per user SMTP credentials

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

per user SMTP credentials

Hendrik Haddorp
Hi,
using the SquirrelMail configuration script I can set SMTP credentials
(smtp_sitewide_user / smtp_sitewide_pass). But how do I set those per
user? I assumed one could specify that in the user preferences but the
web interface doesn't seem to support that nor could I find anything
about that in the docs.

regards,
Hendrik

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Paul Lesniewski
On Sun, Dec 2, 2012 at 4:32 AM, Hendrik Haddorp <[hidden email]> wrote:
> Hi,
> using the SquirrelMail configuration script I can set SMTP credentials
> (smtp_sitewide_user / smtp_sitewide_pass). But how do I set those per
> user? I assumed one could specify that in the user preferences but the
> web interface doesn't seem to support that nor could I find anything
> about that in the docs.

You can configure it to use the same credentials that the user logged
in with.  If you need to set up arbitrary SMTP (or IMAP) server logins
on a per-user basis, this is only possible currently using a
proprietary plugin provided by myself.

Cheers,

Paul

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Nikolaos Milas
On 3/12/2012 9:56 πμ, Paul Lesniewski wrote:

> You can configure it to use the same credentials that the user logged
> in with.

I have tried to do so, by using:

    $smtpServerAddress = 'localhost';
    $smtpPort = 587;
    $smtp_auth_mech = 'plain';
    $smtp_sitewide_user = '';
    $smtp_sitewide_pass = '';
    $sendmail_path = '/usr/sbin/sendmail';
    $sendmail_args = '-i -t';
    $pop_before_smtp = false;
    $pop_before_smtp_host = '';

but I see no indication that SM is using SMTP Auth when sending an
email. Here is an example from a message sent (Postfix log) [A message
from [hidden email] to [hidden email], with bcc to
[hidden email]]:

Dec 3 12:09:30 mail squirrelmail: Successful webmail login: by ldapuser
(example.com) at 195.251.xxx.xxx on 12/03/2012 12:09:30:
Dec 3 12:09:53 mail postfix/pickup[20153]: CA00C6D6770: uid=48
from=<[hidden email]>
Dec 3 12:09:53 mail postfix/cleanup[9685]: CA00C6D6770:
message-id=<[hidden email]>
Dec 3 12:09:53 mail opendkim[2243]: CA00C6D6770: DKIM-Signature header
added (s=default, d=example.com)
Dec 3 12:09:53 mail postfix/qmgr[2506]: CA00C6D6770:
from=<[hidden email]>, size=838, nrcpt=2 (queue active)
Dec 3 12:09:54 mail postfix/pipe[17222]: CA00C6D6770:
to=<[hidden email]>, relay=dovecot, delay=0.45,
delays=0.25/0.005/0/0.2, dsn=2.0.0, status=sent (delivered via dovecot
service)
Dec 3 12:09:54 mail squirrelmail: Message sent via webmail: by ldapuser
(example.com) at 195.251.xxx.xxx on 12/03/2012 12:09:54: Message-ID:
[hidden email]
Dec 3 12:09:56 mail postfix/smtp[22535]: CA00C6D6770:
to=<[hidden email]>, relay=example.net[184.154.xxx.xxx]:25, delay=3.2,
delays=0.25/0.018/1.8/1.2, dsn=2.0.0, status=sent (250 OK
id=1TfSyK-003yhK-HF)
Dec 3 12:09:56 mail postfix/qmgr[2506]: CA00C6D6770: removed
Dec 3 12:09:59 mail squirrelmail: Webmail logout: by ldapuser
(example.com) at 195.251.xxx.xxx on 12/03/2012 12:09:59:

Should we change something more to make sure SM is sending each mail
using SMTP Auth?

Regards,
Nick


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Tomas Kuliavas
Nikolaos Milas wrote
On 3/12/2012 9:56 πμ, Paul Lesniewski wrote:

> You can configure it to use the same credentials that the user logged
> in with.

I have tried to do so, by using:

....
but I see no indication that SM is using SMTP Auth when sending an
email. Here is an example from a message sent (Postfix log) [A message
from [hidden email] to [hidden email], with bcc to
[hidden email]]:
Could you show output of SquirrelMail conf.pl in "2. server settings" section. Your log snippet is either not full or you are not using SMTP for email delivery. I suspect that UID=48 is your webserver user id and you are using sendmail exec delivery instead of SMTP.

Please don't post squirrelmail logger records to avoid log spam. Authentication is logged by postfix and not by SquirrelMail.

You should be looking for

Dec  3 19:51:18 example postfix/smtpd[17104]: 1B39E11806F: client=example[127.0.0.1], sasl_method=PLAIN, sasl_username=user@example.org

in your mail logs.
--
Tomas
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Paul Lesniewski
In reply to this post by Nikolaos Milas
On Mon, Dec 3, 2012 at 2:22 AM, Nikolaos Milas <[hidden email]> wrote:

> On 3/12/2012 9:56 πμ, Paul Lesniewski wrote:
>
>> You can configure it to use the same credentials that the user logged
>> in with.
>
> I have tried to do so, by using:
>
>     $smtpServerAddress = 'localhost';
>     $smtpPort = 587;
>     $smtp_auth_mech = 'plain';
>     $smtp_sitewide_user = '';
>     $smtp_sitewide_pass = '';
>     $sendmail_path = '/usr/sbin/sendmail';
>     $sendmail_args = '-i -t';
>     $pop_before_smtp = false;
>     $pop_before_smtp_host = '';
>
> Dec 3 12:09:53 mail postfix/pickup[20153]: CA00C6D6770: uid=48
> from=<[hidden email]>

This indicates you have $useSendmail set to true.  If you want to send
using SMTP, you need to turn that off.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Hendrik Haddorp
In reply to this post by Hendrik Haddorp
Hi,
I found an alternative solution. I did setup postfix on the server as
described here:
http://www.cyberciti.biz/faq/postfix-multiple-isp-accounts-smarthost-smtp-client/
This allows to configure a SMTP server and credentials per user. So far
I have only tested it with one user though. It works nice except two
things: It's a bit complicated to update passwords and a user should be
able to send a mail as a different user if he changes the sender mail
address to that of another user. I assume that is fixable with postfix
as well. If so I'm quite happy with that setup.
What plugin is that that allows to configure servers per user? I did not
find anything like that on the SquirrelMail website.

regards,
Hendrik

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Nikolaos Milas
In reply to this post by Paul Lesniewski
On 3/12/2012 10:40 μμ, Paul Lesniewski wrote:

> This indicates you have $useSendmail set to true.  If you want to send
> using SMTP, you need to turn that off.

Thanks, you were right; I turned $useSendmail to false and now it does
use SMTP (Port 587 = "submission" - as configured). However, I can't
make it work with SASL-Auth.

Here is a session (again a message from [hidden email] to
[hidden email], with bcc to [hidden email]]):

Dec  4 11:46:44 mail squirrelmail: Successful webmail login: by ldapuser
(example.com) at 195.251.xxx.xxx on 12/04/2012 11:46:44:
Dec  4 11:46:54 mail postfix/submission/smtpd[10434]: connect from
mail.example.com[127.0.0.1]
Dec  4 11:46:54 mail postfix/submission/smtpd[10434]: 47B036D6770:
client=mail.example.com[127.0.0.1]
Dec  4 11:46:54 mail postfix/cleanup[8715]: 47B036D6770:
message-id=<[hidden email]>
Dec  4 11:46:54 mail opendkim[2243]: 47B036D6770: DKIM-Signature header
added (s=default, d=example.com)
Dec  4 11:46:54 mail postfix/qmgr[2506]: 47B036D6770:
from=<[hidden email]>, size=884, nrcpt=2 (queue active)
Dec  4 11:46:54 mail postfix/submission/smtpd[10434]: disconnect from
mail.example.com[127.0.0.1]
Dec  4 11:46:54 mail postfix/pipe[8718]: 47B036D6770:
to=<[hidden email]>, relay=dovecot, delay=0.34,
delays=0.15/0.022/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot
service)
Dec  4 11:46:54 mail squirrelmail: Message sent via webmail: by ldapuser
(example.com) at 195.251.xxx.xxx on 12/04/2012 11:46:54: Message-ID:
[hidden email]
Dec  4 11:46:56 mail postfix/smtp[10051]: 47B036D6770:
to=<[hidden email]>, relay=example.net[184.154.xxx.xxx]:25, delay=2,
delays=0.15/0.046/0.87/0.93, dsn=2.0.0, status=sent (250 OK
id=1Tfp5b-002prC-Ik)
Dec  4 11:46:56 mail postfix/qmgr[2506]: 47B036D6770: removed

