[Courier-imap] autmysqlrc - service feedback
hello, i have set up courier with a mysql virtual setup, and i want to force some users to use ssl for imap I found a post where someone tried it the same way http://www.webservertalk.com/archive375-2005-9-1185618.html In this post Brian Candler - a real courier guru - gave a good answer, but for me the line in authmysqlrc with service is not working Brian told me that this is an mysql issue, but I figured not out how to solve the problem . Here is the complete file #authmysqlrc BEGIN# MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME mailadmin MYSQL_PASSWORD yomanyo MYSQL_PORT 0 MYSQL_DATABASE mailserver MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD /home/vmail MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') MYSQL_WHERE_CLAUSE userdisabled='0' MYSQL_QUOTA_FIELD quota # AAA not working #MYSQL_AUXOPTIONS_FIELD CONCAT(disableimap=,IF($(service)='imaps',disableimaps,disableimap),,disablepop3=,disablepop3,,disablewebmail=,disablewebmail) # AAB working MYSQL_AUXOPTIONS_FIELD CONCAT(disableimap=,disableimap,,disablepop3=,disablepop3,,disablewebmail=,disablewebmail) #authmysqlrc END# the thing is that mysql gets in the line AAA the - $(service) not as variable (imap or imaps), because i see it in the mysql.log 39 Query SELECT email, password, , 5000, 5000, /home/vmail, CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota , , CONCAT(disableimap=,IF($(service)='imaps',disableimaps,disableimap),,disablepop3=,disablepop3,,disablewebmail=,disablewebmail) FROM users WHERE email = [EMAIL PROTECTED] AND (userdisabled='0') therefore the select AAA fails Marco - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] autmysqlrc - service feedback
Brian Candler [EMAIL PROTECTED] wrote on Wednesday, April 09, 2008 3:27 PM On Sat, Apr 05, 2008 at 12:19:03AM +0200, Marco Kammerer wrote: # AAA not working #MYSQL_AUXOPTIONS_FIELD CONCAT(disableimap=,IF($(service)='imaps',disableimaps,disableimap),,disa blepop3=,disablepop3,,disablewebmail=,disablewebmail) ... the thing is that mysql gets in the line AAA the - $(service) not as variable (imap or imaps), because i see it in the mysql.log According to the documentation in authmysqlrc, $(service) only expands within MYSQL_SELECT_CLAUSE, not MYSQL_AUXOPTIONS_FIELD Since MYSQL_SELECT_CLAUSE is a superset of all the other functionality, you should be able to rewrite your requirements as one big MYSQL_SELECT_CLAUSE instead of using the other individual settings. Thank you very much, Brian Is there also a way to determine which IP Adress the Client has. I have now answer found regarding this question in any howto or manual. I want to get it working, that I can restrict imap access on a accounts basis (via mysql) to ip addresses. Marco - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] autmysqlrc - service feedback
Brian Candler wrote on April 09, 2008 3:27 PM # AAA not working #MYSQL_AUXOPTIONS_FIELD CONCAT(disableimap=,IF($(service)='imaps',disableimaps,disableimap),,disablepop3=,disablepop3,,disablewebmail=,disablewebmail) ... the thing is that mysql gets in the line AAA the - $(service) not as variable (imap or imaps), because i see it in the mysql.log According to the documentation in authmysqlrc, $(service) only expands within MYSQL_SELECT_CLAUSE, not MYSQL_AUXOPTIONS_FIELD Since MYSQL_SELECT_CLAUSE is a superset of all the other functionality, you should be able to rewrite your requirements as one big MYSQL_SELECT_CLAUSE instead of using the other individual settings. thanks it worked out. i changed my config from see below the login via imap and pop is working, but maildrop stopped to work together this is the error message in /var/log/mail.log pr 10 23:24:37 ms1 postfix/pipe[14203]: B77C9CE8147: to=[EMAIL PROTECTED], relay=maildrop, delay=706, delays=706/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Temporary authentication failure. ) I found no way to get maildrop back to work Marco Here is the config from MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME mailadmin MYSQL_PASSWORD yomanyo MYSQL_PORT 0 MYSQL_DATABASE mailserver MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD /home/vmail MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') MYSQL_WHERE_CLAUSE userdisabled='0' MYSQL_QUOTA_FIELD quota MYSQL_AUXOPTIONS_FIELD CONCAT(disableimap=,disableimap,,disablepop3=,disablepop3,,disablewebmail=,disablewebmail) to MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME mailadmin MYSQL_PASSWORD yomanyo MYSQL_PORT 0 MYSQL_DATABASE mailserver MYSQL_SELECT_CLAUSE \ SELECT \ email,\ password,\ ,\ 5000,\ 5000,\ /home/vmail,\ CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'),\ quota,\ ,\ CONCAT(disableimap=,IF($(service)=imaps,disableimaps,disableimap),,disablepop3=,IF($(service)=pop3s,disablepop3s,disablepop3),,disablewebmail=,disablewebmail)\ FROM users \ WHERE email = '$(local_part)@$(domain)' \ AND (userdisabled='0') - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] autmysqlrc - service feedback
Sam wrote: thanks it worked out. i changed my config from see below the login via imap and pop is working, but maildrop stopped to work together this is the error message in /var/log/mail.log pr 10 23:24:37 ms1 postfix/pipe[14203]: B77C9CE8147: to=[EMAIL PROTECTED], relay=maildrop, delay=706, delays=706/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Temporary authentication failure. ) I found no way to get maildrop back to work Which one of the three configuration options, that are described in the note on the first page of maildrop's INSTALL file, did you choose to implement? hm I am not really sure about this question. I downloaded the source an looked into the file. The error only shows up then i switch to the version whree i can use the MYSQL_SELECT_CLAUSE in authmysqlrc The system is debian etch (stable), no manual build was done. I configured maildrop in postfix I added the config files main.cf http://pastebin.ca/984100 master.cf http://pastebin.ca/984101 any hints? Marco - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] Authentication using user id, password client ip address
Hello John, 1) run 2 instances of imapd 2) proxy server http://www.vergenet.net/linux/perdition/ 3) Patching to pass source IP address to courier-authdaemon... There have been patches posted to this list several times in the past which pass the source IP address to courier-authdaemon, and therefore allow the auth module to apply the authorisation policy you require. This may be more acceptable, if you don't mind moving away from the standard courier source tree. If the 3 options I prefer the idea of a patch if I am able to get my head around how to convert an existing patch to allow me to add a source_ip column to my MySQL postfix_users table. I don't expect you to do the digging for me, but if you are able to track it down then I would appreciate a link. I have spent the last hour searching through the mail archives and although I can find another post from you that refers to a patch I can't for the life of me find the previous patches submitted. Any chance of this functionality being incorporated into the official source tree anytime soon? Although only a handful of people may have raised this requirement on this mailing list I can't help but feel it would be useful to many implementations. I appreciate that the information passed to authdaemon is no doubt kept to a mininimum to reduce the risk of introducing security holes, but I do think this would be a useful patch to the official source tree. Whilst I accept that access controls that incorporate IP address rules may be relatively weak and open to spoofing, I do think that the ability to use source IP address in conjunction with userid/password for finer grain access control would be a valuable feature. I would also be happy to be able to use such a feature as described in 3. I have splitted the servers to different hosts to get the things done (is something like version 1 but much less work if you have vmware server running) But how ever courier and postfix are great. Marco - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
