Hey,
I thought I'd give a heads up on how I solved it. Let me first
describe a problem again in a couple of short words.
It was necessary to use passwords from dbmail mysql database to
authenticate users for SMTP. Since it was undesirable to create new
passwords for all 200+ users, and the previous mail system was keeping
passwords in shadow file, the shadow file password format had to be
accepted.
Configuring authenticators, it was clear that exim's md5 function
returns 16 character md5 sum, just as php returns it when using md5
etc. (or, as dbmail documentation calls it, md5-digest, which to me
doesn't sound correct). However, passwords imported from shadow file
has another md5 format, in dbmail documentation called md5-hash.
Now, the solution was to use saslauthd with rimap authentication
mechanism. Here's the config I used on FreeBSD.
1) in /etc/rc.conf
saslauthd_enable="YES"
saslauthd_flags="-a rimap -O localhost"
2) following authenticators
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
3) Launch saslauthd
/usr/local/etc/rc.d/saslauthd start
4) Restart exim
/usr/local/etc/rc.d/exim restart
So, hopefully this will save somebody couple of hours of head
scratching.
Best regards,
Matiss
Quoting Matiss : Hey all!
I have a question about exim+dbmail, and more specifically, about
exim MD5 function.
Now, my problem is that exim md5 returns md5-digest, right?
(example:
b59c67bf196a4758191e42f76670ceba) And, if I store the password in
md5-hash (which happens if I pull it from shadow file, example:
$1$5yTU7x61$W5QYRVZN6HVcuJFuB/WEi.) , it doesn't authenticate
against
it, of course.
The question is - can I somehow make exim read this md5-hash and
authenticate against it? Because I'd really hate to change
passwords
for all users (200+), and it happens so that now all of my users
have
their mail passwords in shadow file.
Here's my authenticators just in case
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup mysql{SELECT user_idnr FROM
dbmail_users
WHERE userid = '${quote_mysql:$2}' AND passwd =
'${md5:${quote_mysql:$3}}'}{1}fail}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{SELECT user_idnr FROM
dbmail_users
WHERE userid = '${quote_mysql:$1}' AND passwd =
'${md5:${quote_mysql:$2}}'}{1}fail}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
-- Tavs bezmaksas pasts Inbox.lv
Links:
------
[1] mailto:[email protected]
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