(true usernames/servernames have been modified consistently)

Running the SM configuration script shows:

    SMTP Settings
    -------------
    4.   SMTP Server           : localhost
    5.   SMTP Port             : 587
    6.   POP before SMTP       : false
    7.   SMTP Authentication   : plain (with IMAP username and password)
    8.   Secure SMTP (TLS)     : false
    9.   Header encryption key :

Obviously normal password authentication did not succeed so SMTP auth
fell back to anonymous. I tried with TLS enabled, but this caused an
error: "The server responded: 0 Can't open SMTP stream." (I also tried
with SMTP Auth method: login, but it failed with an error.)

Note: In our setup the use of SMTP auth forces the use of TLS too.

Note that when I try to change options, SM does not recognize the
availability of SASL Auth:

    Trying to detect supported methods (SMTP)...
    Testing none:           SUPPORTED
    Testing login:          NOT SUPPORTED
    Testing plain:          NOT SUPPORTED
    Testing CRAM-MD5:       NOT SUPPORTED
    Testing DIGEST-MD5:     NOT SUPPORTED

When testing an smtp connection locally, AUTH options are not displayed,
probably because TLS must be enabled first.

    # telnet localhost 587
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 vmail.noa.gr ESMTP Postfix
    ehlo localhost
    250-mail.example.com
    250-PIPELINING
    250-SIZE 41943040
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.

Current settings in config.php (this works, but without SASL Auth, as
mentioned earlier):

    $no_list_for_subscribe = false;
    $smtp_auth_mech = 'plain';
    $imap_auth_mech = 'login';
    $smtp_sitewide_user = '';
    $smtp_sitewide_pass = '';
    $use_imap_tls = false;
    $use_smtp_tls = false;
    $session_name = 'SQMSESSID';
    $only_secure_cookies = true;
    $disable_security_tokens = false;
    $check_referrer = '';

I know that the server offers SASL-Auth (over TLS) as we are using it
extensively.

Any suggestions?

Thanks,
Nick

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Nikolaos Milas
On 4/12/2012 12:36 μμ, Nikolaos Milas wrote:

> I turned $useSendmail to false and now it does
> use SMTP (Port 587 = "submission" - as configured). However, I can't
> make it work with SASL-Auth.
>
> ...
>
> Any suggestions?

Not any ideas yet?

Thanks,
Nick

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: per user SMTP credentials

Tomas Kuliavas
Nikolaos Milas wrote
On 4/12/2012 12:36 μμ, Nikolaos Milas wrote:

> I turned $useSendmail to false and now it does
> use SMTP (Port 587 = "submission" - as configured). However, I can't
> make it work with SASL-Auth.
>
> ...
>
> Any suggestions?

Not any ideas yet?
If your setup does not allow MSA without starttls, enable SSMTP service in postfix and use 465 port and TLS enabled options in SquirrelMail.

SquirrelMail supports starttls only in 1.5-dev and requires PHP 5.1+ for that.

Please note that encryption is useless on localhost. If crackers can see loopback interface traffic, they already own the box.

--
Tomas