Comments on Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)
Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
10 Comment(s)
Comments
Hi,
I don't understand, why you use the smtp-PAM-Module?!
By the way: In Debian Etch you have to activate DCC in /etc/spamassassin/v310.pre
Regards,
Hypz
VERY nice howto. It worked like a dream.
And setting up Squirrelmail for this was a breeze too.
I encountered some problems while I followed the guide though, which I have listed in my blog @ Ronin's blog[^].
One was a bug I encountered within Courier-Saslauthdaemon, and 2 were some banal problems with Squirrelmail. But I managed to solve them with some googling around ^^
Dec 16 12:43:19 linuxdeb authdaemond: modules="authmyslq", daemons=5
Dec 16 12:43:19 linuxdeb authdaemond: Installing libauthmyslq
Dec 16 12:43:19 linuxdeb authdaemond: libauthmyslq.so: cannot open shared object file: No such file or directory
Dec 16 12:43:46 linuxdeb courierpop3login: Connection, ip=[::ffff:127.0.0.1]
Dec 16 12:43:54 linuxdeb courierpop3login: LOGIN FAILED, user=juan, ip=[::ffff:127.0.0.1]
Dec 16 12:44:03 linuxdeb courierpop3login: LOGOUT, ip=[::ffff:127.0.0.1]
Dec 16 12:44:03 linuxdeb courierpop3login: Disconnected, ip=[::ffff:127.0.0.1]
~
This setup seems to be extremely insecure.
Mysql function encrypt () encrypts (on some systems, e.g. my Debian Etch) only first eight characters of a string, making hacking of a mailbox extremely easy. For example, passwords
12345678LHKuhlhKJgkZgHklu
and
12345678
both allow the user to log in (think about people who use password5468d - AOL had similar problem recently).
To fix the security problem I mentioned above, you may possibly use other cyphers, I found this text:
User question/comment: I thought MYSQL_CRYPT_PWFIELD only handles the ENCRYPT() function in stead of MD5() (see postfix-mysql setup). Correct me when I'm wrong
User question/comment: MYSQL_CRYPT_PWFIELD only specifies the name of database field,
it has nothing to do with crypt format. authlib
can automatically detect several different formats of password hash, please refer to cryptpassword.c
inside courier authlib source code for more info. Basically it checks if the first
few characters of password hash is:
- "$1$": password is MD5 format password used by all Linux systems.
- "{MD5}": this is followed by standard MD5 hash of password phrase.
- "{SHA}": this is followed by standard SHA hash of password phrase.
- "{SHA256}": this is followed by standard SHA256 hash of password phrase.
- "{CRYPT}": this is followed by standard DES crypt() hash of password phrase.
Source:
http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL
Hi
To fix this problem, just use md5-crypt passwords (as used in /etc/shadow files, starting with $1$) for your mailboxes.
This should work. If it doesn't, append "md5=true" on both lines in /etc/pam.d/smtp.
apt-get source postfix did not work for me.
Replaced by 'apt-src install postfix'.
I finished installing mail server with virtual users with centos dovecot and roundcube. Everything is working fine.
I want to restrict users from sending email to different sub domains. How to achieve it. User can send email to same sub domain but not other sub domains.
means abc.domain.com users can send email to abc.domain.com only
I finished installing mail server with virtual users with centos dovecot and roundcube. Everything is working fine.
I want to restrict users from sending email to different sub domains. How to achieve it. User can send email to same sub domain but not other sub domains.
means abc.domain.com users can send email to abc.domain.com only
Is header check rules can be applied on if sender domain is NOT equal to recipient name then REJECT email
is it possible to write header check like \n if (wild_card) sender_domain != receipient_domain REJECT email
/^From:[[:space:]]+(.*)/ REPLACE From: ">${1}<" /^To