Linode.com Forum

[franco81]

Hi, been trying to install exim-spamassassin-courier imap on a redhat 9.0 (large distribution). Having real trouble with getting courier imap to authenticate users from a databse, the process of installation is below, its kinda long i know, but if anyone has any feedback it would be much appreciated :)

I have tried a lot of things and I'm a newbie :)......

Exim works with spamassassin as a transport in the configuration file. The config file ahs been altered to use a database I set up, it creates the mailboxes correctly in a /var/spool/virtual-mail/ folder and sends email there correctly in the mail_dir format.

Only trouble is retrieving the mail once it is in there. Trying to authenticate using PAM to connect to databse and get the appropriate password/username etc.


Installed Courier-authlib version:

Courier-authlib-0.57-2tr.i586.rpm

Tar –xjvf courier-imap….
Cd courier-imap…
./configure –with-redhat

gmake
gmake install-strip
gmake install-configure

cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 755 /etc/init.d/courier-authlib

changed /usr/local/etc/authlib/authdaemonrc
authmodulelist=”authpam”

(first tried authmysql but this did not work at all, thought I would have to recompile with –DWITH_MYSQL or something, so tried to use PAM to use the databse for authentication)

(Also read somewhere that this file should have the lines
version="authdaemond.mysql"
AUTHDAEMOND="authdaemond.mysql"
But didn’t add these in until later and they are currently commented)

Started authlib
/etc/init.d/courier-authlib start


Installed Courier-Imap version:

Courier-imap-4.0.4.20050820.tar.bz2

Unpacked and configured as a regular user (not root).

Tar –xvjf courier-imap…
Cd courier-imap…

./configure –with-redhat
gmake

Logged in as root to install:

Gmake install-strip
Gmake install-configure

cp courier-imap.sysvinit /etc/init.d/courier-imap
chmod 755 /etc/init.d/courier-imap

started it with:
/etc/init.d/courier-imap start


Edited /usr/local/etc/authlib/authmysqlrc with the relevant details below:

# The server name, userid, and password used to log in.

MYSQL_SERVER localhost
MYSQL_USERNAME [private]
MYSQL_PASSWORD [private]

MYSQL_SOCKET /var/lib/mysql/mysql.sock
Several examples had: /var/run/mysqld/mysqld.sock but I did not have this file – apparently mysql.sock will do

MYSQL_PORT 0 apparently don’t need this, taken care of by mysql.sock file

# Leave MYSQL_OPT as 0, unless you know what you're doing.
MYSQL_OPT 0

MYSQL_DATABASE [private]

MYSQL_USER_TABLE boxauth

MYSQL_CRYPT_PWFIELD boxpwd

# DEFAULT_DOMAIN example.com

MYSQL_UID_FIELD 27

MYSQL_GID_FIELD 27

MYSQL_LOGIN_FIELD boxname

MYSQL_HOME_FIELD '/var/spool/virtual_mail/'


Telnetting into ports 110 and 143 (only configuring IMAP anyways, POP3 is not getting changed, it works at the moment but we will disable later).


Disabled imap service in /etc/xinetd.d/imap to free the port for courier-imap to use.


Configured PAM file:

/etc/pam.d/imap

so that it used the database I had created earlier for authentication:

#%PAM-1.0
auth required pam_mysql.so user= [private] passwd= [private] db= [private] table=boxauth usercolumn=boxname passwdcolumn=boxpwd crypt=1
account required pam_mysql.so user= [private] passwd= [private] db= [private] table=boxauth usercolumn=boxname passwdcolumn=boxpwd crypt=1\

(there seemed to be some blank lines at the end of the file would this matter?)


Had to get the file /lib/security/pam_mysql.so for this to work so:


Installed pam_mysql-0.50-6.i386.rpm:

But this needed the /usr/lib/libmysqlclient.so.14 file or something so:

Installed mysql-shared-4.1.13-3.i586.rpm:

But this had further annoying dependencies and by this stage I was a bit over it so I cut the corner and installed using –nodeps

The whole thing does not seem to work, any help would be sooo much appreciated, thanks.

