My home server/firewall is running the Debian test versions of Courier (0.52.2-0.3 courier-mta, 0.58-0.3 courier-authlib). It's running near-perfectly, with lots of DNS blocklist, rcptfilter/smtpfilter, forwarding to and from the home systems inside the firewall, etc.
What I'm now trying to do is to get SMTP AUTH working properly, so I can use the system as a mail relay if I'm "on the road" with my laptop. I'd like to do this with CRAM-MD5 authentication, using a custom password which is used only for this purpose (the firewall system normally does not permit password authentication for access... only SSH keys can be used). I can't figure out how to get this to work. Currently, all user authentication is via the authdaemon. The authdaemonrc started out specifying "authpam" as the sole acceptable module, and this seemed to be good enough to do user-exists/no-user-exists authentication for received mail. I infer, from reading the man pages, that what I probably want to do is to add "authuserdb" to the authdaemon module lists, and create a userdb entry for each user who is to be authorized for SMTP AUTH relaying, and have an "esmtppw" clause in each user's definition which gives the special- purpose relaying password. What I can't figure out, is the precise set of magick incantations to make it all work. I've created a entry in userdb, and run "makeuserdb", and set the authdaemonrc line to read authmodulelist="authuserdb authpam" and restarted everything. I configured Thunderbird to send the username, and it asks me for a password... but it never succeeeds in authenticating. The Courier esmtpd log shows that it received the AUTH CRAM-MD5 command, sent a challenge, received a base64-encoded response, and then simply reported an authentication failure. I've also tried doing it without the userdb, and just use a standard Unix password for this account via authpam. I've set up the /etc/pam.d/esmtpd file as follows: auth required pam_unix.so nullok account required pam_unix.so password required pam_unix.so session required pam_unix.so Debian uses shadow passwords, but I assume that the standard pam_unix.so module handles this transparently. Still can't get it to work. I imagine I'm missing something obvious, but I haven't been able to find it, or to locate a complete howto/cookbook for this sort of setup. A few questions: - Have I phrased the "authmodulelist" line correctly, or does it need to be different? - When I create the userdb file, should I give only the username, or [EMAIL PROTECTED] - Should I enter the password in plaintext, or first run it through a password-encrypting/hashing process? If the latter, which command and what options are appropriate for a CRAM-MD5 authentication? - Is there a better way to do all of this? Thanks for any pointers! ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
