6 messages in net.sourceforge.lists.courier-users[courier-users] Re: Authenticated ESM...| From | Sent On | Attachments |
|---|---|---|
| Ross Alexander Patterson | Oct 18, 2001 1:11 pm | |
| Sam Varshavchik | Oct 18, 2001 3:51 pm | |
| Ross Alexander Patterson | Oct 18, 2001 4:19 pm | |
| Sam Varshavchik | Oct 18, 2001 4:55 pm | |
| Ross Alexander Patterson | Oct 19, 2001 8:07 am | |
| Sam Varshavchik | Oct 19, 2001 5:40 pm |
| Subject: | [courier-users] Re: Authenticated ESMTP, 2 Questions | |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Oct 19, 2001 5:40:47 pm | |
| List: | net.sourceforge.lists.courier-users | |
Ross Alexander Patterson writes:
./configure --prefix=/usr, among other things. There is no packaging here, compiled and installed from source.
If you don't want to help me because I installed everything in /usr instead of /usr/lib/courier, that's perfectly fine. Indeed, its fine if you don't want to help me because you hate my sig ;)
These kinds of things are not minor, insignificant details. I'd say that half the problems are related in some way to local configuration. So, it is important that you mention these kinds of things.
What about the rest of your configuration?
What I need to figure out is what directory esmtp authentication needs to access that no other authentication needs to access. You can tell me that
The major difference between ESMTP and other kinds of authentication is that with POP3 and IMAP, the incoming connection is first picked up by a root-owned process, and after verifying the uid/pwd combination, the root privs are dropped, and the process continues to run under the authenticated uid/pwd.
With ESMTP, the incoming ESMTP is picked up by a process that runs under courier's uid/gid. If an authentication is received, the authstart wrapper elevates privileges to root, for the purposes of authentication.
Since your home directories do not have global read/execute permissions, this indicates that the temporary elevation of privileges to root fails. The authstart wrapper can only be executed by the courier uid/gid only, it does not have global read/execute permissions.
There are some file systems that have a mount option to ignore the suid bit, so this would be the first thing to check. If this is verified, the final step is to trace the server process (including its child processes), after the incoming connection is established, then manually request authentication.
-- Sam