openQmail

A modern mail transfer agent suite around eQmail

User Tools

Site Tools


Modules


qmail-chkpw

Discontinued! The courier-authlib provides a much better and more flexible interface!

qmail-chkpw is a checkpassword compliant tool to do SMTP authentication against its own password file. It can do AUTH PLAIN, AUTH LOGIN and AUTH CRAM-MD5.

Version: qmail-chkpw-0.4
Released: 26th April 2016
Download: qmail-chkpw-latest         
Checksum: sha256sum

qmail-chkpw will be discussed on the openqmail mailing list.

Install

This describes how to install  qmail-chkpw  as a separate package. If you did install it together with openQmail move on to the Configuration.

Download the sources and extract it. Change into the source folder and check the files  conf-qmail  and  conf-man . Then simply run:

make install

Thats it. If eQmail or derivatives are installed in  /var/qmail  there should be now  /var/qmail/bin/qmail-chkpw  and the password file  /var/qmail/users/smtpauth . By default both files are owned by qmaild.qmail and  qmail-chkpw  is executable by this owner.

Configuration

During the installation an empty password file  users/smtpauth  will be created if it doesn't exists. It looks like:

# This file is used by qmail-chkpw
#
# Format of this file is one user:pass per line (without empty lines)
# Like so...
# j0edogger:sm311yf33t
# j1mdogger:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/

Important!   Lines beginning with  #  are comments and will be ignored. Empty lines are not allowed. A line MUST NOT start with a white space.

Add  qmail-chkpw  as an argument to  qmail-smtpd  or use it with qmail-pwrap (recommended).

Usage

The standard behavior of  qmail-chkpw  is to check passwords. Additional it supports two options to encrypt passwords. The encrypted password will be printed to  stderr .

        -e        prompt for password input on the command line and encrypt it.
        -r        read a password from  stdin  and encrypt it.

Use  qmail-chkpw -e  to manual encrypt a password on the command line:

$ qmail-chkpw -e
$    New password:  <put "testpass" here and hit enter>
$ Repeat password:  <repeat "testpass" and hit enter>
$ $6$QkB7Kb3G$pyYT/beGjy1u9BFGX70Py3qZnVfuGWB5zE9C4FKrus9atP.jZzj9meyA1xh1jsBJnES0P/TcapPKu/16/8CxS.

To automate the encryption of passwords there can be done something like this:

$ qmail-chkpw -e 2>tmpfile

The encrypted password will be written to  tmpfile  and can be used for further processing. Or in case the password was inserted and checked by an external tool:

$ echo -n "password" | qmail-chkpw -r 2>tmpfile

This could be an example only. There multiple ways to handle the pipe. It is the users responsibility to complete such automation.

Adding the user “foo” for AUTH LOGIN and the user “bar” for AUTH CRAM-MD5 the file  smtpauth  will have the following entries:

# This file is used by qmail-chkpw
#
# Format of this file is one user:pass per line (without empty lines)
#
foo:$6$ZkiGKjCK$VDvQqJ04j8DwZIoK.C0lbj/QRgpjsM8En4P4x8mTPgYWfnR0CVOrCE7XOvqPeEmXe38LSk/wloZa0Y407L5Ve/
bar:pass

Important!  The first matching username will be used. Thus a username can have either an encrypted password or not.

Last modified: 2018/09/21 06:03

Page Tools