netqmail(1.06) smtpd AUTH+TLS Extension

What's this?

This is an extension patch against netqmail-1.06 with SMTP-AUTH and TLS patch applied. This patch introduce ``apoppw schema'', which is the policy that mail password should be maintained by each user by saving them in their own ~/.apop files. Thus, administrators do not have the labor to keep mail password databases up to date. Furtheremore, users can have separate mail password for each extensional mail address supported by qmail/postfix.

Distribution

The apoppw schema

This package gives smtp-auth the same rule as imapext's password manipulation schema.

Mail password for a email address tied to $HOME/.qmail is stored to $HOME/.apop. Mail password for another email address tied to $HOME/.qmail-ext is stored to $HOME/.apop-ext. That is, any mail password for address of `.qmail-ext' is stored to the file name where replace `.qmail' with `.apop'. This password file is generated by invoking `apoppassword' command which comes with cmd5apoppw package listed above.

The mechanism of password comparison is based on http://members.elysium.pl/brush/qmail-smtpd-auth/ and http://members.elysium.pl/brush/cmd5checkpw/.

User Agent Settings

For basic email address `user@primary.domain', email will be delivered to the mailbox specified by ~/.qmail. In this case, mail password should be set with apoppasswd.

apoppasswd
Enter APOP Password:
Again APOP Password:

For extensional email address `user-ext@primary.domain':

apoppasswd -e ext

For virtual domain address `user-ext@virtual.domain', email destination is decided by `/somewhere/vdom/dir/.qmail-ext'. For this case:

cd /somewhere/vdom/dir
apoppasswd -e ext

In Mail User Agent configuration, user name for authentication is as follows.

email addressauth name
user@primary.domainuser
user-ext@primary.domainuser-ext
user-ext@virtual.domainuser-ext@virtual.domain

Unlike the case for POP server, it is not important which login account is accepted. If you have multiple accounts on the server, anyone is good for sending purpose.

Installation procedure

is shortly written in README.auth-ext.

You also want to set up imapext as POP3 server.

.. Japanese text below;

何するものぞ

http://members.elysium.pl/brush/qmail-smtpd-auth/ と http://members.elysium.pl/brush/cmd5checkpw/ による SMTP-AUTH を ベースに 「UW-IMAPDてんこもり拡張パック」 (以下imapext)と同様のパスワード 管理方式を利用するようにしたものです。つまり、

さらに、users/assign にも厳密に対応しています。もし、

foo@vdom.example.com というアドレスが /dokoka/sokoka/.qmail-foo

というdot-qmailファイルに配送されるのであれば、このアカウント (foo@vdom.example.com)用のパスワードファイルは /dokoka/sokoka/.apop-foo となります。virtualdomainsと users/assign を組み合わせて単一UIDでの複数のメイルアカウントを 使い分けている場合にも有効です。

このパッチによる qmail-smtpd は http://www.gentei.org/~yuuji/software/qmail-smtpd-auth-ext/ にある cmd5apoppw と組み合わせて使うことを想定しています。 cmd5apoppwも同時にインストールして下さい。

これでqmailの拡張アドレス、virtualdomainを使いまくっても、 TLS/APOPとSMTP-AUTHで正しく認証できます。やったー。


22073
yuuji@example.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]