Re: [vchkpw] imap before smtp

[ted]

Charles, Bill, Ken, thanks for the quick responses. Indeed Bill's 
suggestion doesn't do the trick for my configuration. Charles, I'd make 
your suggested change, but am concerned about Ken's further input on the 
topic. I don't suppose an older version of Courier-IMAP is the answer?

-ted

Ken Jones wrote:

The preauthvchkpw.c module needs to be modified.
The problem is, when a user attempts to authenticate,
if their user name exists on the system then it will
open up relay. However, at that point in the code the
user has not been authenticated. I attempted to fix
this before but became confused on which function
is called from what file. It's a bit obtuse for me. 

an quick hack could be to verify the password at
that point, then open up relay on a valid password.
The real fix would be to trace the fucntions and
open up relay after password verification.
Perhaps someone could figure it out.

Ken Jones

On Thursday 11 September 2003 2:35 pm, Charles Sprickman wrote:
 

This is a good FAQ item, for when we have a FAQ.

Mr. Sam has disabled the imap-before-smtp function in the authvchkpw code.
I've looked at the courier archives, and there's no explanation from him
as to what the problem is...  Just lots of questions. :)
Bill's suggestion might not work, as he "#undef"s the value.  In your
courier source dir, go into the "authlib" dir and open "preauthvchkpw.c"
for editing.  Look for a line like this:
#undef HAVE_OPEN_SMTP_RELAY

Go ahead and change that "#undef" to "#define" and it will work properly.
I can't comment on what the security concerns are, because I don't know
what they are.  It does work however.
Charles

On Thu, 11 Sep 2003, ted wrote:
   

I've got a LWQ-style qmail configuration, plus vpopmail 5.3.27 and
courier-imap-2.1.1.20030902.  I have  roaming users enabled (as well as
qmail-ext), and  POP3  before SMTP works perfectly (using  qmail-pop3d).
IMAP also seems to work just fine, but it does not update open-smtp. My
workaround of creating a separate POP account to POP in without
retrieving msgs allows me to send via IMAP, but is obviously not an
ideal solution. (I'm using Thunderbird .2).
I've installed courier-imap numerous times (with different releases up
to 20030902), both with authdaemon enabled as well as disabled. In both
cases, the results are the same (meaning that I can read mail but not
relay).
Perhaps my understanding is wrong, but I was under the impression that
since these are virtual domains I'm having trouble with (all my domains
are virtual), the fact that I am able to read mail at all under IMAP
would indicate that vchkpw is being called from courier-imap. Since
qmail-pop3d invokes vchkpw and works, I'm puzzled. I'm afraid I don't
know where to look log-wise.
thanks for any hints.

-ted