The preauthvchkpw.c module needs to be modified.
The problem is, when a user attempts to authenticate,
if their user name exists on the system then it will
open up relay. However, at that point in the code the
user has not been authenticated. I attempted to fix
this before but became confused on which function
is called from what file. It's a bit obtuse for me. 

an quick hack could be to verify the password at
that point, then open up relay on a valid password.

The real fix would be to trace the fucntions and
open up relay after password verification.

Perhaps someone could figure it out.

Ken Jones

On Thursday 11 September 2003 2:35 pm, Charles Sprickman wrote:
> This is a good FAQ item, for when we have a FAQ.
> Mr. Sam has disabled the imap-before-smtp function in the authvchkpw code.
> I've looked at the courier archives, and there's no explanation from him
> as to what the problem is...  Just lots of questions. :)
> Bill's suggestion might not work, as he "#undef"s the value.  In your
> courier source dir, go into the "authlib" dir and open "preauthvchkpw.c"
> for editing.  Look for a line like this:
> Go ahead and change that "#undef" to "#define" and it will work properly.
> I can't comment on what the security concerns are, because I don't know
> what they are.  It does work however.
> Charles
> On Thu, 11 Sep 2003, ted wrote:
> > I've got a LWQ-style qmail configuration, plus vpopmail 5.3.27 and
> > courier-imap-  I have  roaming users enabled (as well as
> > qmail-ext), and  POP3  before SMTP works perfectly (using  qmail-pop3d).
> >
> > IMAP also seems to work just fine, but it does not update open-smtp. My
> > workaround of creating a separate POP account to POP in without
> > retrieving msgs allows me to send via IMAP, but is obviously not an
> > ideal solution. (I'm using Thunderbird .2).
> >
> > I've installed courier-imap numerous times (with different releases up
> > to 20030902), both with authdaemon enabled as well as disabled. In both
> > cases, the results are the same (meaning that I can read mail but not
> > relay).
> >
> > Perhaps my understanding is wrong, but I was under the impression that
> > since these are virtual domains I'm having trouble with (all my domains
> > are virtual), the fact that I am able to read mail at all under IMAP
> > would indicate that vchkpw is being called from courier-imap. Since
> > qmail-pop3d invokes vchkpw and works, I'm puzzled. I'm afraid I don't
> > know where to look log-wise.
> >
> > thanks for any hints.
> >
> > -ted

Reply via email to