[Cialug] Help configuring Qmail with checkpassword for SMTP auth

Claus cialug@cialug.org
Tue, 22 Feb 2005 09:57:47 -0600 

Hello,

I asked this question a couple days ago on the AmesFUG list but didn't 
get any responce.  Maybe I have more luck here as I obviously still 
haven't solved the problem.  Let me know if more info is needed.

   Claus


> I'm installing a new email server and so far have done the following:
> 
> Downloaded and installed netqmail as described in LifeWithQmail and added
> the netqmail-1.05-tls-smtpauth-20041111.patch from
> http://shupp.org/smtp-auth-tls.
> 
> Sending through the SMTP server works in plain and in TLS mode.  Now I'm
> trying to add checkpassword from http://cr.yp.to/checkpwd.html to enable
> authentication for SMTP.  The install and the following test worked without
> a flaw:
> 
> # /var/qmail/bin/qmail-popup blah /bin/checkpassword pwd
> +OK <... at blah>
> user Frodo
> +OK
> pass Friend
> 
> The problem is to integrate the checkpassword with qmail-smtpd.  I modified
> the /service/qmail-smtpd/run file to the following but still don't have any
> success logging in.  I get asked for the password but the authentication
> seems to fail.
> 
> #!/bin/sh
> 
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> LOCAL=`head -1 /var/qmail/control/me`
> 
> if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ];
> then
>     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
>     echo /var/qmail/supervise/qmail-smtpd/run
>     exit 1
> fi
> 
> if [ ! -f /var/qmail/control/rcpthosts ]; then
>     echo "No /var/qmail/control/rcpthosts!"
>     echo "Refusing to start SMTP listener because it'll create an open
> relay"
>     exit 1
> fi
> 
> exec /usr/local/bin/softlimit -m 2000000 \
>     /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
> "$MAXSMTPD" \
>         -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd
> "$LOCAL" /bin/checkpassword /usr/bin/true 2>&1
> 
> My guess is that somehow this startup script is incorrect but I really don't
> have a clue as I haven't found any useful messages/logs/google-postings and
> I'm looking at it for a full day now.  
> 
> Anybody got something like this working or has a clue what could be wrong?
> 
>   Claus