Hi there! I've got a problem with SquirrelMail virtual user login. After typing in user and password It returns an error: Unknown user or password incorrect. To set up my mail server I've followed this tutorial http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-debian-lenny and it is for LAN use only an it is a DNS server (it works) as well. The only steps I've omitted were 3, 9, 10, 11 (will do this next time since this installation is for testing). Here is my configuration: hostname: serwer2slt hostname --fqdn: serwer2slt.lan hosts Code: 127.0.0.1 localhost.localdomain localhost 192.168.5.200 serwer2slt.lan serwer2slt # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts /etc/mysql/my.cnf Code: # # The MySQL database server configuration file. # # You can copy this to one of: # - "/etc/mysql/my.cnf" to set global options, # - "~/.my.cnf" to set user-specific options. # # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes # escpecially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. [client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific programs # The following values assume you have at least 32M ram # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] # # * Basic Settings # user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/english skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 # # * Fine Tuning # key_buffer = 16M max_allowed_packet = 16M thread_stack = 128K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 16M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. log = /var/log/mysql/mysql.log # # Error logging goes to syslog. This is a Debian improvement :) # # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = include_database_name # # * BerkeleyDB # # Using BerkeleyDB is now discouraged as its support will cease in 5.1.12. skip-bdb # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # You might want to disable InnoDB to shrink the mysqld process by circa 100MB. #skip-innodb # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M # # * NDB Cluster # # See /usr/share/doc/mysql-server-*/README.Debian for more information. # # The following configuration is read by the NDB Data Nodes (ndbd processes) # not from the NDB Management Nodes (ndb_mgmd processes). # # [MYSQL_CLUSTER] # ndb-connectstring=127.0.0.1 # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/ /etc/postfix/mysql-virtual_domains.cf Code: user = webm2slt password = webmaster2slt dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1 The rest of /etc/postfix/mysql-virtual_*.cf files have the same user, password,dbname and hosts values. /etc/default/saslauthd Code: # # Settings for saslauthd daemon # Please read /usr/share/doc/sasl2-bin/README.Debian for details. # # Should saslauthd run automatically on startup? (default: no) START=Yes # Description of this saslauthd instance. Recommended. # (suggestion: SASL Authentication Daemon) DESC="SASL Authentication Daemon" # Short name of this saslauthd instance. Strongly recommended. # (suggestion: saslauthd) NAME="saslauthd" # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c -m /var/run/saslauthd) # Note: You MUST specify the -m option or saslauthd won't run! # # WARNING: DO NOT SPECIFY THE -d OPTION. # The -d option will cause saslauthd to run in the foreground instead of as # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish # to run saslauthd in debug mode, please run it by hand to be safe. # # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. # See the saslauthd man page and the output of 'saslauthd -h' for general # information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" /etc/pam.d/smtp Code: auth required pam_mysql.so user=webm2slt passwd=webmaster2slt host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=webm2slt passwd=webmaster2slt host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 /etc/postfix/sasl/smtpd.conf Code: pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: webm2slt sql_passwd: webmaster2slt sql_database: mail sql_select: select password from users where email = '%u' /etc/courier/authdaemonrc Code: ##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. # # authdaemonrc created from authdaemonrc.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # This file configures authdaemond, the resident authentication daemon. # # Comments in this file are ignored. Although this file is intended to # be sourced as a shell script, authdaemond parses it manually, so # the acceptable syntax is a bit limited. Multiline variable contents, # with the \ continuation character, are not allowed. Everything must # fit on one line. Do not use any additional whitespace for indentation, # or anything else. ##NAME: authmodulelist:2 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you # can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe authmodulelist="authmsql" ##NAME: authmodulelistorig:3 # # This setting is used by Courier's webadmin module, and should be left # alone authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe" ##NAME: daemons:0 # # The number of daemon processes that are started. authdaemon is typically # installed where authentication modules are relatively expensive: such # as authldap, or authmysql, so it's better to have a number of them running. # PLEASE NOTE: Some platforms may experience a problem if there's more than # one daemon. Specifically, SystemV derived platforms that use TLI with # socket emulation. I'm suspicious of TLI's ability to handle multiple # processes accepting connections on the same filesystem domain socket. # # You may need to increase daemons if as your system load increases. Symptoms # include sporadic authentication failures. If you start getting # authentication failures, increase daemons. However, the default of 5 # SHOULD be sufficient. Bumping up daemon count is only a short-term # solution. The permanent solution is to add more resources: RAM, faster # disks, faster CPUs... daemons=5 ##NAME: authdaemonvar:2 # # authdaemonvar is here, but is not used directly by authdaemond. It's # used by various configuration and build scripts, so don't touch it! authdaemonvar=/var/run/courier/authdaemon ##NAME: DEBUG_LOGIN:0 # # Dump additional diagnostics to syslog # # DEBUG_LOGIN=0 - turn off debugging # DEBUG_LOGIN=1 - turn on debugging # DEBUG_LOGIN=2 - turn on debugging + log passwords too # # ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. # # Note that most information is sent to syslog at level 'debug', so # you may need to modify your /etc/syslog.conf to be able to see it. DEBUG_LOGIN=0 ##NAME: DEFAULTOPTIONS:0 # # A comma-separated list of option=value pairs. Each option is applied # to an account if the account does not have its own specific value for # that option. So for example, you can set # DEFAULTOPTIONS="disablewebmail=1,disableimap=1" # and then enable webmail and/or imap on individual accounts by setting # disablewebmail=0 and/or disableimap=0 on the account. DEFAULTOPTIONS="" ##NAME: LOGGEROPTS:0 # # courierlogger(1) options, e.g. to set syslog facility # LOGGEROPTS="" ##NAME: LDAP_TLS_OPTIONS:0 # # Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. # Examples: # #LDAPTLS_CACERT=/path/to/cacert.pem #LDAPTLS_REQCERT=demand #LDAPTLS_CERT=/path/to/clientcert.pem #LDAPTLS_KEY=/path/to/clientkey.pem /etc/courier/authmysqlrc Code: ##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $ # # Copyright 2000-2007 Double Precision, Inc. See COPYING for # distribution information. # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # authmysqlrc created from authmysqlrc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # might contain the MySQL admin password! # # Each line in this file must follow the following format: # # field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed by # field value. Trailing spaces are prohibited. ##NAME: LOCATION:0 # # The server name, userid, and password used to log in. MYSQL_SERVER localhost MYSQL_USERNAME webm2slt MYSQL_PASSWORD webmaster2slt MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota ##NAME: SSLINFO:0 # # The SSL information. # # To use SSL-encrypted connections, define the following variables (available # in MySQL 4.0, or higher): # # # MYSQL_SSL_KEY /path/to/file # MYSQL_SSL_CERT /path/to/file # MYSQL_SSL_CACERT /path/to/file # MYSQL_SSL_CAPATH /path/to/file # MYSQL_SSL_CIPHERS ALL:!DES ##NAME: MYSQL_SOCKET:0 # # MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the # filesystem pipe used for the connection # # MYSQL_SOCKET /var/run/mysqld/mysqld.sock ##NAME: MYSQL_PORT:0 # # MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to # connect to. MYSQL_PORT 0 ##NAME: MYSQL_OPT:0 # # Leave MYSQL_OPT as 0, unless you know what you're doing. MYSQL_OPT 0 ##NAME: MYSQL_DATABASE:0 # # The name of the MySQL database we will open: MYSQL_DATABASE mysql #NAME: MYSQL_CHARACTER_SET:0 # # This is optional. MYSQL_CHARACTER_SET installs a character set. This option # can be used with MySQL version 4.1 or later. MySQL supports 70+ collations # for 30+ character sets. See MySQL documentations for more detalis. # # MYSQL_CHARACTER_SET latin1 ##NAME: MYSQL_USER_TABLE:0 # # The name of the table containing your user data. See README.authmysqlrc # for the required fields in this table. MYSQL_USER_TABLE passwd ##NAME: MYSQL_CRYPT_PWFIELD:0 # # Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both # are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext # passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow # CRAM-MD5 authentication to be implemented. MYSQL_CRYPT_PWFIELD crypt ##NAME: MYSQL_CLEAR_PWFIELD:0 # # # MYSQL_CLEAR_PWFIELD clear ##NAME: MYSQL_DEFAULT_DOMAIN:0 # # If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', # we will look up 'user@DEFAULT_DOMAIN' instead. # # # DEFAULT_DOMAIN example.com ##NAME: MYSQL_UID_FIELD:0 # # Other fields in the mysql table: # # MYSQL_UID_FIELD - contains the numerical userid of the account # MYSQL_UID_FIELD uid ##NAME: MYSQL_GID_FIELD:0 # # Numerical groupid of the account MYSQL_GID_FIELD gid ##NAME: MYSQL_LOGIN_FIELD:0 # # The login