it, please feel free. I figure that since my IMAP server already knows all the authentication mechanisms I'm planning on using, I might as well just let it do what it already does well. I've only tested this on my own server, it requires Net::IMAP::Simple, and I make no guarantees. I have code for a auth_imap server foo.com config option but frankly haven't tested it as it defaults to localhost. YMMV, but it works great for me. auth_imap Description: Binary data smime.p7s Description: S/MIME cryptographic signature
Re: auth_vpopmail_sql
Hi Jeff, I wrote a plugin that I posted to this list a while back that will authenticate to the local IMAP server, so if you already have IMAP or POP3 setup on your server with whatever backend authentication mechanisms you might need (vpopmail, etc), you don't have to worry about a second authentication method or different way of accessing them. Seems reasonable that if you can send mail you probably can check it too. :) If you can't find it in the archives, feel free to e-mail me directly. Not sure how to do TLS although I'd be interested in the ability. On Mar 29, 2005, at 11:20 PM, Jeff Roberts wrote: as best I can tell this plugin was written for a vpopmail install that lacks virtual domains. my vpopmail db does not contain a vpopmail table within it, but it has tables for each virtual domain hosted. I hacked up the code to get the smtp auth i needed for one domain temporarily but I'd be interested in adding support for vdomains if thats actually my problem. On Tue, 29 Mar 2005 21:14:39 -0500, Bob [EMAIL PROTECTED] wrote: Bob wrote: Fred Moyer wrote: Jeff Roberts wrote: hello, I'd like to use the auth_vpopmail_sql plugin so that some remote users can send thru our mail server, but I can't find any examples of folks using it so I'm not sure where to put it in config/plugins or the syntax to call it. Could anyone give me an example config that uses that plugin? Sure! In config/plugins I have: ... auth/auth_vpopmail_sql quit_fortune check_earlytalker And in plugins/auth/auth_vpopmail_sql you need to configure the database connection: 66 my $connect = dbi:mysql:dbname=vpopmail:host=my_database_host; 67 my $dbuser = my_vpopmail_user; 68 my $dbpasswd = my_vpopmail_user_password; It's as simple as that! Any way to tls-tunnel the transfer of password? sql is more understandable than ldap, that's a plus. -Bob Dodds I mean tls tunnel the sender-to-mta transfer of password (presumably the sql server is on an internal link to mta). -Bob smime.p7s Description: S/MIME cryptographic signature
Re: auth_vpopmail_sql
You are certainly correct, it was written for my own personal use. On my system, I use vmailmgr which stores its passwd info in cdb files owned by the user in their home dir... no way for a non-root process to read them that I can think of. I think that is why Jeff asked about the possibility of using some sort of SSL frontend which would be nice to see. Of course, if anyone else has methods for dealing with vmailmgr usernames I'd be happy to hear them. On Apr 1, 2005, at 6:41 AM, John Peacock wrote: Christopher Heschong wrote: Hi Jeff, I wrote a plugin that I posted to this list a while back that will authenticate to the local IMAP server, so if you already have IMAP or POP3 setup on your server with whatever backend authentication mechanisms you might need (vpopmail, etc), you don't have to worry about a second authentication method or different way of accessing them. The one caveat being that your implementation only supports cleartext methods like auth-plain (and auth-login if you added it). Because you need the cleartext password to perform the backend authentication, there is no way to support auth-cram-md5. That may be an acceptable limitation for some sites, but doesn't lend itself to a generalized solution. John smime.p7s Description: S/MIME cryptographic signature
Re: PATCH: Don't reveal version in SMTP greeting
On Jul 2, 2005, at 5:06 AM, Ask Bjørn Hansen wrote: ... Why? If it's for security, will it really make a difference? Does it give any information out that an attacker can use? If there ever is a security problem in qpsmtpd (unlikely, but I suppose possible), wouldn't the attacker just hit SMTP servers at random for it anyway? Or if doing a more targeted attack, surely they'll try no matter what the version string says or doesn't say. ... Although not a technical reason, many companies that do security vulnerability assessments (such as those from Cisco) count points off if you reveal version numbers. And managers don't like to see points taken off. :) dig @ns1.cisco.com version.bind chaos txt They even turn off the Bind versions. -- /chris/ smime.p7s Description: S/MIME cryptographic signature
