ISPconfig user@domain email login HOW TO

minimalist · Nov 1, 2007

What happens when your upgrade your ISPConfig to the latest version?

grant · Nov 1, 2007

If you update ISPConfig...you're going to have to do some of these changes again. And the changes may be different depending on how much ISPConfig has changed.

jbravo · Nov 19, 2007

I'd like to thank you for this howto. Works fine with just few changes (paths specific to SLES10 SP1 which i use).

Rockdrala · Jan 3, 2008

Im running CentOS 5.2 with the latest stable of ISPconfig.

wheres my courier file to edit as mentioned at the start of the post i looked everywhere.

falko · Jan 4, 2008

You mean CentOS 5.1, don't you?

There are no Courier packages available, unless you build them yourselves: http://www.howtoforge.com/installing-courier-imap-courier-authlib-maildrop-fedora-redhat-centos
The standard POP3/IMAP daemon on CentOS is Dovecot.

marton_erno · Jan 4, 2008

Implemented on Debian 4.0 with small modifications
grant said:
Ok, so here is my guide for setting this up. I'm pretty certain I've included all the steps. If I've forgotten any let me know help you fix it.

Advantages of this method:

Works with long domain names

User can login to IMAP/POP3/SMTP with any of their associated email addresses

User can also login with their actual system username (ie. web1_grant)

Mailuser login still works.

Users are updated automatically, no cron jobs

EDIT: Changed to that https://www.yourdomain.com:81/mailuser still works, people can still login in to change their mail settings.

First, setup the perfect server setup for ubuntu, and install ISPConfig. Setup at least 1 email user so you can test that this works.

Install my modified pw2userdb script. Save it as /root/ispconfig/scripts/custpw2userdb:
Code:
#! /usr/bin/perl
#
#  Convert /etc/passwd and /etc/shadow to userdb format.
#
#  Modified by Grant Emsley <[email protected]> for ISPConfig
#
#  Now takes usernames from postfix virtual user table
#  so people can login with their email address
#
# Originally Copyright 1998 - 1999 Double Precision, Inc.
#

# Locations for files used
$passwd="/etc/passwd";
$shadow="/etc/shadow";
$virtusertable = "/etc/postfix/virtusertable";
$userdb = "/etc/courier/userdb";
$userdbtmp = "/etc/courier/userdb.tmp";

# Location of makeuserdb program
$makeuserdb = "/usr/sbin/makeuserdb";

open(PASSWD, $passwd) || die "$!\n";

while (<PASSWD>)
{
        chop if /\n$/;
        next if /^#/;
        ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );

        $PASSWORD{$acct}=$passwd if $passwd ne "x";
        $UID{$acct}=$uid;
        $GID{$acct}=$gid;
        $HOME{$acct}=$home;
        $SHELL{$acct}=$shell;

        $name =~ s/\|/./g;      # Just in case
        $GECOS{$acct}=$name;
}
close (PASSWD);

if ( -f $shadow && ! $noshadow)
{
        open (SHADOW, $shadow) || die "$!\n";
        while (<SHADOW>)
        {
                next if /^#/;
                ($acct,$passwd,$dummy)=split(/:/);
                $PASSWORD{$acct}=$passwd;
        }
        close (SHADOW);
}

# Grab users out of the virtusertable
# Write it to a temp file
open (USERTABLE, $virtusertable) || die "$!\n";
open (USERDBTMP,">$userdbtmp") || die "$!\n";
while (<USERTABLE>) {
        chop if /\n$/;
        next if /^#/;  # skip lines that start with #
        ($email,$username)=split();

        print USERDBTMP "$email\tuid=$UID{$username}|gid=$GID{$username}|gecos=$GECOS{$username}|home=$HOME{$username}|shell=$SHELL{$username}|systempw=$PASSWORD{$username}\n";
}

# Let them also login with their real system username
while ( defined ($key=each %UID)) {
        print USERDBTMP "$key\tuid=$UID{$key}|gid=$GID{$key}|gecos=$GECOS{$key}|home=$HOME{$key}|shell=$SHELL{$key}|systempw=$PASSWORD{$key}\n";
}

close (USERTABLE);
close (USERDBTMP);

# Move the temp file to the real one
rename $userdbtmp, $userdb;
# Set the proper permissions on it
system("chmod 600 $userdb");

