All posts by tomasz

ISPConfig with added smtp PAM authentication

I’m using ISPConfig on one of my servers. It’s not the best option availabe on the market, but it’s free, fast, and works on Debian 3.1 out of the box. Which is important as I’m the debian advocate when it comes to choosing distro for server. There are only some minor things which bugs me. One of them is the fact, that the system don’t allow users to log in to their IMAP/POP3 accounts with full email address as a login name. That way becomes more and more popular and many clients were asking “why do I have to remember additional login to check my email”. That is a good question when you keep in mind that bundled webmail client allows to log in using full address.

I solved this problem some time ago. Today while doing small system conversion I run on a problem with a need to authenticate smtp senders. The thing is that I had virtual users (in the db) which were unseen from the system level. Yes I know – there is a lot of helps on the Internet with that little small problem – non of them worked as should (read: didn’t work at all in my configuration). Solution – as always – turned to be compilation from 5-6 different pieces taken out from support lists, faq and documentation.

Below little help (mainly for me in case I need it in the future):

/etc/postfix/sasl/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login

/etc/pam.d/smtp:

auth sufficient pam_mysql.so user=xxxx passwd=xxxx host=localhost db=database table=table usercolumn=user passwdcolumn=pass crypt=1

auth sufficient pam_unix_auth.so

account sufficient pam_mysql.so user=xxxx passwd=xxxx host=localhost db=database table=table usercolumn=user passwdcolumn=pass crypt=1

account sufficient pam_unix_acct.so

Some additional information:

  1. line 2 and 4 are backup authentication source for shadow – in case we want to auth real system users
  2. crypt can take:
    0 – plain text
    1 – crypt()’ed passwords
    2 – md5’ed passwords