Discontinued! The courier-authlib provides a much better and more flexible interface!
qmail-chkpw is a checkpassword compliant tool to do SMTP authentication against its own password file. It can do AUTH PLAIN, AUTH LOGIN and AUTH CRAM-MD5.
Version: | qmail-chkpw-0.4 | ||
---|---|---|---|
Released: | 26th April 2016 | ||
Download: | qmail-chkpw-latest          | ||
Checksum: | sha256sum |
qmail-chkpw will be discussed on the openqmail mailing list.
This describes how to install  qmail-chkpw 
as a separate package. If you did install it together with openQmail move on to the Configuration.
Download the sources and extract it. Change into the source folder and check the files  conf-qmail 
and  conf-man 
. Then simply run:
make install
Thats it. If eQmail or derivatives are installed in  /var/qmail 
there should be now  /var/qmail/bin/qmail-chkpw 
and the password file  /var/qmail/users/smtpauth 
. By default both files are owned by qmaild.qmail and  qmail-chkpw 
is executable by this owner.
During the installation an empty password file  users/smtpauth 
will be created if it doesn't exists. It looks like:
# This file is used by qmail-chkpw # # Format of this file is one user:pass per line (without empty lines) # Like so... # j0edogger:sm311yf33t # j1mdogger:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/
Important!   Lines beginning with  # 
are comments and will be ignored. Empty lines are not allowed. A line MUST NOT start with a white space.
Add  qmail-chkpw 
as an argument to  qmail-smtpd 
or use it with qmail-pwrap (recommended).
The standard behavior of  qmail-chkpw 
is to check passwords. Additional it supports two options to encrypt passwords. The encrypted password will be printed to  stderr 
.
        -e        prompt for password input on the command line and encrypt it.
        -r        read a password from  stdin 
and encrypt it.
Use  qmail-chkpw -e 
to manual encrypt a password on the command line:
$ qmail-chkpw -e $ New password: <put "testpass" here and hit enter> $ Repeat password: <repeat "testpass" and hit enter> $ $6$QkB7Kb3G$pyYT/beGjy1u9BFGX70Py3qZnVfuGWB5zE9C4FKrus9atP.jZzj9meyA1xh1jsBJnES0P/TcapPKu/16/8CxS.
To automate the encryption of passwords there can be done something like this:
$ qmail-chkpw -e 2>tmpfile
The encrypted password will be written to  tmpfile 
and can be used for further processing. Or in case the password was inserted and checked by an external tool:
$ echo -n "password" | qmail-chkpw -r 2>tmpfile
This could be an example only. There multiple ways to handle the pipe. It is the users responsibility to complete such automation.
Adding the user “foo” for AUTH LOGIN and the user “bar” for AUTH CRAM-MD5 the file  smtpauth 
will have the following entries:
# This file is used by qmail-chkpw # # Format of this file is one user:pass per line (without empty lines) # foo:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/ bar:pass
Important!  The first matching username will be used. Thus a username can have either an encrypted password or not.