netqmail(1.06) smtpd AUTH+TLS Extension

What's this?

This is an extension patch against netqmail-1.06 with SMTP-AUTH and TLS patch applied. This patch introduce ``apoppw schema'', which is the policy that mail password should be maintained by each user by saving them in their own ~/.apop files. Thus, administrators do not have the labor to keep mail password databases up to date. Furtheremore, users can have separate mail password for each extensional mail address supported by qmail/postfix.

Distribution

The apoppw schema

This package gives smtp-auth the same rule as imapext's password manipulation schema.

Support auth account name `user-ext'
Support auth account name for virtualdomain addresses
Allow non-privileged users to set their own mail password
POP password is independent from system password for security

Mail password for a email address tied to $HOME/.qmail is stored to $HOME/.apop. Mail password for another email address tied to $HOME/.qmail-ext is stored to $HOME/.apop-ext. That is, any mail password for address of `.qmail-ext' is stored to the file name where replace `.qmail' with `.apop'. This password file is generated by invoking `apoppassword' command which comes with cmd5apoppw package listed above.

The mechanism of password comparison is based on http://members.elysium.pl/brush/qmail-smtpd-auth/ and http://members.elysium.pl/brush/cmd5checkpw/.

User Agent Settings

For basic email address `user@primary.domain', email will be delivered to the mailbox specified by ~/.qmail. In this case, mail password should be set with apoppasswd.

apoppasswd
Enter APOP Password:
Again APOP Password:

For extensional email address `user-ext@primary.domain':

apoppasswd -e ext

For virtual domain address `user-ext@virtual.domain', email destination is decided by `/somewhere/vdom/dir/.qmail-ext'. For this case:

cd /somewhere/vdom/dir
apoppasswd -e ext

In Mail User Agent configuration, user name for authentication is as follows.

email address	auth name
user@primary.domain	user
user-ext@primary.domain	user-ext
user-ext@virtual.domain	user-ext@virtual.domain

Unlike the case for POP server, it is not important which login account is accepted. If you have multiple accounts on the server, anyone is good for sending purpose.

Installation procedure

is shortly written in README.auth-ext.

You also want to set up imapext as POP3 server.

.. Japanese text below;

何するものぞ

http://members.elysium.pl/brush/qmail-smtpd-auth/ と http://members.elysium.pl/brush/cmd5checkpw/ による SMTP-AUTH をベースに「UW-IMAPDてんこもり拡張パック」 (以下imapext)と同様のパスワード管理方式を利用するようにしたものです。つまり、

ユーザ用の認証パスワードは~/.apopに保存しユーザ権限で登録できるようにしてimapext のパスワードと共用できるようにした
~/.qmail-foo や control/virtualdomain による拡張アドレスに対するパスワードを同じルールで決まるファイル名で管理できるようにした。

さらに、users/assign にも厳密に対応しています。もし、

foo@vdom.example.com というアドレスが /dokoka/sokoka/.qmail-foo

というdot-qmailファイルに配送されるのであれば、このアカウント (foo@vdom.example.com)用のパスワードファイルは /dokoka/sokoka/.apop-foo となります。virtualdomainsと users/assign を組み合わせて単一UIDでの複数のメイルアカウントを使い分けている場合にも有効です。

このパッチによる qmail-smtpd は http://www.gentei.org/~yuuji/software/qmail-smtpd-auth-ext/ にある cmd5apoppw と組み合わせて使うことを想定しています。 cmd5apoppwも同時にインストールして下さい。

これでqmailの拡張アドレス、virtualdomainを使いまくっても、 TLS/APOPとSMTP-AUTHで正しく認証できます。やったー。

23703

yuuji@

Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX