Posted incourier dovecot mysql

Change Password Using courierpassd on dovecot mysql

No CommentsPosted incourier, dovecot, mysql

When you have webmail separated from your pop3/imap4 server things can be complicated if you don’t have direct access to mysql server over the network. using poppassd will not solving the problem if you’re using mysql, pgsql or ldap backend for storing user information. because (AFAIK) it only can access/change user/password on passwd/shadow file.

using courierpassd allows us to access or modify pop3/imap4 user information store in mysql, pgsl or ldap backend. one caveat, courierpassd using courier-authlib API in order to be able accessing those database backend. we have to install or build from source. courierpassd use the same protocol as poppassd does.

i’m using centos and this is how i do it.

first using non priviledged user cccount, create rpm build environment.

$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
$ echo '%_topdir %(echo $HOME)/rpmbuild' >> ~/.rpmmacros

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386

echo '%_topdir $HOME/rpm' >> $HOME/.rpmmacros

download courier-authlib and courierpassd source

wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.60.2.tar.bz2
wget http://www.arda.homeunix.net/?ddownload=375 -O courierpassd.1.1.2.tar.gz

compile and install courier-authlib

$rpmbuild -ta courier-authlib-0.60.2.tar.bz2
$sudo rpm -ivh /home/youruser/rpm/RPMS/x86_64/courier-authlib-0.66.4-1.el6.x86_64.rpm
$sudo rpm -ivh /home/youruser/rpm/RPMS/x86_64/courier-authlib-devel-0.66.4-1.el6.x86_64.rpm
$sudo rpm -ivh /home/youruser/rpm/RPMS/x86_64/courier-authlib-mysql-0.66.4-1.el6.x86_64.rpm

extract courierpassd, compile and install

#tar xzf courierpassd.1.1.2.tar.gz
#cd courierpassd-1.1.2
#./configure
#make
#make install

you want be able to access this courierpassd from other server on the network. people using xinet.d usually.

#vi /etc/xinetd.d/courierpassd
service courierpassd
{
       disable          = no
       socket_type      = stream
       protocol         = tcp
       port             = 106
       wait             = no
       user             = root
       server           = /usr/sbin/courierpassd
       instances        = 10
       only_from        = 192.168.0.101 127.0.0.1
}

now, this is the most important thing!. if you’re not modify this services file couerirpassd will not run through xinet.d.

#vi /etc/services
change port 106 to courierpassd

courierpassd    106/tcp                         # Eudora
courierpassd    106/udp                         # Eudora

restart xinet.d daemon

#service xinetd restart

this is not over yet, you want courierpassd be able to talk to database backend using courier-authlib API.

edit authdaemonrc file

#vi /etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authsqlite authcustom authpip"
daemons=5
authdaemonvar=/var/spool/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""

edit authmysqlrc, or pgsql/ldap if you’re using those backend

#vi /etc/authlib/authmysqlrc
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          password
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
DEFAULT_DOMAIN          example.com
MYSQL_UID_FIELD         '101'
MYSQL_GID_FIELD         '12'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/data/vmail'
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD  	maildir
MYSQL_QUOTA_FIELD     	quota

start courier-authlib daemon

service start courier-authlib

now time to test, telnet your courierpassd daemon from another server, in my case i’ve allowing access from 192.168.0.101 in xinet.d.

# telnet 192.168.0.2 106
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
200 courierpassd v1.1.2 hello, who are you?
user test@example.com
200 Your password please.
pass oldpassword
200 Your new password please.
newpass newpassword
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.

that’s it 🙂

i forgot to mention how to configure change_pass plugin in squirrelmail

edit config.php in change_pass directory

<?php
    // The default server is the configured IMAP server
    $poppass_server = '192.168.0.2';

    // The default port is 106
    $poppass_port = 106;

    $min_pass_length = 0;
    $max_pass_length = 9999999;

now you can change your mail password all days if you want 😀

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *