exim courier authuserdb
Greetings,
I am writing this to work through the problem I was _previously_
having with configuring exim+virtual-systemless-accounts+courier-*.
It should not take much work to get this working with Mysql in the
future.
My requirements were basically Maildir support with virtualhosting
capability. I wanted to use Exim because it seems actively developed,
and is natively packaged under Debian. Courier POP/IMAP seemed the
best implementation (others were too immature, or lacked either Maildir
or virthosts without un-audited patches).
I'm running woody with these relevant packages:
ii exim 3.34-1
ii courier-authda 0.37.3-2
ii courier-base 0.37.3-2
ii courier-doc 0.37.3-2
ii courier-imap 1.4.3-2
ii courier-pop 1.4.3-2
I have a working installation of Exim, which delivers using Maildir
format to '/home/virtualmail/${domain}/${local_part}/Maildir/'.
Here is what I have tried so far in accordance with the docs for
courier-imap:
# userdb hank@knah.marinar.com set \
> home=/home/virtualmail/knah.marinar.com/hank/Maildir \
> mail=/home/virtualmail/knah.marinar.com/hank/Maildir uid=8 gid=8
# userdbpw -md5 | userdb hank@knah.marinar.com set systempw
# makeuserdb
Unless I'm reading this wrong, according to
<http://www.courier-mta.org/FAQ.html#authlib>, I cannot use PAM and
still take advantage of system-less home directories:
NOTE: PAM is only used for authenticating password. The authpam
module still uses the pwd.h and group.h library to find the
home directory and mailbox.
So instead of configuring authdaemon to use PAM, I ask it nicely to
use authuserdb:
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond.
# The default list is installed. You may selectively disable
# modules simply by removing them from the following list.
# The available modules you can use are: authcustom authcram
# authuserdb authldap authmysql authpam
# authmodulelist="authpam"
authmodulelist="authuserdb"
I then make sure everything has been restarted:
# ps ax | grep courier
/usr/lib/courier/authlib/authdaemond.plain start
/usr/lib/courier/authlib/authdaemond.plain start
/usr/lib/courier/authlib/authdaemond.plain start
/usr/lib/courier/authlib/authdaemond.plain start
/usr/lib/courier/authlib/authdaemond.plain start
/usr/lib/courier/authlib/authdaemond.plain start
/usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -pid=/var/run/courier/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/lib/courier/authlib/authdaemon /usr/bin/imapd Maildir
/usr/sbin/courierlogger imaplogin
Here is the fetchmail info:
# cat ~/.fetchmailrc
poll knah.marinar.com proto imap user "hank@knah.marinar.com" pass "p" is ahank here
# fetchmail -v -c
fetchmail: 5.9.11 querying knah.marinar.com (protocol IMAP) at Thu Jun
6 02:49:54 2002: poll started
fetchmail: IMAP< * OK Courier-IMAP ready. Copyright 1998-2002 Double
Precision,
Inc. See COPYING for distribution information.
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT
fetchmail: IMAP< A0001 OK CAPABILITY completed
fetchmail: IMAP> A0002 LOGIN "hank@knah.marinar.com" "*"
fetchmail: IMAP< A0002 OK LOGIN Ok.
fetchmail: IMAP> A0003 EXAMINE "INBOX"
fetchmail: IMAP< * FLAGS (\Draft \Answered \Flagged \Deleted \Seen
\Recent)
fetchmail: IMAP< * OK [PERMANENTFLAGS ()] No permanent flags permitted
fetchmail: IMAP< * 4 EXISTS
fetchmail: IMAP< * 4 RECENT
fetchmail: IMAP< * OK [UIDVALIDITY 1023346194] Ok
fetchmail: IMAP< A0003 OK [READ-ONLY] Ok
fetchmail: IMAP> A0004 SEARCH UNSEEN
fetchmail: IMAP< * SEARCH 1 2 3 4
fetchmail: IMAP< A0004 OK SEARCH done.
4 messages for hank@knah.marinar.com at knah.marinar.com.
fetchmail: IMAP> A0005 LOGOUT
fetchmail: IMAP< * BYE Courier-IMAP server shutting down
fetchmail: IMAP< A0005 OK LOGOUT completed
fetchmail: 5.9.11 querying knah.marinar.com (protocol IMAP) at Thu Jun
6 02:49:54 2002: poll completed
fetchmail: normal termination, status 0
# tail -f /var/log/syslog
Jun 6 02:50:26 hank imaplogin: Connection, ip=[::ffff:209.176.88.254]
Jun 6 02:50:26 hank imaplogin: LOGIN, user=hank@knah.marinar.com,
ip=[::ffff:209.176.88.254]
Jun 6 02:50:26 hank imaplogin: LOGOUT, user=hank@knah.marinar.com,
ip=[::ffff:209.176.88.254], headers=0, body=0
Works beautifully (IMAP is 2 seconds faster). The trick for me was the
'NOTE' about not using PAM. I thought I would be able to slip in this
to get the PAM working before:
auth required pam_userdb.so nullok
account required pam_userdb.so
password required pam_userdb.so md5
session required pam_userdb.so
However, I only get a very non-descriptive error message saying
authentication failed when I use authpam in authdaemonrc. I like the
idea of still using PAM, and am confused by the desclaimer described
above, so if anyone knows any better please let me know.
I hope this information is of aid to someone of similar configuration
requirement.
thanks for listening,
hank
--
Adam Henry <hank@marinar.com> | Phn: 440.354.1458x24
Marinar Communications Group | Mob: 439.742.0011
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: