 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
18 messages in net.sourceforge.lists.courier-users[courier-users] Getting SMTP AUTH CRA...| From | Sent On | Attachments |
|---|---|---|
| Michelle Konzack | Jan 6, 2006 10:30 am | |
| Michelle Konzack | Feb 21, 2006 10:57 am | |
| Jay Lee | Feb 21, 2006 11:07 am | |
| Sam Varshavchik | Feb 21, 2006 3:30 pm | |
| Gordon Messmer | Feb 21, 2006 4:08 pm | |
| Michelle Konzack | Feb 23, 2006 5:23 am | |
| Michelle Konzack | Feb 23, 2006 5:28 am | |
| Gordon Messmer | Feb 23, 2006 10:58 am | |
| Dave Platt | Feb 23, 2006 4:10 pm | |
| Sam Varshavchik | Feb 23, 2006 4:18 pm | |
| Dave Platt | Feb 23, 2006 4:32 pm | |
| Sam Varshavchik | Feb 23, 2006 5:43 pm | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Gordon Messmer | Feb 24, 2006 9:16 am | |
| Dave Platt | Feb 24, 2006 3:52 pm | |
| Sam Varshavchik | Feb 24, 2006 5:13 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [courier-users] Getting SMTP AUTH CRAM-MD5 to work with Thunderbird | Actions... |
|---|---|---|
| From: | Dave Platt (dpl...@radagast.org) | |
| Date: | Feb 23, 2006 4:10:39 pm | |
| List: | net.sourceforge.lists.courier-users | |
My home server/firewall is running the Debian test versions of Courier (0.52.2-0.3 courier-mta, 0.58-0.3 courier-authlib). It's running near-perfectly, with lots of DNS blocklist, rcptfilter/smtpfilter, forwarding to and from the home systems inside the firewall, etc.
What I'm now trying to do is to get SMTP AUTH working properly, so I can use the system as a mail relay if I'm "on the road" with my laptop.
I'd like to do this with CRAM-MD5 authentication, using a custom password which is used only for this purpose (the firewall system normally does not permit password authentication for access... only SSH keys can be used). I can't figure out how to get this to work.
Currently, all user authentication is via the authdaemon. The authdaemonrc started out specifying "authpam" as the sole acceptable module, and this seemed to be good enough to do user-exists/no-user-exists authentication for received mail.
I infer, from reading the man pages, that what I probably want to do is to add "authuserdb" to the authdaemon module lists, and create a userdb entry for each user who is to be authorized for SMTP AUTH relaying, and have an "esmtppw" clause in each user's definition which gives the special- purpose relaying password.
What I can't figure out, is the precise set of magick incantations to make it all work. I've created a entry in userdb, and run "makeuserdb", and set the authdaemonrc line to read
authmodulelist="authuserdb authpam"
and restarted everything. I configured Thunderbird to send the username, and it asks me for a password... but it never succeeeds in authenticating. The Courier esmtpd log shows that it received the AUTH CRAM-MD5 command, sent a challenge, received a base64-encoded response, and then simply reported an authentication failure.
I've also tried doing it without the userdb, and just use a standard Unix password for this account via authpam. I've set up the /etc/pam.d/esmtpd file as follows:
auth required pam_unix.so nullok account required pam_unix.so password required pam_unix.so session required pam_unix.so
Debian uses shadow passwords, but I assume that the standard pam_unix.so module handles this transparently. Still can't get it to work.
I imagine I'm missing something obvious, but I haven't been able to find it, or to locate a complete howto/cookbook for this sort of setup.
A few questions:
- Have I phrased the "authmodulelist" line correctly, or does it need to be different?
- When I create the userdb file, should I give only the username, or username@mydomain?
- Should I enter the password in plaintext, or first run it through a password-encrypting/hashing process? If the latter, which command and what options are appropriate for a CRAM-MD5 authentication?
- Is there a better way to do all of this?
Thanks for any pointers!