| Stephen Gran on 20 Apr 2007 16:27:05 -0000 |
|
On Fri, Apr 20, 2007 at 11:51:04AM -0400, Aaron Crosman said:
> It's been a while since I was active on this list; sorry to start back
> with a question, not an answer.
>
> I'm working on setting up a mail server, which primarily serves to
> handle mailman lists, but also handles mailing lists from a couple of
> remote databases. These databases (primarily ebase) need to have an
> SMTP server to send from, and their automatic bounce and unsubscription
> handling requires an email address it can check. To avoid problems with
> our main server we generally do this all on the same box.
>
> To prevent myself from having to create actual system users for each of
> the remote databases, I would like to use virtual users in a MySQL
> database. All the pieces of this have documentation, which I has gotten
> me a long way (exim is happy to handle both mailman lists and inbound
> virtual users), but I can't get Courier to authenticate for the pop
> clients. When I test the pop3 connection using telnet I get:
> -ERR Temporary problem, please try again later
>
> And it logs:
> Apr 20 11:19:51 server courierpop3login: user@server.org:
> chdir(/var/vusers_mail/user) failed!!
> Apr 20 11:19:51 server courierpop3login: error: Permission denied
> Apr 20 11:19:51 server courierpop3login: LOGIN FAILED,
> user=user@server.org, ip=[::ffff:172.17.201.205]
> Apr 20 11:19:51 server courierpop3login: authentication error:
> Permission denied
>
> It looks like the permissions on the maildirs is wrong, but since all
> the directions I can find for setting the permissions on maildirs assume
> you're setting them up for real users I'm not sure what they are
> supposed to be. Currently they are all owned by the user that exim runs
> under (Debian-exim). Should Courier run under the same user? Or should
> I be setting up a group for both users? Anyone know which is the
> preferred method?
>
> This is all running on Debian 4.0.
> Any ideas or direction would be greatly appreciated.
First, unless you have a strong attachment to Courier for some reason,
I'd suggest giving dovecot a try - its configuration is much more
flexible for these sorts of things.
I think the problem you're running up against is that most imap/pop
servers want to setuid/setgid to the target user who is logging in.
This means that you need to supply the server with some method of
figuring out what uid/gid to change to for the duration of this check.
A quick look at the courier config file for auth mysql says that the
default setup is a table like:
CREATE TABLE passwd (
id char(128) DEFAULT '' NOT NULL,
crypt char(128) DEFAULT '' NOT NULL,
clear char(128) DEFAULT '' NOT NULL,
name char(128) DEFAULT '' NOT NULL,
uid int(10) unsigned DEFAULT '65534' NOT NULL,
gid int(10) unsigned DEFAULT '65534' NOT NULL,
home char(255) DEFAULT '' NOT NULL,
maildir char(255) DEFAULT '' NOT NULL,
defaultdelivery char(255) DEFAULT '' NOT NULL,
quota char(255) DEFAULT '' NOT NULL,
options char(255) DEFAULT '' NOT NULL,
KEY id (id(128))
);
If you don't want to use the default, you'll need to remap things in
/etc/courier/authmysqlrc. For exim to know how to deliver the mail,
you'll need to construct a query to get the user information out of sql
for delivery.
Some macro like this will get you your user information:
USER_EXISTS = ${lookup mysql{select * from passwd where id = '${quote_mysql:$local_part}'}{$value}fail}
Which you then use in routers like this:
mysql_lookup:
debug_print = "R: mysql_lookup for $local_part@$domain"
driver = redirect
domains = some.virtual.tld
address_data = USER_EXISTS
data =
mysql_user:
debug_print = "R: mysql_user for $local_part@$domain"
driver = accept
domains = some.virtual.tld
condition = ${if match {${extract{id}{$address_data}}}{$local_part} {1}{0}}
transport = mysql_maildir_home
no_more
And a transport like:
mysql_maildir_home:
debug_print = "T: mysql_maildir_home for $local_part@$domain"
driver = appendfile
directory = ${extract{maildir}{$address_data}}
delivery_date_add
envelope_to_add
return_path_add
create_directory
maildir_format
user = ${extract{uid}{$address_data}}
group = ${extract{gid}{$address_data}}
mode = 0640
mode_fail_narrower = false
If you want all users to have the same uid and gid (why?) then you'll
just specify static mappings in the exim and courier configs.
HTH,
--
--------------------------------------------------------------------------
| Stephen Gran | *** ******* ********* ****** |
| steve@lobefin.net | Confucious say: "Is stuffy inside |
| http://www.lobefin.net/~steve | fortune cookie." ******* *** |
--------------------------------------------------------------------------
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|