Aaron Crosman on 20 Apr 2007 17:33:56 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] Debian 4 with Exim+Mailman+MySQL+Courier


> -----Original Message-----
> From: plug-bounces@lists.phillylinux.org [mailto:plug-
> bounces@lists.phillylinux.org] On Behalf Of Stephen Gran
> Sent: Friday, April 20, 2007 12:27 PM
> To: plug@lists.phillylinux.org
> Subject: Re: [PLUG] Debian 4 with Exim+Mailman+MySQL+Courier
> 
> On Fri, Apr 20, 2007 at 11:51:04AM -0400, Aaron Crosman said:
> > It's been a while since I was active on this list; sorry to start
> back
> > with a question, not an answer.
> >
> > I'm working on setting up a mail server, which primarily serves to
> > handle mailman lists, but also handles mailing lists from a couple
of
> > remote databases.  These databases (primarily ebase) need to have an
> > SMTP server to send from, and their automatic bounce and
> > unsubscription handling requires an email address it can check.  To
> > avoid problems with our main server we generally do this all on the
> same box.
> >
> > To prevent myself from having to create actual system users for each
> > of the remote databases, I would like to use virtual users in a
MySQL
> > database.  All the pieces of this have documentation, which I has
> > gotten me a long way (exim is happy to handle both mailman lists and
> > inbound virtual users), but I can't get Courier to authenticate for
> > the pop clients.  When I test the pop3 connection using telnet I
get:
> > -ERR Temporary problem, please try again later
> >
> > And it logs:
> > Apr 20 11:19:51 server courierpop3login: user@server.org:
> > chdir(/var/vusers_mail/user) failed!!
> > Apr 20 11:19:51 server courierpop3login: error: Permission denied
Apr
> > 20 11:19:51 server courierpop3login: LOGIN FAILED,
> > user=user@server.org, ip=[::ffff:172.17.201.205] Apr 20 11:19:51
> > server courierpop3login: authentication error:
> > Permission denied
> >
> > It looks like the permissions on the maildirs is wrong, but since
all
> > the directions I can find for setting the permissions on maildirs
> > assume you're setting them up for real users I'm not sure what they
> > are supposed to be.  Currently they are all owned by the user that
> > exim runs under (Debian-exim).  Should Courier run under the same
> > user?  Or should I be setting up a group for both users?  Anyone
know
> > which is the preferred method?
> >
> > This is all running on Debian 4.0.
> > Any ideas or direction would be greatly appreciated.
> 
> First, unless you have a strong attachment to Courier for some reason,
> I'd suggest giving dovecot a try - its configuration is much more
> flexible for these sorts of things.
> 
> I think the problem you're running up against is that most imap/pop
> servers want to setuid/setgid to the target user who is logging in.
> This means that you need to supply the server with some method of
> figuring out what uid/gid to change to for the duration of this check.
> A quick look at the courier config file for auth mysql says that the
> default setup is a table like:
> 
> CREATE TABLE passwd (
>         id                    char(128) DEFAULT '' NOT NULL,
>         crypt                 char(128) DEFAULT '' NOT NULL,
>         clear                 char(128) DEFAULT '' NOT NULL,
>         name                  char(128) DEFAULT '' NOT NULL,
>         uid                   int(10) unsigned DEFAULT '65534' NOT
> NULL,
>         gid                   int(10) unsigned DEFAULT '65534' NOT
> NULL,
>         home                  char(255) DEFAULT '' NOT NULL,
>         maildir               char(255) DEFAULT '' NOT NULL,
>         defaultdelivery       char(255) DEFAULT '' NOT NULL,
>         quota                 char(255) DEFAULT '' NOT NULL,
>         options               char(255) DEFAULT '' NOT NULL,
>         KEY id (id(128))
> );
> 
> If you don't want to use the default, you'll need to remap things in
> /etc/courier/authmysqlrc.  For exim to know how to deliver the mail,
> you'll need to construct a query to get the user information out of
sql
> for delivery.
> 
> Some macro like this will get you your user information:
> USER_EXISTS = ${lookup mysql{select * from passwd where id =
> '${quote_mysql:$local_part}'}{$value}fail}
> 
> Which you then use in routers like this:
> mysql_lookup:
>   debug_print = "R: mysql_lookup for $local_part@$domain"
>   driver = redirect
>   domains = some.virtual.tld
>   address_data = USER_EXISTS
>   data =
> 
> mysql_user:
>   debug_print = "R: mysql_user for $local_part@$domain"
>   driver = accept
>   domains = some.virtual.tld
>   condition = ${if match {${extract{id}{$address_data}}}{$local_part}
> {1}{0}}
>   transport = mysql_maildir_home
>   no_more
> 
> And a transport like:
> mysql_maildir_home:
>   debug_print = "T: mysql_maildir_home for $local_part@$domain"
>   driver = appendfile
>   directory = ${extract{maildir}{$address_data}}
>   delivery_date_add
>   envelope_to_add
>   return_path_add
>   create_directory
>   maildir_format
>   user = ${extract{uid}{$address_data}}
>   group = ${extract{gid}{$address_data}}
>   mode = 0640
>   mode_fail_narrower = false
> 
> If you want all users to have the same uid and gid (why?) then you'll
> just specify static mappings in the exim and courier configs.
> 
> HTH,
> --
>
----------------------------------------------------------------------
> ----
> |  Stephen Gran                  |     ***   *******  *********
******
> |
> |  steve@lobefin.net             | Confucious say: "Is stuffy inside
> |
> |  http://www.lobefin.net/~steve | fortune cookie."   *******     ***
> |
>
----------------------------------------------------------------------
> ----

That is helpful thank you.  I'm not inclined to keep all users with the
same uid, nor sold on Courier (it just what was used on the server I'm
replacing, but I have no particular love for it), but I have been having
trouble sorting out what the right solution is.  Does someone know (or
know where I can find) a suggestion on what to use for uid and gid for
the virtual users?

Thanks
Aaron
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug