 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
18 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Getting SMTP AUTH...| From | Sent On | Attachments |
|---|---|---|
| Michelle Konzack | Jan 6, 2006 10:30 am | |
| Michelle Konzack | Feb 21, 2006 10:57 am | |
| Jay Lee | Feb 21, 2006 11:07 am | |
| Sam Varshavchik | Feb 21, 2006 3:30 pm | |
| Gordon Messmer | Feb 21, 2006 4:08 pm | |
| Michelle Konzack | Feb 23, 2006 5:23 am | |
| Michelle Konzack | Feb 23, 2006 5:28 am | |
| Gordon Messmer | Feb 23, 2006 10:58 am | |
| Dave Platt | Feb 23, 2006 4:10 pm | |
| Sam Varshavchik | Feb 23, 2006 4:18 pm | |
| Dave Platt | Feb 23, 2006 4:32 pm | |
| Sam Varshavchik | Feb 23, 2006 5:43 pm | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Michelle Konzack | Feb 24, 2006 8:04 am | |
| Gordon Messmer | Feb 24, 2006 9:16 am | |
| Dave Platt | Feb 24, 2006 3:52 pm | |
| Sam Varshavchik | Feb 24, 2006 5:13 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Getting SMTP AUTH CRAM-MD5 to work with Thunderbird | Actions... |
|---|---|---|
| From: | Dave Platt (dpl...@radagast.org) | |
| Date: | Feb 24, 2006 3:52:38 pm | |
| List: | net.sourceforge.lists.courier-users | |
Make that the userdbpw man page.
Instructions followed, correct field initialized with an hmac-md5 for a password, and AUTH CRAM-MD5 now works perfectly! Mercy buckets!
Next goal: arrange things so that user-specific rcptfilter scripts can detect that mail came from an authorized relay, and return 0 to whitelist the sender. This would go a long way towards easing the "you are not whitelisted" problem for authenticated SMTP clients.
In looking through the source code and documentation, I can't see a good way to allow the rcptfilter script access to the "knowledge" that a message arrived from some sort of authorized or authenticated origin. The AUTH user ID doesn't seem to be passed in.
The only possible route I could see, was one of setting the RELAYCLIENT environment variable, since this *is* passed to the scripts. This variable is settable from the smtpaccess file (for pre-authorized IP addresses), and can be set for connections which AUTH by making use of the (undocumented?) feature which copies the AUTHRELAYCLIENT environment variable to RELAYCLIENT if you successfully AUTHenticate.
Unfortunately, this doesn't work either, for a combination of reasons:
- Simply setting RELAYCLIENT to an empty string doesn't work, because maildrop's "import" statement automatically sets an imported variable to "" if no such environment variable exist. No way to tell the difference from the script, as far as I can tell.
- Setting RELAYCLIENT to a nonempty string in smtpaccess, and setting AUTHRELAYCLIENT to a nonempty string in the esmtpd config file, doesn't work either, due to a side effect I had not expected. It appears that couriersmtpd.c automatically appends the contents of RELAYCLIENT to each recipient address for some reason, even if the address consists of a complete "username@valid.domain". I can't figure out why it's doing this (it's undocumented?) except possibly for compatibility with qmail (which is documented to behave this way, but I can't really figure out why *it* did so!).
I suppose I could work around maildrop's inability to distinguish an absent RELAYCLIENT from a null-string RELAYCLIENT by shelling out (e.g.)
FOO=`printenv | grep RELAYCLIENT`
but that seems a trifle inelegant :-(
Any suggestion as to a better way to let the rcptfilter know that a message came from a user who successfully AUTHenticated?
And, does anybody actually use that feature which causes RELAYCLIENT to be appended to every recipient address?