# Run makeuserdb
system($makeuserdb);
Edit /root/ispconfig/scripts/writeconf.php. Right BEFORE echo "ende\n"; add the line:
Code:
exec("/root/ispconfig/scripts/custpw2userdb &> /dev/null");
Edit /etc/courier/authdaemonrc. Find the line authmodulelist="authpam"
Change it to:
Code:
authmodulelist="authuserdb"
Edit /etc/postfix/sasl/smtpd.conf to say:
Code:
pwcheck_method: authdaemond
mech_list: plain login
log_level: 3
authdaemond_path:/var/run/courier/authdaemon/socket
Edit /etc/init.d/courier-authdaemon. Change the top of the file to look like this:
Code:
#! /bin/sh -e

prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
run_dir="/var/spool/postfix/var/run/courier/authdaemon"

# create  /var/run if it does not already exist
if [ ! -d ${run_dir} ]; then
        mkdir -p ${run_dir}
        chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
        chmod 755 ${run_dir}
fi

if [ ! -h /var/run/courier ]; then
        ln -s /var/spool/postfix/var/run/courier /var/run/courier
fi

. /lib/lsb/init-functions
Add local system accounts that AREN'T managed by ISPConfig to Virtusertable

Reboot the system (or shutdown postfix/courier/authdaemond, rm -r /var/run/courier, and restart them all).
Click to expand...
I modified the custpw2userdb to create userdb only for users created by ISPconfig, uid greater then 10000
Code:
while (<PASSWD>) {
        chop if /\n$/;
        next if /^#/;
        ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );
[B]        if ($uid > 10000) {[/B]
        $PASSWORD{$acct}=$passwd if $passwd ne "x";
        $UID{$acct}=$uid;
        $GID{$acct}=$gid;
        $HOME{$acct}=$home;
        $SHELL{$acct}=$shell;
        $name =~ s/\|/./g; # Just in case
        $GECOS{$acct}=$name;
        [B]}[/B]
}
After creating a new user the script wasn't executed so I added the command "perl" to the line inserted in writeconf.php
Code:
exec("perl /root/ispconfig/scripts/custpw2userdb &> /dev/null");
This is it for the moment, I will try to put my server online for production in a couple o days, if i need to make other changes i will update my post.
Hope it will help.

Regards

planet_fox · Jan 8, 2008

Nice, I do testing in this night. What is the problem for ispconfig for general intigrating this feature in ispconfig.

planet_fox · Jan 9, 2008

I have do what in your howto is, do not work

Code:

Jan  9 01:00:04 serv courierpop3login: authdaemon: s_connect() failed: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authentication error: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authdaemon: s_connect() failed: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authentication error: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authdaemon: s_connect() failed: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authentication error: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authdaemon: s_connect() failed: No such file or directory
Jan  9 01:00:04 serv courierpop3login: authentication error: No such file or directory

Rockdrala · Jan 9, 2008

I wouldnt recommend doing this hack until its fully supported or integration with all of the ISPconfig features have been supported out. For example theres something with the spam catcher that doesnt line up.
So i would wait
-usernames have been expanded
-ftp login names have been cleaned up
-It has support with the settings of spam assassin and virus scanner.

Yes its a very nice thing to have but theres still a lot of options that have not been documented on how to make work with this option.

Even now i have reverted to the old user name system and im still trying to "unbreak" the spam catcher and virus scanner.

marton_erno · Jan 9, 2008

Tested ... Results

Hi everyone,

I tested the hack, all seams to be ok, virus scanner working, spam scanner working (thees are not affected by anyway).
It's seams to be something with the mail-user login, witch is not working yet.

grafzahl · Jan 17, 2008

Hello and thanks for the great howto from grant with the additional informations from marton_erno.

In my first post i want to tell how it works with SuSe 10.1
You will need some changes:

in /root/ispconfig/scripts/custpw2userdb:
Code:
$userdb = "/etc/authlib/userdb";
$userdbtmp = "/etc/authlib/userdb.tmp";
/etc/authlib/authdaemonrc don´t need any modifications.

in /etc/init.d/courier-authdaemon between "### END INIT INFO" and "# Check for missing binaries":
Code:
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
run_dir="/var/spool/postfix/var/run/courier/authdaemon"

# create  /var/run if it does not already exist
if [ ! -d ${run_dir} ]; then
        mkdir -p ${run_dir}
        chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
        chmod 755 ${run_dir}
fi

if [ ! -h /var/run/courier ]; then
        ln -s /var/spool/postfix/var/run/courier /var/run/courier
fi
in /usr/lib/sasl2/smtpd.conf:
Code:
authdaemond_path: /var/run/authdaemon.courier-imap/socket
Finally i need
Code:
chmod o+x /var/run/authdaemon.courier-imap/
If you don´t chmod you get a "permission denied" error from SASL.

After modifying i make
Code:
/etc/init.d/courier-authdaemon restart
 
and the userdb was created without any errors.

Thats all. I hope someone need it.

Greets from Germany
Grafzahl

luchs3 · Jan 18, 2008

Will these feature become part of the System in the next Release?

I think this is a big advantage and many users would be happy about that.

Niko

luchs3 · Jan 19, 2008

Hi,

I tried grand's version, but I my postfix can't access the courier db

Jan 19 09:27:07 web postfix/smtpd[455]: warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
Jan 19 09:27:07 web postfix/smtpd[455]: warning: SASL authentication failure: Password verification failed
Jan 19 09:27:07 web postfix/smtpd[455]: warning: mail.server.com[86.86.86.86]: SASL PLAIN authentication failed: generic failure
Jan 19 09:27:10 web postfix/smtpd[455]: disconnect from mail.server.com[86.86.86.86]
Click to expand...

The funny thing is, that I can send Mail through the Roubdcube.

antoniop · Feb 1, 2008

Dovecot user@domain?

Hi,

This is great work for setting up courier authentication with a user@domain.

Has anyone successfully configured dovecot with this configuration (on an ISP Config system) by chance?

Thanks,

Antonio

antoniop · Feb 1, 2008

Sorry, I just found the following that has a solution:
http://www.howtoforge.com/forums/showthread.php?t=12308

pine1455 · Feb 2, 2008

Hi,
I followed all instructions described in http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig-p1
I put some changes to have user@domain athu for SMTP ... Every things seem to be OK ... but the little problem .. when I set auth for my mail client It force me to provide correct user/pass but I found that it Also works without athu !!! Does anybody know how I can for my user to athu himself to use my SMPT server?!!!

TNX
--Pine

==== /etc/postfix/main.cf ==========
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
debugger_command =
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mailbox_command =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local-host-names
myhostname = www.mydomain.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $host Mail Server
smtpd_recipient_restrictions = ermit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type=dovecot
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
unknown_local_recipient_reject_code = 550
virtual_maps = hash:/etc/postfix/virtusertable
xxgdb $daemon_directory/$process_name $process_id & sleep 5
=========== /etc/dovecot.conf ==========

protocols = imap imaps pop3 pop3s
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = [email protected]
hostname = www.mydomain.com
}
auth_username_format ="%Ld_%Ln"
auth_debug = yes
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
=================

carlosranhi · Feb 6, 2008

Is the correct :

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination

pine1455 said:

Hi,
I followed all instructions described in http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig-p1
I put some changes to have user@domain athu for SMTP ... Every things seem to be OK ... but the little problem .. when I set auth for my mail client It force me to provide correct user/pass but I found that it Also works without athu !!! Does anybody know how I can for my user to athu himself to use my SMPT server?!!!

TNX
--Pine

==== /etc/postfix/main.cf ==========
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
debugger_command =
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mailbox_command =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local-host-names
myhostname = www.mydomain.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $host Mail Server
smtpd_recipient_restrictions = ermit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type=dovecot
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
smtp_sasl_auth_enable = no
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
unknown_local_recipient_reject_code = 550
virtual_maps = hash:/etc/postfix/virtusertable
xxgdb $daemon_directory/$process_name $process_id & sleep 5
=========== /etc/dovecot.conf ==========

protocols = imap imaps pop3 pop3s
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = [email protected]
hostname = www.mydomain.com
}
auth_username_format ="%Ld_%Ln"
auth_debug = yes
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
=================
Click to expand...

pine1455 · Mar 6, 2008

It's seems that "mailuserlogin" and "webstat" feature does not work after changing user prefix and dovecot settings ....

Any Idea?!!!

Log in or Sign up

ISPconfig user@domain email login HOW TO

minimalist Member

grant New Member

jbravo Member

Rockdrala New Member

falko Super Moderator Howtoforge Staff

marton_erno New Member

planet_fox Member HowtoForge Supporter

planet_fox Member HowtoForge Supporter

Rockdrala New Member

marton_erno New Member

grafzahl New Member

luchs3 New Member

luchs3 New Member

antoniop New Member

antoniop New Member

pine1455 New Member

carlosranhi New Member

pine1455 New Member

Share This Page

Log in or Sign up

ISPconfig user@domain email login HOW TO

minimalist Member

grant New Member

jbravo Member

Rockdrala New Member

falko Super Moderator Howtoforge Staff

marton_erno New Member

planet_fox Member HowtoForge Supporter

planet_fox Member HowtoForge Supporter

Rockdrala New Member

marton_erno New Member

grafzahl New Member

luchs3 New Member

luchs3 New Member

antoniop New Member

antoniop New Member

pine1455 New Member

carlosranhi New Member

pine1455 New Member

Share This Page

Useful Searches