I posted the message quoted below to the qmail list, and got a reply (below) from jms1 asking just which patches I have with the qmail port. Does the SMTP_AUTH_PATCH config option in the freebsd port use jms1's patches? I sort of doubt this is a repeat of the "qmailrocks" debacle, but I'd like to know whether there would be any advantage to building qmail from source without using the port.

On 2008-04-08, at 1739, Jeff Dickens wrote:

I'm trying to set up an authenticated SMTP server. I have the freebsd qmail 1.03_6 port, built with the SMTP_AUTH_PATCH config option.

which means what, exactly? what patches are included in that port?

i ask because some of the variables listed in your "run" script (i.e. AUTH_CDB, REQUIRE_AUTH, ALLOW_INSECURE_AUTH, FORCE_TLS, DENY_DLS, etc.) are specific to features which only exist (as far as i know) in my combined patch.

i've been told that there was an attempt to build a freebsd "port" with my patch in it, but (1) i didn't write the port; (2) if this "run" script is part of it, it looks like the people who put the port together wrote their own scripts instead of using the ones from my web site; (3) the people who wrote the port didn't tell me that they were releasing it, or offer me a chance to preview what they were releasing (does the word "qmailrocks" sound familiar here?) and (4) i don't use freebsd, so if there is a port out there, i have no way to test it or provide support for it.

the only things i could suggest would be to contact whoever wrote the port for assistance, or do the same thing people recommend for debian linux- build qmail from source, by hand instead of using a package manager like "ports" or "rpm", so that you KNOW exactly what is and is not included.

start with http://lifewithqmail.org/ and then, if you need any extra features which aren't part of netqmail, spend some time reading my qmail site, as well as the web sites for several of the other "mega- patches" out there, and figure out which one is going to best meet your needs. follow the directions for that patch, and if you run into problems, ask on the mailing lists for those patches (i have a list, i know bill shupp's "qmail toaster" has a list, and i'm pretty sure the others do as well.)

- --------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <[EMAIL PROTECTED]> |
- --------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
- --------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkf8CjYACgkQEB9RczMG/Pt/bACfbjJlOiW2hFpJrryEF5GCB1GC
tAoAn1j1tyVqd8P0+htuPtNInXh9cHns
=5neJ
-----END PGP SIGNATURE-----

Here's my original message, fyi:



I'm trying to set up an authenticated SMTP server. I have the freebsd qmail 1.03_6 port, built with the SMTP_AUTH_PATCH config option.

My "run" script looks like this:

   #!/bin/sh
   # qmail-submit/run
   exec 2>&1
   CONLIMIT=9
   #AUTH_CDB="/var/qmail/auth/auth.cdb"
   CHECKPW="/usr/local/bin/checkpassword-pam"
   PAM_SERVICE="submit"
   LOCAL=`head -1 /var/qmail/control/me`
   TRUE=`which true`
   AUTH=1
   REQUIRE_AUTH=1
   ALLOW_INSECURE_AUTH=0
   PORT=465
   #SSL=1
   FORCE_TLS=0
   DENY_DNS=0
   #
   echo "*** Starting qmail-submit..."
   exec \
     envuidgid qmaild \
     softlimit -m 3000000 -f 10000000 \
     tcpserver -v -HR \
     -U \
     -c ${CONLIMIT} \
     0 ${PORT} \
     /var/qmail/bin/qmail-smtpd ${LOCAL} ${CHECKPW} ${TRUE}

I tried to test it - fear not this test account is not accessible from the net - SSL is turned off just until I get it working this far:

   # perl -MMIME::Base64 -e 'print
   encode_base64("\000test\000test")'      AHRlc3QAdGVzdA==

   # telnet 0 465

   Trying 0.0.0.0...
   Connected to 0.
   Escape character is '^]'.
   220 asdf.asdf.com ESMTP
   EHLO test
   250-asdf.asdf.com
   250-AUTH LOGIN CRAM-MD5 PLAIN
   250-AUTH=LOGIN CRAM-MD5 PLAIN
   250-PIPELINING
   250 8BITMIME
   AUTH PLAIN AHRlc3QAdGVzdA==
   535 authorization failed (#5.7.0)

I should mention this takes a few seconds to fail.

But, the checkpassword-pam does seem to work, and very quickly indeed.

   # echo -e "test\0test\0\timestamp\0" | checkpassword-pam -s submit
   --debug --stdout -- /usr/bin/id 3<&0
   Reading username and password
   Username 'test'
   Password read successfully
   Initializing PAM library using service name 'submit'
   PAM library initialization succeeded
   conversation(): msg[0], style PAM_PROMPT_ECHO_OFF, msg = "Password:"
   Authentication passed
   Account management succeeded
   Setting PAM credentials succeeded
   PAM session opened
   PAM session closed
   Terminating PAM library
   Executing /usr/bin/id
   uid=1005(test) gid=1005(test) groups=1005(test)
   #

I created a vanilla /etc/pam.d/submit file:

   # grep -v # /etc/pam.d/submit
   auth            required        pam_unix.so             no_warn
   try_first_pass

I'm just using the local password file, as very few people will be needing this service, but I want it to be available.

Can anyone see what I'm doing wrong?    Thanks much in advance.




_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to