id, default is id. Basically the query is: # # SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid' # MYSQL_LOGIN_FIELD id ##NAME: MYSQL_HOME_FIELD:0 # MYSQL_HOME_FIELD home ##NAME: MYSQL_NAME_FIELD:0 # # The user's name (optional) MYSQL_NAME_FIELD name ##NAME: MYSQL_MAILDIR_FIELD:0 # # This is an optional field, and can be used to specify an arbitrary # location of the maildir for the account, which normally defaults to # $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD). # # You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this # out. # # MYSQL_MAILDIR_FIELD maildir ##NAME: MYSQL_DEFAULTDELIVERY:0 # # Courier mail server only: optional field specifies custom mail delivery # instructions for this account (if defined) -- essentially overrides # DEFAULTDELIVERY from ${sysconfdir}/courierd # # MYSQL_DEFAULTDELIVERY defaultdelivery ##NAME: MYSQL_QUOTA_FIELD:0 # # Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally # specify a maildir quota. See README.maildirquota for more information # # MYSQL_QUOTA_FIELD quota ##NAME: MYSQL_AUXOPTIONS:0 # # Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that # contains a single string consisting of comma-separated "ATTRIBUTE=NAME" # pairs. These names are additional attributes that define various per-account # "options", as given in INSTALL's description of the "Account OPTIONS" # setting. # # MYSQL_AUXOPTIONS_FIELD auxoptions # # You might want to try something like this, if you'd like to use a bunch # of individual fields, instead of a single text blob: # # MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup) # # This will let you define fields called "disableimap", etc, with the end result # being something that the OPTIONS parser understands. ##NAME: MYSQL_WHERE_CLAUSE:0 # # This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary # fixed string that is appended to the WHERE clause of our query # # MYSQL_WHERE_CLAUSE server='mailhost.example.com' ##NAME: MYSQL_SELECT_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database, # which is structuraly different from proposed. The fixed string will # be used to do a SELECT operation on database, which should return fields # in order specified bellow: # # username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options # # The username field should include the domain (see example below). # # Enabling this option causes ignorance of any other field-related # options, excluding default domain. # # There are two variables, which you can use. Substitution will be made # for them, so you can put entered username (local part) and domain name # in the right place of your query. These variables are: # $(local_part), $(domain), $(service) # # If a $(domain) is empty (not given by the remote user) the default domain # name is used in its place. # # $(service) will expand out to the service being authenticated: imap, imaps, # pop3 or pop3s. Courier mail server only: service will also expand out to # "courier", when searching for local mail account's location. In this case, # if the "maildir" field is not empty it will be used in place of # DEFAULTDELIVERY. Courier mail server will also use esmtp when doing # authenticated ESMTP. # # This example is a little bit modified adaptation of vmail-sql # database scheme: # # MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ # CONCAT('{MD5}', popbox.password_hash), \ # popbox.clearpw, \ # domain.uid, \ # domain.gid, \ # CONCAT(domain.path, '/', popbox.mbox_name), \ # '', \ # domain.quota, \ # '', \ # CONCAT("disableimap=",disableimap,",disablepop3=", \ # disablepop3,",disablewebmail=",disablewebmail, \ # ",sharedgroup=",sharedgroup) \ # FROM popbox, domain \ # WHERE popbox.local_part = '$(local_part)' \ # AND popbox.domain_name = '$(domain)' \ # AND popbox.domain_name = domain.domain_name ##NAME: MYSQL_ENUMERATE_CLAUSE:1 # # {EXPERIMENTAL} # Optional custom SQL query used to enumerate accounts for authenumerate, # in order to compile a list of accounts for shared folders. The query # should return the following fields: name, uid, gid, homedir, maildir, options # # Example: # MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \ # domain.uid, \ # domain.gid, \ # CONCAT(domain.path, '/', popbox.mbox_name), \ # '', \ # CONCAT('sharedgroup=', sharedgroup) \ # FROM popbox, domain \ # WHERE popbox.local_part = '$(local_part)' \ # AND popbox.domain_name = '$(domain)' \ # AND popbox.domain_name = domain.domain_name ##NAME: MYSQL_CHPASS_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database, # which is structuraly different from proposed. The fixed string will # be used to do an UPDATE operation on database. In other words, it is # used, when changing password. # # There are four variables, which you can use. Substitution will be made # for them, so you can put entered username (local part) and domain name # in the right place of your query. There variables are: # $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) # # If a $(domain) is empty (not given by the remote user) the default domain # name is used in its place. # $(newpass) contains plain password # $(newpass_crypt) contains its crypted form # # MYSQL_CHPASS_CLAUSE UPDATE popbox \ # SET clearpw='$(newpass)', \ # password_hash='$(newpass_crypt)' \ # WHERE local_part='$(local_part)' \ # AND domain_name='$(domain)' # /etc/courier/imapd.cnf Code: RANDFILE = /usr/lib/courier/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=NY L=New York O=Courier Mail Server OU=Automatically-generated IMAP SSL key CN=serwer2slt.lan [email protected] [ cert_type ] nsCertType = server /etc/courier/pop3d.cnf Code: RANDFILE = /usr/lib/courier/pop3d.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=NY L=New York O=Courier Mail Server OU=Automatically-generated POP3 SSL key CN=serwer2slt.lan [email protected] [ cert_type ] nsCertType = server /etc/aliases here is where something might have gone wrong Code: mailer-daemon: postmaster postmaster: root nobody: root hostmaster: root usenet: root news: root webmaster: root www: root ftp: root abuse: root noc: root security: root root: [email protected] config.php from step 15 Code: <?php /** * SquirrelMail Change SQL Password Plugin * Copyright (C) 2001-2002 Tyler Akins * 2002 Thijs Kinkhorst <[email protected]> * 2002-2005 Paul Lesneiwski <[email protected]> * This program is licensed under GPL. See COPYING for details * * @package plugins * @subpackage Change SQL Password * */ // Global Variables, don't touch these unless you want to break the plugin // global $csp_dsn, $password_update_queries, $lookup_password_query, $force_change_password_check_query, $password_encryption, $csp_salt_query, $csp_salt_static, $csp_secure_port, $csp_non_standard_http_port, $csp_delimiter, $csp_debug, $min_password_length, $max_password_length, $include_digit_in_password, $include_uppercase_letter_in_password, $include_lowercase_letter_in_password, $include_nonalphanumeric_in_password; // csp_dsn // // Theoretically, any SQL database supported by Pear should be supported // here. The DSN (data source name) must contain the information needed // to connect to your database backend. A MySQL example is included below. // For more details about DSN syntax and list of supported database types, // please see: // http://pear.php.net/manual/en/package.database.db.intro-dsn.php // $csp_dsn = 'mysql://webm2slt:webmaster2slt@localhost/mail'; // lookup_password_query // // This plugin will always verify the user's old password // against their login password, but an extra check can also // be done against the database for more security if you // desire. If you do not need the extra password check, // make sure this setting is empty. // // This is a query that returns a positive value if a user // and password pair are found in the database. // // This query should return one value (one row, one column), the // value being ideally a one or a zero, simply indicating that // the user/password pair does in fact exist in the database. // // %1 in this query will be replaced with the full username // (including domain), such as "[email protected]" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // %4 in this query will be replaced with the current (old) // password in whatever encryption format is needed per other // plugin configuration settings (Note that the syntax of // the password will be provided depending on your encryption // choices, so you NEVER need to provide quotes around this // value in the query here.) // %5 in this query will be replaced with the current (old) // password in unencrypted plain text. If you do not use any // password encryption, %4 and %5 will be the same values, // except %4 will have double quotes around it and %5 will not. // //$lookup_password_query = ''; // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"'; $lookup_password_query = 'SELECT count(*) FROM users WHERE email = "%1" AND password = %4'; // password_update_queries // // An array of SQL queries that will all be executed // whenever a password change attempt is made. // // Any number of queries may be included here. // The queries will be executed in the order given here. // // %1 in all queries will be replaced with the full username // (including domain), such as "[email protected]" // %2 in all queries will be replaced with the username (without // any domain portion), such as "jose" // %3 in all queries will be replaced with the domain name, // such as "example.com" // %4 in all queries will be replaced with the new password // in whatever encryption format is needed per other // plugin configuration settings (Note that the syntax of // the password will be provided depending on your // encryption choices, so you NEVER need to provide quotes // around this value in the queries here.) // %5 in all queries will be replaced with the new password // in unencrypted plain text - BEWARE! If you do not use // any password encryption, %4 and %5 will be the same // values, except %4 will have double quotes around it // and %5 will not. // $password_update_queries = array( 'UPDATE users SET password = %4 WHERE mail = "%1"', // 'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"', // 'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"', ); // force_change_password_check_query // // A query that checks for a flag that indicates if a user // should be forced to change their password. This query // should return one value (one row, one column) which is // zero if the user does NOT need to change their password, // or one if the user should be forced to change it now. // // This setting should be an empty string if you do not wish // to enable this functionality. // // %1 in this query will be replaced with the full username // (including domain), such as "[email protected]" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"'; //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"'; $force_change_password_check_query = ''; // password_encryption // // What encryption method do you use to store passwords // in your database? Please use one of the following, // exactly as you see it: // // NONE Passwords are stored as plain text only // MYSQLPWD Passwords are stored using the MySQL password() function // MYSQLENCRYPT Passwords are stored using the MySQL encrypt() function // PHPCRYPT Passwords are stored using the PHP crypt() function // MD5CRYPT Passwords are stored using encrypted MD5 algorithm // MD5 Passwords are stored as MD5 hash // $password_encryption = 'MYSQLENCRYPT'; // csp_salt_query // csp_salt_static // // Encryption types that need a salt need to know where to get // that salt. If you have a constant, known salt value, you // should define it in $csp_salt_static. Otherwise, leave that // value empty and define a value for the $csp_salt_query. // // Leave both values empty if you do not need (or use) salts // to encrypt your passwords. // // The query should return one value (one row, one column) which // is the salt value for the current user's password. This // query is ignored if $csp_salt_static is anything but empty. // // %1 in this query will be replaced with the full username // (including domain), such as "[email protected]" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // //$csp_salt_static = 'LEFT(crypt_password, 2)'; //$csp_salt_static = '"a4"'; // use this format with MYSQLENCRYPT //$csp_salt_static = '$2$blowsomefish$'; // use this format with PHPCRYPT $csp_salt_static = 'LEFT(password, 2)'; //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM users WHERE username = "%1"'; //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"'; $csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"'; //$csp_salt_query = ''; // csp_secure_port // // You may ensure that SSL encryption is used during password // change by setting this to the port that your HTTPS is served // on (443 is typical). Set to zero if you do not wish to force // an HTTPS connection when users are changing their passwords. // // You may override this value for certain domains, users, or // service levels through the Virtual Host Login (vlogin) plugin // by setting a value(s) for $vlogin_csp_secure_port in the vlogin // configuration. // $csp_secure_port = 0; //$csp_secure_port = 443; // csp_non_standard_http_port // // If you serve standard HTTP web requests on a non-standard // port (anything other than port 80), you should specify that // port number here. Set to zero otherwise. // // You may override this value for certain domains, users, or // service levels through the Virtual Host Login (vlogin) plugin // by setting a value(s) for $vlogin_csp_non_standard_http_port // in the vlogin configuration. // //$csp_non_standard_http_port = 8080; $csp_non_standard_http_port = 0; // min_password_length // max_password_length // include_digit_in_password // include_uppercase_letter_in_password // include_lowercase_letter_in_password // include_nonalphanumeric_in_password // // You can set the minimum and maximum password lengths that // you accept or leave those settings as zero to indicate that // no limit should be applied. // // Turn on any of the other settings here to check that the // new password contains at least one digit, upper case letter, // lower case letter and/or one non-alphanumeric character. // $min_password_length = 6; $max_password_length = 0; $include_digit_in_password = 0; $include_uppercase_letter_in_password = 0; $include_lowercase_letter_in_password = 0; $include_nonalphanumeric_in_password = 0; // csp_delimiter // // if your system has usernames with something other than // an "@" sign separating the user and domain portion, // specify that character here // //$csp_delimiter = '|'; $csp_delimiter = '@'; // debug mode // $csp_debug = 0; ?> To access login I use http://2slt.lan/squirrelmail/src/login.php but replacing 2slt.lan with serwer2slt.lan or serwer2slt works just as well. To log in I use following record form mail database in user table in mysql username: [email protected] password: webmaster2slt Are there any other information or config files I can post to help you to help me ? I would appreciate any suggestions as to what might be wrong.
Thenks for your interest Falko! Well I'm off on holidays right now and I can't post my logs but I will do this as soon as im back and at work. Cheers!
mail.log Here is my mail.log right after first attempt to login as [email protected] Code: Jul 27 09:44:20 serwer2slt authdaemond: stopping authdaemond children Jul 27 09:44:20 serwer2slt postfix/master[2699]: terminating on signal 15 Jul 27 09:46:50 serwer2slt authdaemond: modules="authmsql", daemons=5 Jul 27 09:46:50 serwer2slt authdaemond: Installing libauthmsql Jul 27 09:46:50 serwer2slt authdaemond: libauthmsql.so: cannot open shared object file: No such file or directory Jul 27 09:46:51 serwer2slt postfix/master[2795]: daemon started -- version 2.5.5, configuration /etc/postfix Jul 27 09:51:13 serwer2slt authdaemond: stopping authdaemond children Jul 27 09:51:13 serwer2slt postfix/master[2795]: terminating on signal 15 Jul 27 09:52:10 serwer2slt authdaemond: modules="authmsql", daemons=5 Jul 27 09:52:10 serwer2slt authdaemond: Installing libauthmsql Jul 27 09:52:10 serwer2slt authdaemond: libauthmsql.so: cannot open shared object file: No such file or directory Jul 27 09:52:11 serwer2slt postfix/master[2803]: daemon started -- version 2.5.5, configuration /etc/postfix Jul 27 09:55:56 serwer2slt imapd: Connection, ip=[::ffff:127.0.0.1] Jul 27 09:55:56 serwer2slt imapd: LOGIN FAILED, [email protected], ip=[::ffff:127.0.0.1] Jul 27 09:56:01 serwer2slt imapd: LOGOUT, ip=[::ffff:127.0.0.1], rcvd=67, sent=332 could this be the problem? Code: Jul 27 09:52:10 serwer2slt authdaemond: libauthmsql.so: cannot open shared object file: No such file or directory
Hi Falko! I'm back at work. Would you mind to take a look at my mail.log? I've posted it in the thread. http://www.howtoforge.com/forums/showthread.php?t=37571 Thanks.
That is correct my dear watson! you're missing mysql libs apt-get install libmysqlclient15off and restart your services
Well I've checked it and I do have libmysqlclient15off installed. Just to be sure I've reinstalled it and after restart I still get the same error while logging in and mail.log stays the same. What else might be missing? I really need help whit this one! Don't know if this will be of any use but the result of ldd /usr/lib/courier-authlib/libauthmysql.so is as follows: Code: linux-vdso.so.1 => (0x00007fff30bfe000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007ff1286a6000) libcourierauthcommon.so => /usr/lib/courier-authlib/libcourierauthcommon.so (0x00007ff1284a2000) libmysqlclient.so.15 => /usr/lib/libmysqlclient.so.15 (0x00007ff128096000) libm.so.6 => /lib/libm.so.6 (0x00007ff127e13000) libc.so.6 => /lib/libc.so.6 (0x00007ff127ac0000) libcourierauth.so => /usr/lib/courier-authlib/libcourierauth.so (0x00007ff1278b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007ff127698000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007ff127480000) libz.so.1 => /usr/lib/libz.so.1 (0x00007ff127268000) /lib64/ld-linux-x86-64.so.2 (0x00007ff128af3000)
Mark_NL thanks for your interest but I do have courier-authlib-mysql installed. I've read some posts related to this authdaemond: libauthmsql.so: cannot open shared object file: No such file or directory problem but couldn't find any solution. I'm relatively new to Debian/Linux and feel pretty much lost at this point. This is hopeless!
typo: authmodulelist="authmsql" in your /etc/courier/authdaemonrc it should say: authmodulelist="authmysql" (i got to say i also overlooked that typo, until i started to check your config files again)
Thanks for spotting this Mark_NL! It was right in front of my eyes! Silly mistake. Need better optics! But anyway, it got rid off one problem just to make room for another This time around ERROR: Connection dropped by IMAP server. comes up! mail.log states: Code: [...] Jul 30 09:45:50 serwer2slt authdaemond: modules="authmysql", daemons=5 Jul 30 09:45:50 serwer2slt authdaemond: Installing libauthmysql Jul 30 09:45:50 serwer2slt authdaemond: Installation complete: authmysql Jul 30 09:45:52 serwer2slt postfix/master[2797]: daemon started -- version 2.5.5, configuration /etc/postfix Jul 30 09:47:52 serwer2slt imapd: Connection, ip=[::ffff:127.0.0.1] Jul 30 09:47:52 serwer2slt imapd: LOGIN FAILED, [email protected], ip=[::ffff:127.0.0.1] Jul 30 09:47:52 serwer2slt imapd: authentication error: Input/output error [...] Where is this coming from? ( my keyboard and screen seem to be working just fine ) I've checked some other posts related to "dropped by IMAP server" but haven't found anything that would match my case. Any suggestions?
Ah we're getting closer! Your /etc/courier/authmysqlrc is not correct .. You've ADDED the lines specified in the how-to .. instead of replaced them (lazy ass! ;-)) they (for example) read: MYSQL_DATABASE mail then about 40-50 lines lower there's another line that looks pretty familiar ;-) MYSQL_DATABASE mysql so i'd say it overrides the previous, thus checking the wrong db .. that also counts for passwd crypt field etc .. so do what the how-to tells you (and you probably didn't do 1on1 ): 1. cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig 2. cat /dev/null > /etc/courier/authmysqlrc Then open /etc/courier/authmysqlrc and put the following lines into it: Code: MYSQL_SERVER localhost MYSQL_USERNAME webm2slt MYSQL_PASSWORD webmaster2slt MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota and for the hell of it, restart all related services: Code: /etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop restart /etc/init.d/courier-pop-ssl restart the cool thing about the how-to's on this site, is that when you follow them EXACTLY .. in every letter, it'll always work. If you skip / slack on one part .. you're asking for problems (UNLESS you really know what you're doing ;-))
Point taken. Thanks It is a great learning curve for me. I've re-done authmysqlrc (no ctrl+v this time ) and can now successfully login into both [email protected] and [email protected] (made this account for testing). But... I can't send or receive emails on any of the accounts! The only emails present in the mailbox were ones crated using mailx during testing. Now when I send new mail it doesn't reach its recipient ( even when using mailx ). The /home/vmail/serwer2slt.lan/webm2slt/new directory is empty. I've found however a file in /var/mail/ called webm2slt: Code: From MAILER-DAEMON Thu Jul 30 13:14:07 2009 Return-Path: <> X-Original-To: [email protected] Delivered-To: [email protected] Received: by serwer2slt.lan (Postfix) id DDCE829691F; Thu, 30 Jul 2009 13:14:07 +0200 (CEST) Date: Thu, 30 Jul 2009 13:14:07 +0200 (CEST) From: [email protected] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: [email protected] Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="C9231296917.1248952447/serwer2slt.lan" Content-Transfer-Encoding: 8bit Message-Id: <[email protected]> This is a MIME-encapsulated message. --C9231296917.1248952447/serwer2slt.lan Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host serwer2slt.lan. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <[email protected]>: Host or domain name not found. Name service error for name=aerwer2slt.lan type=A: Host not found --C9231296917.1248952447/serwer2slt.lan Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; serwer2slt.lan X-Postfix-Queue-ID: C9231296917 X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Thu, 30 Jul 2009 13:14:06 +0200 (CEST) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.4.4 Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=aerwer2slt.lan type=A: Host not found --C9231296917.1248952447/serwer2slt.lan Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from serwer2slt (localhost.localdomain [127.0.0.1]) by serwer2slt.lan (Postfix) with ESMTP id C9231296917 for <[email protected]>; Thu, 30 Jul 2009 13:14:06 +0200 (CEST) Received: from 192.168.5.200 (SquirrelMail authenticated user [email protected]) by serwer2slt with HTTP; Thu, 30 Jul 2009 13:14:06 +0200 (CEST) Message-ID: <fda2e61d0d1f2ce1d33082feff59656d.squirrel@serwer2slt> Date: Thu, 30 Jul 2009 13:14:06 +0200 (CEST) Subject: test1 From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal chyba nie ma polskich liter ąćżśźęńłó --C9231296917.1248952447/serwer2slt.lan-- From MAILER-DAEMON Thu Jul 30 13:14:51 2009 Return-Path: <> X-Original-To: [email protected] Delivered-To: [email protected] Received: by serwer2slt.lan (Postfix) id AABC0296920; Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Date: Thu, 30 Jul 2009 13:14:51 +0200 (CEST) From: [email protected] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: [email protected] Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9C64F29691A.1248952491/serwer2slt.lan" Content-Transfer-Encoding: 8bit Message-Id: <[email protected]> This is a MIME-encapsulated message. --9C64F29691A.1248952491/serwer2slt.lan Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host serwer2slt.lan. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <[email protected]>: unknown user: "admin" --9C64F29691A.1248952491/serwer2slt.lan Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; serwer2slt.lan X-Postfix-Queue-ID: 9C64F29691A X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.1.1 Diagnostic-Code: X-Postfix; unknown user: "admin" --9C64F29691A.1248952491/serwer2slt.lan Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from serwer2slt (localhost.localdomain [127.0.0.1]) by serwer2slt.lan (Postfix) with ESMTP id 9C64F29691A for <[email protected]>; Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Received: from 192.168.5.200 (SquirrelMail authenticated user [email protected]) by serwer2slt with HTTP; Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Message-ID: <ca5207327aa40eaa5127ec22542943f6.squirrel@serwer2slt> Date: Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Subject: test1 From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Nie ma polskich liter? ążśćźęńłó --9C64F29691A.1248952491/serwer2slt.lan-- From [email protected] Thu Jul 30 13:16:10 2009 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from serwer2slt (localhost.localdomain [127.0.0.1]) by serwer2slt.lan (Postfix) with ESMTP id C9CBD296920 for <[email protected]>; Thu, 30 Jul 2009 13:16:10 +0200 (CEST) Received: from 192.168.5.200 (SquirrelMail authenticated user [email protected]) by serwer2slt with HTTP; Thu, 30 Jul 2009 13:16:10 +0200 (CEST) Message-ID: <9f4a2065626110f451c59289fe1ea383.squirrel@serwer2slt> Date: Thu, 30 Jul 2009 13:16:10 +0200 (CEST) Subject: test4 From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal chyba coś nie działa? From [email protected] Thu Jul 30 13:25:40 2009 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from serwer2slt (localhost.localdomain [127.0.0.1]) by serwer2slt.lan (Postfix) with ESMTP id 7ADED296920 for <[email protected]>; Thu, 30 Jul 2009 13:25:40 +0200 (CEST) Received: from 192.168.5.200 (SquirrelMail authenticated user [email protected]) by serwer2slt with HTTP; Thu, 30 Jul 2009 13:25:40 +0200 (CEST) Message-ID: <918d3248f64c4838401dd5e51c7818ac.squirrel@serwer2slt> Date: Thu, 30 Jul 2009 13:25:40 +0200 (CEST) Subject: test5 From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal chyba nie dochopdzi From [email protected] Thu Jul 30 13:32:56 2009 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by serwer2slt.lan (Postfix, from userid 0) id 65697296921; Thu, 30 Jul 2009 13:32:56 +0200 (CEST) To: [email protected] Subject: test6 Message-Id: <[email protected]> Date: Thu, 30 Jul 2009 13:32:56 +0200 (CEST) From: [email protected] (root) jakaĹ› tam treść From [email protected] Thu Jul 30 13:41:28 2009 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by serwer2slt.lan (Postfix, from userid 0) id CB504296921; Thu, 30 Jul 2009 13:41:28 +0200 (CEST) To: [email protected] Subject: tetst test Message-Id: <[email protected]> Date: Thu, 30 Jul 2009 13:41:28 +0200 (CEST) From: [email protected] (root) moĹźe to w koĹ„cu zacznie dzialać?! I've also found this in my mail.log: Code: Jul 30 13:41:28 serwer2slt postfix/trivial-rewrite[3861]: warning: do not list domain serwer2slt.lan in BOTH mydestination and virtual_mailbox_domains but in main.cf i have this: Code: [...] mydestination = serwer2slt.lan, localhost, localhost.localdomain [...] virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf [...] so I guess it is all right. I know it is a pain but what might be wrong? Are there any steps I have to take in order to re-do this HowTo (ie. anything I should remove/uninstall first)? BIG Thanks for putting up with me.
Code: <admin@[U][B]a[/B][/U]erwer2slt.lan>: Host or domain name not found. Name service error for name=[U][B]a[/B][/U]erwer2slt.lan type=A: Host not found stop making typo's
I've noticed that typo and sent email to the right user straight after that. Same result. Code: Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; serwer2slt.lan X-Postfix-Queue-ID: 9C64F29691A X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Thu, 30 Jul 2009 13:14:51 +0200 (CEST) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.1.1 Diagnostic-Code: X-Postfix; unknown user: "admin" What do you think aboaut the last line?
pretty clear eh Diagnostic-Code: X-Postfix; unknown user: "admin" there is no user "admin" or an alias "admin" that points to an existing user
Well yes but why is Postfix looking for 'admin' instead of '[email protected]'? This is getting way over my head! Think I will start it all over on monday. Anything I should do (uninstall/remove) before so that I don't mix up old (failed!) setup with the new one?
