> -----Original Message----- > From: Ken Jones [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 11, 2003 12:44 PM > To: [EMAIL PROTECTED] > Subject: Re: [vchkpw] imap before smtp > > > The preauthvchkpw.c module needs to be modified. > The problem is, when a user attempts to authenticate, > if their user name exists on the system then it will > open up relay. However, at that point in the code the > user has not been authenticated. I attempted to fix > this before but became confused on which function > is called from what file. It's a bit obtuse for me. > > an quick hack could be to verify the password at > that point, then open up relay on a valid password. > > The real fix would be to trace the fucntions and > open up relay after password verification. > > Perhaps someone could figure it out. > > Ken Jones > > > On Thursday 11 September 2003 2:35 pm, Charles Sprickman wrote: > > This is a good FAQ item, for when we have a FAQ. > > > > Mr. Sam has disabled the imap-before-smtp function in the > authvchkpw > > code. I've looked at the courier archives, and there's no > explanation > > from him as to what the problem is... Just lots of questions. :) > > > > Bill's suggestion might not work, as he "#undef"s the > value. In your > > courier source dir, go into the "authlib" dir and open > > "preauthvchkpw.c" for editing. Look for a line like this: > > > > #undef HAVE_OPEN_SMTP_RELAY > > > > Go ahead and change that "#undef" to "#define" and it will work > > properly. I can't comment on what the security concerns > are, because I > > don't know what they are. It does work however. > > > > Charles > > > > On Thu, 11 Sep 2003, ted wrote: > > > I've got a LWQ-style qmail configuration, plus vpopmail > 5.3.27 and > > > courier-imap-2.1.1.20030902. I have roaming users > enabled (as well > > > as qmail-ext), and POP3 before SMTP works perfectly (using > > > qmail-pop3d). > > > > > > IMAP also seems to work just fine, but it does not update > open-smtp. > > > My workaround of creating a separate POP account to POP > in without > > > retrieving msgs allows me to send via IMAP, but is > obviously not an > > > ideal solution. (I'm using Thunderbird .2). > > > > > > I've installed courier-imap numerous times (with > different releases > > > up to 20030902), both with authdaemon enabled as well as > disabled. > > > In both cases, the results are the same (meaning that I can read > > > mail but not relay). > > > > > > Perhaps my understanding is wrong, but I was under the impression > > > that since these are virtual domains I'm having trouble > with (all my > > > domains are virtual), the fact that I am able to read mail at all > > > under IMAP would indicate that vchkpw is being called from > > > courier-imap. Since qmail-pop3d invokes vchkpw and works, I'm > > > puzzled. I'm afraid I don't know where to look log-wise. > > > > > > thanks for any hints. > > > > > > -ted
What Ken says is correct. Simply by turning HAVE_OPEN_SMTP_RELAY on will allow IPs to be added to open-smtp REGARDLESS of whether authentication is successful. Here is a patch for preauthvchkpw.c **** use it at your own risk *** works for me. ====================================================================== --- preauthvchkpw.c.orig 2003-10-01 20:24:26.000000000 -0400 +++ preauthvchkpw.c 2003-10-01 20:24:51.000000000 -0400 @@ -27,8 +27,17 @@ static const char rcsid[]="$Id: preauthvchkpw.c,v 1.18 2003/03/12 02:45:55 mrsam Exp $"; -#undef HAVE_OPEN_SMTP_RELAY +#define HAVE_OPEN_SMTP_RELAY /* Disabled, pending fix */ +#ifdef HAVE_OPEN_SMTP_RELAY +struct callback_info { + const char *pass; + char *userret; + int issession; + void (*callback_func)(struct authinfo *, void *); + void *callback_arg; + }; +#endif int auth_vchkpw_pre(const char *userid, const char *service, int (*callback)(struct authinfo *, void *), @@ -71,6 +80,10 @@ free(usercopy); vclose(); +#ifdef HAVE_OPEN_SMTP_RELAY +struct callback_info *i=(struct callback_info *)arg; +#endif + if (!vpw) { errno=notfound; @@ -86,7 +99,9 @@ } else { #ifdef HAVE_OPEN_SMTP_RELAY /* open the relay to pop users */ + if (vpw->pw_passwd != 0 && !authcheckpassword(i->pass, vpw->pw_passwd)) { open_smtp_relay(); + } #endif } } else if ( strcmp("imap", service) == 0 ) { @@ -95,7 +110,9 @@ } else { #ifdef HAVE_OPEN_SMTP_RELAY /* open the relay to imap users */ + if (vpw->pw_passwd != 0 && !authcheckpassword(i->pass, vpw->pw_passwd)) { open_smtp_relay(); +} #endif } } ====================================================== Lu