Stephen Gran on 20 Apr 2007 16:27:05 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Debian 4 with Exim+Mailman+MySQL+Courier

On Fri, Apr 20, 2007 at 11:51:04AM -0400, Aaron Crosman said:
> It's been a while since I was active on this list; sorry to start back
> with a question, not an answer.
> I'm working on setting up a mail server, which primarily serves to
> handle mailman lists, but also handles mailing lists from a couple of
> remote databases.  These databases (primarily ebase) need to have an
> SMTP server to send from, and their automatic bounce and unsubscription
> handling requires an email address it can check.  To avoid problems with
> our main server we generally do this all on the same box.
> To prevent myself from having to create actual system users for each of
> the remote databases, I would like to use virtual users in a MySQL
> database.  All the pieces of this have documentation, which I has gotten
> me a long way (exim is happy to handle both mailman lists and inbound
> virtual users), but I can't get Courier to authenticate for the pop
> clients.  When I test the pop3 connection using telnet I get:
> -ERR Temporary problem, please try again later
> And it logs:
> Apr 20 11:19:51 server courierpop3login:
> chdir(/var/vusers_mail/user) failed!!
> Apr 20 11:19:51 server courierpop3login: error: Permission denied
> Apr 20 11:19:51 server courierpop3login: LOGIN FAILED,
>, ip=[::ffff:]
> Apr 20 11:19:51 server courierpop3login: authentication error:
> Permission denied
> It looks like the permissions on the maildirs is wrong, but since all
> the directions I can find for setting the permissions on maildirs assume
> you're setting them up for real users I'm not sure what they are
> supposed to be.  Currently they are all owned by the user that exim runs
> under (Debian-exim).  Should Courier run under the same user?  Or should
> I be setting up a group for both users?  Anyone know which is the
> preferred method?  
> This is all running on Debian 4.0.
> Any ideas or direction would be greatly appreciated.

First, unless you have a strong attachment to Courier for some reason,
I'd suggest giving dovecot a try - its configuration is much more
flexible for these sorts of things.

I think the problem you're running up against is that most imap/pop
servers want to setuid/setgid to the target user who is logging in.
This means that you need to supply the server with some method of
figuring out what uid/gid to change to for the duration of this check.
A quick look at the courier config file for auth mysql says that the
default setup is a table like:

        id                    char(128) DEFAULT '' NOT NULL,
        crypt                 char(128) DEFAULT '' NOT NULL,
        clear                 char(128) DEFAULT '' NOT NULL,
        name                  char(128) DEFAULT '' NOT NULL,
        uid                   int(10) unsigned DEFAULT '65534' NOT NULL,
        gid                   int(10) unsigned DEFAULT '65534' NOT NULL,
        home                  char(255) DEFAULT '' NOT NULL,
        maildir               char(255) DEFAULT '' NOT NULL,
        defaultdelivery       char(255) DEFAULT '' NOT NULL,
        quota                 char(255) DEFAULT '' NOT NULL,
        options               char(255) DEFAULT '' NOT NULL,
        KEY id (id(128))

If you don't want to use the default, you'll need to remap things in
/etc/courier/authmysqlrc.  For exim to know how to deliver the mail,
you'll need to construct a query to get the user information out of sql
for delivery.

Some macro like this will get you your user information:
USER_EXISTS = ${lookup mysql{select * from passwd where id = '${quote_mysql:$local_part}'}{$value}fail}

Which you then use in routers like this:
  debug_print = "R: mysql_lookup for $local_part@$domain"
  driver = redirect
  domains = some.virtual.tld
  address_data = USER_EXISTS
  data =

  debug_print = "R: mysql_user for $local_part@$domain"
  driver = accept
  domains = some.virtual.tld
  condition = ${if match {${extract{id}{$address_data}}}{$local_part} {1}{0}}
  transport = mysql_maildir_home

And a transport like:
  debug_print = "T: mysql_maildir_home for $local_part@$domain"
  driver = appendfile
  directory = ${extract{maildir}{$address_data}}
  user = ${extract{uid}{$address_data}}
  group = ${extract{gid}{$address_data}}
  mode = 0640
  mode_fail_narrower = false

If you want all users to have the same uid and gid (why?) then you'll
just specify static mappings in the exim and courier configs.

|  Stephen Gran                  |     ***   *******  *********  ******    |
|             | Confucious say: "Is stuffy inside       |
| | fortune cookie."   *******     ***      |

Attachment: signature.asc
Description: Digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --