[HowTo] Replace courier with dovecot

[aseques]

Hi, if the passwords are stored in a know encryption method (haven't look at it in deep yet), it wouldn't be faster to user dovecot directly to check the passwords?
Forgive me if I'm wrong, but if every time a pop connection is established there has to be a perl script connecting to the database and retrieving the user info, doing it natively with dovecot + mysql would be less cost expensive I guess.
At the moment I don't have any production server using post-encription release so I haven't look at it yet.

What's your opinion?

[sci2tech]

(10-03-2008 02:10 AM)aseques Wrote:  Hi, if the passwords are stored in a know encryption method (haven't look at it in deep yet), it wouldn't be faster to user dovecot directly to check the passwords?
Forgive me if I'm wrong, but if every time a pop connection is established there has to be a perl script connecting to the database and retrieving the user info, doing it natively with dovecot + mysql would be less cost expensive I guess.
At the moment I don't have any production server using post-encription release so I haven't look at it yet.

What's your opinion?

Encryption used is blowfish cbc. Nor dovecot, nor mysql support this type of encryption. Also ispcp use by default courier, not dovecot. But since there are users that like this mail server I think is my duty to help them. We need an encryption method that is reversible because of sasl that need plain text passwords for postfix so md5/sha1/etc are not suitable.

[sci2tech]

To make dovecot work with new encripted passwords in database modify dovecot. conf in

Quote:base_dir = /var/run/dovecot/
protocols = imap pop3
disable_plaintext_auth = no
listen=*
syslog_facility = mail
login_greeting = Dovecot ready.
mail_location = maildir:/var/mail/virtual/%d/%n
mail_privileged_group = mail
protocol imap {
}
namespace private {
prefix = INBOX.
inbox = yes
}
protocol pop3 {
pop3_uidl_format = %u-%v
}
protocol lda {
postmaster_address = postmaster@yourdomain.tld
auth_socket_path = /var/run/dovecot/auth-master
}
auth default {
mechanisms = plain login
passdb checkpassword {
args = /var/www/ispcp/engine/ispcp-dovecot-mngr
}
userdb prefetch {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
}
user = root
}
plugin {
}

. Save attached file as /var/www/ispcp/engine/ispcp-dovecot-mngr and make it executable (chmod 0755 /var/www/ispcp/engine/ispcp-dovecot-mngr). restart dovecot and enjoy.
So the problem was file rigths. File were accessible only for root but dovecot runs as vmail user. Please test and confirm if possible.

[Slowman]

Attachments ispcp-dovecot-mngr ?

[sci2tech]

Added. But is the same. The only modify needed was user = root} instead of user = vmail}

[BeNe]

I checked it today. You must set these rights:

Code:

/var/www/ispcp/engine# ls -l
total 444
drwx------ 2 root  root  4096 Mar 27  2008 awstats
drwx------ 2 root  root  4096 Apr  7 11:10 backup
-rwx------ 1 root  root 55401 Oct  2 14:45 ispcp-als-mngr
-rwx------ 1 root  root  6933 Oct  2 14:45 ispcp-apache-logger
-rwx------ 1 vmail root   102 Oct  2 14:47 ispcp-db-keys.pl
-rwx------ 1 root  root  4208 Oct  2 14:45 ispcp-db-passwd
-rwx------ 1 root  root 97063 Oct  2 14:45 ispcp-dmn-mngr
-rwxr-xr-x 1 vmail root  2395 Oct  2 14:17 ispcp-dovecot-mngr
-rwx------ 1 root  root 27815 Oct  2 14:45 ispcp-htuser-mngr
-rwx------ 1 root  root 64301 Oct  2 14:45 ispcp-mbox-mngr
-rwx------ 1 root  root 14024 Oct  2 14:45 ispcp-rqst-mngr
-rwx------ 1 root  root  7190 Oct  2 14:45 ispcp-serv-mngr
-rwx------ 1 root  root 49617 Oct  2 14:45 ispcp-sub-mngr
-rwx------ 1 vmail root  5291 Oct  2 14:45 ispcp_common_code.pl
-rwx------ 1 vmail root 45249 Oct  2 14:45 ispcp_common_methods.pl
drwxr-xr-x 2 root  root  4096 Oct 24  2007 messager
drwx------ 2 root  root  4096 Nov  4  2007 quota
drwx------ 2 root  root  4096 Sep 19 13:49 setup
drwx------ 2 root  root  4096 Jan 20  2008 tools
drwx------ 2 root  root  4096 Nov 29  2007 traffic

Then it works with Thunderbird but not with Squirrelmail which comes with ispCP or Roundcube. I always get an "Login failed" When i set the cryptet PW back to Plaintext Squirrelmail and Roundcube works...

Greez BeNe

[sci2tech]

@Bene please try my last posted dovecot.conf. Both SquirrelMail and Thunderbird are using imap protocol (and I guess that Roundcube does too) so they do not use database access. I tested and work with both Thunderbird and SquirrelMail on Debian etch and Lenny successfully. If you want you can use also telnet for it:

Quote:telnet mail.domain.tld 143
Trying 192.168.1.2...
Connected to mail.domain.tld.
Escape character is '^]'.
* OK Dovecot ready.
+ LOGIN sci2tech@domain.tld password
+ OK Logged in.
+ EXAMINE INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 3 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1222117339] UIDs valid
* OK [UIDNEXT 49] Predicted next UID
+ OK [READ-ONLY] Select completed.
+ LOGOUT
* BYE Logging out
+ OK Logout completed.
Connection closed by foreign host.

With bold you have my commands not bolded answers. Also I need logs from /var/log/syslog if something go wrong so I can figure what it is.

[BeNe]

I know that it make no sense - every App use IMAP and Thunderbird works.
But i found the Problem. I installed pysieved to get serverside rules.
And there was still Plaintext in the dovecot.conf in this part. The pysieved server listend to 127.0.0.1 and so every connect from localhost to localhost failed with the Plain login of course. From extern with Thunderbird it works because it was not localhost. I edit the part as you discribed and it works now.

Can we put the ispcp-dovecot-mngr in the trunk ?
So the dovecot user must not download it and it comes per default.

Greez BeNe

[sci2tech]

I can put it on the trunk but I do not know if we should do this. Officially we support courier not dovecot. But if community say so I`ll add it. Let me know what you think about this.

[BeNe]

Of course you are right we support courier.
But on the other way, it is only a script that is not used by default from ispCP and lies in the engine Folder. Every Dovecot User will be happy with that script to support crypted Passwords. But we should discuss that with more in the Internal Forum.

Next is that i want to test a Password Changer in Squirrelmail. But i am not shure if this will work. Because we put a Blowfish PW in the DB...

Greez BeNe