> -----Original Message-----
> From: Ken Jones [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 11, 2003 12:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [vchkpw] imap before smtp
>
>
> The preauthvchkpw.c module needs to be modified.
> The problem is, when a user attempts to authenticate,
> if their user name exists on the system then it will
> open up relay. However, at that point in the code the
> user has not been authenticated. I attempted to fix
> this before but became confused on which function
> is called from what file. It's a bit obtuse for me.
>
> an quick hack could be to verify the password at
> that point, then open up relay on a valid password.
>
> The real fix would be to trace the fucntions and
> open up relay after password verification.
>
> Perhaps someone could figure it out.
>
> Ken Jones
>
>
> On Thursday 11 September 2003 2:35 pm, Charles Sprickman wrote:
> > This is a good FAQ item, for when we have a FAQ.
> >
> > Mr. Sam has disabled the imap-before-smtp function in the
> authvchkpw
> > code. I've looked at the courier archives, and there's no
> explanation
> > from him as to what the problem is... Just lots of questions. :)
> >
> > Bill's suggestion might not work, as he "#undef"s the
> value. In your
> > courier source dir, go into the "authlib" dir and open
> > "preauthvchkpw.c" for editing. Look for a line like this:
> >
> > #undef HAVE_OPEN_SMTP_RELAY
> >
> > Go ahead and change that "#undef" to "#define" and it will work
> > properly. I can't comment on what the security concerns
> are, because I
> > don't know what they are. It does work however.
> >
> > Charles
> >
> > On Thu, 11 Sep 2003, ted wrote:
> > > I've got a LWQ-style qmail configuration, plus vpopmail
> 5.3.27 and
> > > courier-imap-2.1.1.20030902. I have roaming users
> enabled (as well
> > > as qmail-ext), and POP3 before SMTP works perfectly (using
> > > qmail-pop3d).
> > >
> > > IMAP also seems to work just fine, but it does not update
> open-smtp.
> > > My workaround of creating a separate POP account to POP
> in without
> > > retrieving msgs allows me to send via IMAP, but is
> obviously not an
> > > ideal solution. (I'm using Thunderbird .2).
> > >
> > > I've installed courier-imap numerous times (with
> different releases
> > > up to 20030902), both with authdaemon enabled as well as
> disabled.
> > > In both cases, the results are the same (meaning that I can read
> > > mail but not relay).
> > >
> > > Perhaps my understanding is wrong, but I was under the impression
> > > that since these are virtual domains I'm having trouble
> with (all my
> > > domains are virtual), the fact that I am able to read mail at all
> > > under IMAP would indicate that vchkpw is being called from
> > > courier-imap. Since qmail-pop3d invokes vchkpw and works, I'm
> > > puzzled. I'm afraid I don't know where to look log-wise.
> > >
> > > thanks for any hints.
> > >
> > > -ted
What Ken says is correct. Simply by turning HAVE_OPEN_SMTP_RELAY on will
allow IPs to be added to open-smtp REGARDLESS of whether authentication is
successful.
Here is a patch for preauthvchkpw.c
**** use it at your own risk ***
works for me.
======================================================================
--- preauthvchkpw.c.orig 2003-10-01 20:24:26.000000000 -0400
+++ preauthvchkpw.c 2003-10-01 20:24:51.000000000 -0400
@@ -27,8 +27,17 @@
static const char rcsid[]="$Id: preauthvchkpw.c,v 1.18 2003/03/12 02:45:55
mrsam Exp $";
-#undef HAVE_OPEN_SMTP_RELAY
+#define HAVE_OPEN_SMTP_RELAY
/* Disabled, pending fix */
+#ifdef HAVE_OPEN_SMTP_RELAY
+struct callback_info {
+ const char *pass;
+ char *userret;
+ int issession;
+ void (*callback_func)(struct authinfo *, void *);
+ void *callback_arg;
+ };
+#endif
int auth_vchkpw_pre(const char *userid, const char *service,
int (*callback)(struct authinfo *, void *),
@@ -71,6 +80,10 @@
free(usercopy);
vclose();
+#ifdef HAVE_OPEN_SMTP_RELAY
+struct callback_info *i=(struct callback_info *)arg;
+#endif
+
if (!vpw)
{
errno=notfound;
@@ -86,7 +99,9 @@
} else {
#ifdef HAVE_OPEN_SMTP_RELAY
/* open the relay to pop users */
+ if (vpw->pw_passwd != 0 &&
!authcheckpassword(i->pass, vpw->pw_passwd)) {
open_smtp_relay();
+ }
#endif
}
} else if ( strcmp("imap", service) == 0 ) {
@@ -95,7 +110,9 @@
} else {
#ifdef HAVE_OPEN_SMTP_RELAY
/* open the relay to imap users */
+ if (vpw->pw_passwd != 0 &&
!authcheckpassword(i->pass, vpw->pw_passwd)) {
open_smtp_relay();
+}
#endif
}
}
======================================================
Lu
