Skip to content

Exim dovecot и cram-md5

Задача: - шифровать пароль в mysql базе exim FreeBSD 10. Вcе компоненты установлены из портов без ручных патчей.

Exim 4.84

/usr/local/etc/exim/auth.conf

begin authenticators

dovecot_cram_md5:
driver = dovecot
public_name = CRAM-MD5
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1

dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1

dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1

Dovecot

/usr/local/etc/dovecot/conf.d/10-auth.conf

auth_mechanisms = plain login cram-md5

/usr/local/etc/dovecot/conf.d/auth-sql.conf.ext

passdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

userdb {
  driver = sql
  args = /usr/local/etc/dovecot/dovecot-sql.conf
}

/usr/local/etc/dovecot/dovecot-sql.conf

driver=mysql

connect = host=localhost dbname=exim user=exim password=mypassword

default_pass_scheme = CRAM-MD5

password_query = SELECT `username` as `user`, `password`, \
    FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'

user_query = SELECT `maildir` AS `home`, 26 AS `uid`, 26 AS `gid`, \
    concat('*:bytes=', quota) AS quota_rule \
    FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'

ВАЖНО: Дать права (rw) пользователю, под которым запускается exim на файл /var/run/dovecot/auth-client. В нашем случае mailnull. Шаг 1:

pw goupmod mail -m mailnull

Шаг 2: /usr/local/etc/dovecot/conf.d/10-master.conf

service auth {
  unix_listener auth-client {
    mode = 0660
    user = dovecot
    group = mail
  }
}

Шаг 3: Рестарт dovecot

Postfixadmin

$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['authlib_default_flavor'] = 'md5raw';
$CONF['dovecotpw'] = "/usr/local/bin/doveadm pw";

RoundCube, plugin Password

$rcmail_config['password_query'] = "UPDATE mailbox SET password='%D' WHERE username='%u';";
$rcmail_config['password_dovecotpw'] = '/usr/local/bin/doveadm';
$rcmail_config['password_dovecotpw_method'] = 'CRAM-MD5';
$config['password_dovecotpw_with_method'] = false;

Немного правим код под Dovecot 2.2. в файле: /usr/local/www/roundcube/plugins/password/drivers/sql.php

     //$pipe = popen("'$dovecotpw'-s '$method' > '$tmpfile'", "w");
      $pipe = popen("'$dovecotpw' pw -s '$method' > '$tmpfile'", "w");

Generate hash CRAM-MD5 for password

doveadm pw -s CRAM-MD5 -p [password]
{CRAM-MD5}385d79ed52203f53584c7c9e4fcbc34d4ec66e7b0bd8f2dfbb3de41509f822fc

Добавлено для Debian 8.6, RoundCube v1.2.2

2016.11.15 /var/www/roundcube/plugins/password/config.inc.php

#
$config['password_db_dsn'] = 'mysql://exim:password@localhost/exim';
# 
$config['password_query'] = 'UPDATE mailbox SET password=%D WHERE username=%u;';
#
$config['password_dovecotpw'] = '/usr/bin/doveadm pw';
#
$config['password_dovecotpw_method'] = 'CRAM-MD5';