I posted the message quoted below to the qmail list, and got a reply
(below) from jms1 asking just which patches I have with the qmail port.
Does the SMTP_AUTH_PATCH config option in the freebsd port use jms1's
patches?
I sort of doubt this is a repeat of the "qmailrocks" debacle, but I'd
like to know whether there would be any advantage to building qmail from
source without using the port.
On 2008-04-08, at 1739, Jeff Dickens wrote:
I'm trying to set up an authenticated SMTP server. I have the
freebsd qmail 1.03_6 port, built with the SMTP_AUTH_PATCH config
option.
which means what, exactly? what patches are included in that port?
i ask because some of the variables listed in your "run" script (i.e.
AUTH_CDB, REQUIRE_AUTH, ALLOW_INSECURE_AUTH, FORCE_TLS, DENY_DLS,
etc.) are specific to features which only exist (as far as i know) in
my combined patch.
i've been told that there was an attempt to build a freebsd "port"
with my patch in it, but (1) i didn't write the port; (2) if this
"run" script is part of it, it looks like the people who put the port
together wrote their own scripts instead of using the ones from my web
site; (3) the people who wrote the port didn't tell me that they were
releasing it, or offer me a chance to preview what they were releasing
(does the word "qmailrocks" sound familiar here?) and (4) i don't use
freebsd, so if there is a port out there, i have no way to test it or
provide support for it.
the only things i could suggest would be to contact whoever wrote the
port for assistance, or do the same thing people recommend for debian
linux- build qmail from source, by hand instead of using a package
manager like "ports" or "rpm", so that you KNOW exactly what is and is
not included.
start with http://lifewithqmail.org/ and then, if you need any extra
features which aren't part of netqmail, spend some time reading my
qmail site, as well as the web sites for several of the other "mega-
patches" out there, and figure out which one is going to best meet
your needs. follow the directions for that patch, and if you run into
problems, ask on the mailing lists for those patches (i have a list, i
know bill shupp's "qmail toaster" has a list, and i'm pretty sure the
others do as well.)
- --------------------------------------------------------
| John M. Simpson -- KG4ZOW -- Programmer At Large |
| http://www.jms1.net/ <[EMAIL PROTECTED]> |
- --------------------------------------------------------
| Hope for America -- http://www.ronpaul2008.com/ |
- --------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkf8CjYACgkQEB9RczMG/Pt/bACfbjJlOiW2hFpJrryEF5GCB1GC
tAoAn1j1tyVqd8P0+htuPtNInXh9cHns
=5neJ
-----END PGP SIGNATURE-----
Here's my original message, fyi:
I'm trying to set up an authenticated SMTP server. I have the freebsd
qmail 1.03_6 port, built with the SMTP_AUTH_PATCH config option.
My "run" script looks like this:
#!/bin/sh
# qmail-submit/run
exec 2>&1
CONLIMIT=9
#AUTH_CDB="/var/qmail/auth/auth.cdb"
CHECKPW="/usr/local/bin/checkpassword-pam"
PAM_SERVICE="submit"
LOCAL=`head -1 /var/qmail/control/me`
TRUE=`which true`
AUTH=1
REQUIRE_AUTH=1
ALLOW_INSECURE_AUTH=0
PORT=465
#SSL=1
FORCE_TLS=0
DENY_DNS=0
#
echo "*** Starting qmail-submit..."
exec \
envuidgid qmaild \
softlimit -m 3000000 -f 10000000 \
tcpserver -v -HR \
-U \
-c ${CONLIMIT} \
0 ${PORT} \
/var/qmail/bin/qmail-smtpd ${LOCAL} ${CHECKPW} ${TRUE}
I tried to test it - fear not this test account is not accessible from
the net - SSL is turned off just until I get it working this far:
# perl -MMIME::Base64 -e 'print
encode_base64("\000test\000test")' AHRlc3QAdGVzdA==
# telnet 0 465
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 asdf.asdf.com ESMTP
EHLO test
250-asdf.asdf.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH PLAIN AHRlc3QAdGVzdA==
535 authorization failed (#5.7.0)
I should mention this takes a few seconds to fail.
But, the checkpassword-pam does seem to work, and very quickly indeed.
# echo -e "test\0test\0\timestamp\0" | checkpassword-pam -s submit
--debug --stdout -- /usr/bin/id 3<&0
Reading username and password
Username 'test'
Password read successfully
Initializing PAM library using service name 'submit'
PAM library initialization succeeded
conversation(): msg[0], style PAM_PROMPT_ECHO_OFF, msg = "Password:"
Authentication passed
Account management succeeded
Setting PAM credentials succeeded
PAM session opened
PAM session closed
Terminating PAM library
Executing /usr/bin/id
uid=1005(test) gid=1005(test) groups=1005(test)
#
I created a vanilla /etc/pam.d/submit file:
# grep -v # /etc/pam.d/submit
auth required pam_unix.so no_warn
try_first_pass
I'm just using the local password file, as very few people will be
needing this service, but I want it to be available.
Can anyone see what I'm doing wrong? Thanks much in advance.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"