:D

[Internat]

well.. i havnt worked with exim and spam assisasin but i use courier as my imap/pop client and it autenticates to a mysql db... umm ill paste my config below.. im on debian tho, here goes:

the authdamonrc file contains a few other things but the important part is
authmodulelist="authmysql"

Code:
broken:/etc/courier# cat authmysqlrc
MYSQL_SERVER broken.our-lan.com
MYSQL_USERNAME <removed for obvious reasons>
MYSQL_PASSWORD <removed from obvious reasons>
MYSQL_PORT 0
MYSQL_DATABASE hosting
MYSQL_SELECT_CLAUSE  SELECT mailUsers.email, '' , users.password, "5000", "5000", "/home/hosting/", CONCAT( SUBSTRING_INDEX( users.email, '@' , -1 ) , '/mail/', SUBSTRING_INDEX( users.email, '@', 1 ) , '/' ) , '' , concat( users.fname,' ',users.lname ) , NULL, CONCAT("allowimap=",mailUsers.allowimap,",allowpop3=",mailUsers.allowpop3,",allowwebmail=",mailUsers.allowwebmail) FROM mailUsers, users WHERE mailUsers.email = users.email AND mailUsers.email = '$(local_part)@$(domain)'
DEFAULT_DOMAIN our-lan.com
broken:/etc/courier#


and the bottom thing is my sepcial query to do my stuff, but the default select and stuff one works just as well
my old one without that stuff might help better
Code:
broken:/etc/courier# egrep -v '^$|^#' authmysqlrc.bkp
MYSQL_SERVER            manticore.kodium.net
MYSQL_USERNAME          <removed>
MYSQL_PASSWORD          <removed>
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          mail-service
MYSQL_USER_TABLE        users
MYSQL_CLEAR_PWFIELD     clear
MYSQL_UID_FIELD         5000
MYSQL_GID_FIELD         5000
MYSQL_LOGIN_FIELD       email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD     concat(email,'/')


hope this helps somewhat, but yeah u have to make authdameonrc point to authmysqlrc so that it uses them ysql stuff.. not sure how u configure it for pam tho

cheers
NF

[franco81]

Cheers for taking the time for the reply, I was under the impression that I was supposed to make courier-imap with some sort of mysql condition because it just didn't seem to work, but I will try your way.

cheers.

[Internat]

so my understanding of how courier works is when u connect to the courier imap server, it passes ur username/pass onto the courier-auth system, which does its shitnitz and returns to the courier-imap what it can cant do etc.. ie let u in, give u access to blah etc, so u shouldnt need to compile courier-imap differently, maybe the courier-authdameon so that it uses different methods but yeah, umm have a look at this

http://workaround.org/articles/ispmail-sarge

[franco81]

okay, cool bro, it sounds good that i don't have to re-install courier-imap :) thanks for the link, i'm going to have a look at it.

do you (or anyone out there) know where a log file is or something so that i can see tried and failed attempts for courier, i'd like to be able to see the password entered and the one expected if you know what i mean. so ican test it through a telnet connection or something.

thanks for all your help.

[Internat]

on debian stuff goes to /var/log/daemon.log or /var/log/auth.log cause its a failed auth request

cheers
NF

[franco81]

arrggghh, still not working, i can send email and it gets to the right place, but retrieving it is still giving me grief.

i tried paring down my authmysqlrc file to bare minimums, does it look alright to everyone out there?:


Code: MYSQL_SERVER            localhost
MYSQL_USERNAME          <private>
MYSQL_PASSWORD          <private>
MYSQL_SOCKET           /var/lib/mysql/mysql.sock
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          exim
MYSQL_USER_TABLE        boxauth
MYSQL_CLEAR_PWFIELD     boxpwd
MYSQL_UID_FIELD         27
MYSQL_GID_FIELD         27
MYSQL_LOGIN_FIELD       boxname
MYSQL_HOME_FIELD "/var/spool/virtual_mail"
MYSQL_MAILDIR_FIELD     concat(boxname,'/')


pretty sure there are no extra spaces anywhere and s***. also made sure it is using the correct authmodulelist="authmysql"

i just keep getting 'unable to connect to server' whenever i try from an email program like outlook. I can telnet in on port 143 though, but haven't worked out how to check the mailboxes through this yet.

also, i believe i should have imap disabled in /etc/xinetd.d/, i first tried this by altering the file, but now i have renamed it altogether. so that port is freed from xinetd so that courier0imp can use it - is this correct anybody?

thanks in advance for any input.

[franco81]

one other thing, the failed attempts do not seem to be cropping up in the

/var/log/maillog
/var/log/messages

logs, any redhat users out there know where else to look for this sort of thing?

cheers.

[franco81]

fixed thanks, we had a firewall setting which disallowed connecting on port 143 :oops: