Dave Platt writes:
What I'm now trying to do is to get SMTP AUTH working properly, so I can use the system as a mail relay if I'm "on the road" with my laptop.I'd like to do this with CRAM-MD5 authentication, using a custom password which is used only for this purpose (the firewall system normally does not permit password authentication for access... only SSH keys can be used). I can't figure out how to get this to work. Currently, all user authentication is via the authdaemon. The authdaemonrc started out specifying "authpam" as the sole acceptable module, and this seemed to be good enough to do user-exists/no-user-exists authentication for received mail. I infer, from reading the man pages, that what I probably want to do is to add "authuserdb" to the authdaemon module lists, and create a userdb entry for each user who is to be authorized for SMTP AUTH relaying, and have an "esmtppw" clause in each user's definition which gives the special- purpose relaying password.
Not with CRAM-MD5, which is a different beast altogether. esmtppw will let you do a plain, garden-variety userid/password authentication only.
and restarted everything. I configured Thunderbird to send the username, and it asks me for a password... but it never succeeeds in authenticating. The Courier esmtpd log shows that it received the AUTH CRAM-MD5 command, sent a challenge, received a base64-encoded response, and then simply reported an authentication failure.
You need to use the -hmac-md5 option to userdbpw to generate the MD5 pre-hash, and stuff it into the hmac-md5pw field in userdb. See the example in the userdb man page.
pgphpPSJGzM7Z.pgp
Description: PGP signature
