Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 31st July 2011, 17:53
counterpoint counterpoint is offline
Junior Member
 
Join Date: Jan 2010
Posts: 21
Thanks: 1
Thanked 5 Times in 5 Posts
Default Courier and encrypted passwords

My mail server is built largely using "how to" information here, and it is providing POP3 mail serving via Courier. User data is in MySQL and I'm using ViMbAdmin to manage the MySQL data. This works fine for plain text passwords.

But if I change the passwords to being encrypted (ViMbAdmin uses MD5) then the password is rejected. With diagnostics turned up, there is a message in the log, which simply quotes the plain text password submitted by the mail client, and says it does not match the encrypted password (which it quotes) extracted from the database.

The Courier configuration file giving the MySQL information is being modified to contain a reference to encrypted passwords at the same time as the field in the database was changed to encrypted.

Is the wrong encryption being used? Or does Courier need some further configuration?
Reply With Quote
Sponsored Links
  #2  
Old 1st August 2011, 10:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Can you post your /etc/postfix/main.cf and your Courier configuration?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 1st August 2011, 18:12
counterpoint counterpoint is offline
Junior Member
 
Join Date: Jan 2010
Posts: 21
Thanks: 1
Thanked 5 Times in 5 Posts
Default

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 2

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.webhosting-ace.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.webhosting-ace.net, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
maildrop_destination_recipient_limit = 1
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:1003
virtual_gid_maps = static:1003
virtual_mailbox_domains = mysql:/etc/postfix/virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailboxes.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_forwardings.cf
mailbox_command = 
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
Wasn't sure which file you meant by "Courier config". The pop3d.cnf file is:

Code:
RANDFILE = /usr/lib/courier/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=US
ST=NY
L=New York
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=webhosting-ace.net
emailAddress=postmaster@example.com


[ cert_type ]
nsCertType = server
And the authmysqlrc file is:

Code:
MYSQL_SERVER           127.0.0.1
MYSQL_USERNAME         vimbadmin
MYSQL_PASSWORD         ??????????
MYSQL_SOCKET           /var/run/mysqld/mysqld.sock
MYSQL_OPT              0
MYSQL_DATABASE         vimbadmin
MYSQL_USER_TABLE       mailbox
MYSQL_CLEAR_PWFIELD    password
# if you use cleartext passwords - or -
# MYSQL_CRYPT_PWFIELD  password   
# if you use encrypted passwords
MYSQL_UID_FIELD        '1003'
MYSQL_GID_FIELD        '1003'
MYSQL_LOGIN_FIELD      username
MYSQL_HOME_FIELD       '/var/vmail/' as home
MYSQL_NAME_FIELD       name
MYSQL_MAILDIR_FIELD    maildir
MYSQL_QUOTA_FIELD      concat(quota,'S')
MYSQL_WHERE_CLAUSE     active=1
Reply With Quote
  #4  
Old 1st August 2011, 18:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,733
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
Default

Try to comment out the:

MYSQL_CLEAR_PWFIELD password

line and remove the # in front of the line:

MYSQL_CRYPT_PWFIELD password

then restart courier authdaemon.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 1st August 2011, 19:54
counterpoint counterpoint is offline
Junior Member
 
Join Date: Jan 2010
Posts: 21
Thanks: 1
Thanked 5 Times in 5 Posts
Default

Thanks for your suggestion.

I understand that is required to use encrypted passwords. But that is exactly what I did do, at the same time as changing the database table to make the passwords encrypted.

The result was that connection attempts were refused, with the mail log showing an error message quoting the plain text password submitted through the mail client, and showing the encrypted password from the database, along with text telling me that they did not match.

So what I'm trying to find out is whether Courier is expecting the same encryption as used by ViMbAdmin (i.e. MD5) or whether there is a need to specify the encryption used to Courier, or what.

Last edited by counterpoint; 1st August 2011 at 19:57.
Reply With Quote
  #6  
Old 1st August 2011, 20:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,733
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
Default

The default encryption on Linux system is "crypt" and as far as I know, courier expects that passwords are encrypted with crypt. For example ISPConfig is storing the passwords in crypt format in the mysql database and that works fine with courier.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 2nd August 2011, 01:26
counterpoint counterpoint is offline
Junior Member
 
Join Date: Jan 2010
Posts: 21
Thanks: 1
Thanked 5 Times in 5 Posts
Default

Thanks. The code in ViMbAdmin only supports MD5:

PHP Code:
    public function hashPassword$scheme$password )
    {
        switch( 
$scheme )
        {
            case 
'md5':
                
$this['password'] = md5$password );
                break;

            case 
'plain':
                
$this['password'] = $password;
                break;

            default:
                die( 
'Invalid password hash scheme in models/Mailbox.php hashPassword()' );
        }

        return 
$this['password'];
    } 
I can easily modify it, except that the PHP crypt function has a great many variations, and I'm not clear how it should be called to get the desired result. (See http://php.net/crypt).
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Courier IMAP / AES passwords Akilae Server Operation 0 12th August 2008 10:33
Virtual Users And Domains With Postfix, Courier And MySQL (Fedora 8) sparky121167 HOWTO-Related Questions 5 10th July 2008 15:43
Virtual Users And Domains With Postfix, Courier And MySQL.. Authentication Problem stickyplaster HOWTO-Related Questions 17 16th December 2006 15:09


All times are GMT +2. The time now is 12:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.