Re: Alternate authentication source in OpenSMTPd
I forgot to add that I also check this one out from the man page too. If the method of delivery is local, a user database may be specified to override the system database: [userbase table] Look up users in the table table instead of performing system lookups using the getpwnam(3) function. If that's the way to do so, any example for it's proper use? But unless I don't understand it right, that's for users instead of the password file on the system may be for virtual mailbox and all. I am not sure I understand it's use as there is already virtual and users alias and all available. Or may be it's use is for limited mailbox oppose to for every users in the password file? Best, Daniel On 9/25/13 4:15 AM, Daniel Ouellet wrote: Hi, Is this still true from the man himself: What is not yet possible is to use alternate authentication sources. http://marc.info/?l=openbsd-miscm=129230912814295w=2 I try any and every way I could think of without success. I thought that may be there was a way to do so using some kind of variation of this from the man page: accept from any for any relay via smtps+auth://label@localhost auth secrets and use the makemap to add users in it, but if there is a way, I can't figure it out for the love of me and if it is actually available, I would very much appreciate a clue stick! So, is this correct to assume the option to do so is still not available yet? Not a huge deal, I just would like to know so that I stop beating myself trying to get it to work. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Alternate authentication source in OpenSMTPd
On Wed, Sep 25, 2013 at 04:15:01AM -0400, Daniel Ouellet wrote: Hi, Hi, Is this still true from the man himself: What is not yet possible is to use alternate authentication sources. http://marc.info/?l=openbsd-miscm=129230912814295w=2 It's officially still true, unofficially you can do it on recent versions by declaring a table (i'll use a static table for the example but you can use a file, db, sqlite or ldap one): $ encrypt mypassword $2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S $ smtpd.conf: table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S } listen on [...] auth mycreds and now, user 'gilles' can authenticate with password 'mypassword' The feature has now stabilized, documented and will be officially supported in the next stable release we do shortly after OpenBSD 5.4 I try any and every way I could think of without success. I thought that may be there was a way to do so using some kind of variation of this from the man page: accept from any for any relay via smtps+auth://label@localhost auth secrets You won't have success with that because relaying auth and incoming auth are completely unrelated, you're only adding one indirection to the same issue. However you successfully turned your setup into an open relay with: from any for any So, is this correct to assume the option to do so is still not available yet? Not a huge deal, I just would like to know so that I stop beating myself trying to get it to work. summary: For OpenSMTPD versions earlier than 5.3.3, it's correct to assume that. For OpenSMTPD 5.3.3, it's a hidden feature that does work. For next stable OpenSMTPD release, it'll no longer be hidden ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Alternate authentication source in OpenSMTPd
On 2013-09-25 Wed 11:39 AM |, Gilles Chehade wrote: It's officially still true, unofficially you can do it on recent versions by declaring a table (i'll use a static table for the example but you can use a file, db, sqlite or ldap one): $ encrypt mypassword $2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S $ smtpd.conf: table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S } listen on [...] auth mycreds and now, user 'gilles' can authenticate with password 'mypassword' Is this possible without TLS/SSL Gilles? i.e; via CRAM-MD5 or DIGEST-MD5 Such as: $ telnet localhost submission Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 teak.britvault.co.uk ESMTP Postfix ehlo localhost 250-teak.britvault.co.uk 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-AUTH CRAM-MD5 250-XVERP 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Regards, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: Alternate authentication source in OpenSMTPd
On Wed, Sep 25, 2013 at 01:03:45PM +0100, Craig R. Skinner wrote: On 2013-09-25 Wed 11:39 AM |, Gilles Chehade wrote: It's officially still true, unofficially you can do it on recent versions by declaring a table (i'll use a static table for the example but you can use a file, db, sqlite or ldap one): $ encrypt mypassword $2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S $ smtpd.conf: table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S } listen on [...] auth mycreds and now, user 'gilles' can authenticate with password 'mypassword' Is this possible without TLS/SSL Gilles? i.e; via CRAM-MD5 or DIGEST-MD5 nope, we only support AUTH PLAIN over a SSL/TLS connection at the moment and unless someone writes it or I suddenly really need it, there is very little chance that it's going to be implemented soon. it's not part of any contributor's todo afaik -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Alternate authentication source in OpenSMTPd
Thanks Gilles! I will test, but I sure can also wait for the 5.4 to be out as it is just around the corner anyway! Many thanks for the wonderful work! Daniel On 9/25/13 5:39 AM, Gilles Chehade wrote: On Wed, Sep 25, 2013 at 04:15:01AM -0400, Daniel Ouellet wrote: Hi, Hi, Is this still true from the man himself: What is not yet possible is to use alternate authentication sources. http://marc.info/?l=openbsd-miscm=129230912814295w=2 It's officially still true, unofficially you can do it on recent versions by declaring a table (i'll use a static table for the example but you can use a file, db, sqlite or ldap one): $ encrypt mypassword $2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S $ smtpd.conf: table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S } listen on [...] auth mycreds and now, user 'gilles' can authenticate with password 'mypassword' The feature has now stabilized, documented and will be officially supported in the next stable release we do shortly after OpenBSD 5.4 I try any and every way I could think of without success. I thought that may be there was a way to do so using some kind of variation of this from the man page: accept from any for any relay via smtps+auth://label@localhost auth secrets You won't have success with that because relaying auth and incoming auth are completely unrelated, you're only adding one indirection to the same issue. However you successfully turned your setup into an open relay with: from any for any So, is this correct to assume the option to do so is still not available yet? Not a huge deal, I just would like to know so that I stop beating myself trying to get it to work. summary: For OpenSMTPD versions earlier than 5.3.3, it's correct to assume that. For OpenSMTPD 5.3.3, it's a hidden feature that does work. For next stable OpenSMTPD release, it'll no longer be hidden ;-) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]