Hi. I'm rather new to OpenBSD, but I've hit a wall while doing a 'dry-run' to work out the bugs (and get familiar with OpenBSD) and build a new mail server on OpenBSD with Postfix, MySQL/MariaDB, and Courier-authlib. Any assistance would be greatly appreciated.
I've been following this tutorial, and while dated, I've found it closely matches the features I want in a mail server: http://www.kernel-panic.it/openbsd/mail/ This is OpenBSD 5.8 on i386 in a VMware partition. In short, I can't seem to authenticate through Courier-authlib. The messages I get consistently are: Jan 2 19:31:18 mail pop3d-ssl: LOGIN FAILED, user=open...@hottub.ca, ip=[::ffff:10.0.1.162] Jan 2 19:31:18 mail pop3d-ssl: authentication error: Input/output error Jan 2 19:31:18 mail authdaemond: stopping authdaemond children Jan 2 19:31:18 mail authdaemond: restarting authdaemond children Jan 2 19:31:18 mail authdaemond: modules="authmysql", daemons=10 Jan 2 19:31:18 mail authdaemond: Uninstalling authmysql Jan 2 19:31:18 mail authdaemond: Installing libauthmysql Jan 2 19:31:18 mail authdaemond: Installation complete: authmysql My best guess is that authdaemond can't connect to MySQL/MariaDB, despite the fact that I've triple-checked the configuration files, tested the connectivity from the command line, etc. I found one article that documented similar output, but I'm not advanced enough to recompile the entire build tree (it ran for an hour, errored out, and didn't want to head down that bottomless hole). My second guess relates to the fact that I'm storing the passwords as MD5 hashes in the database table, but that it's expecting something else. Here's the article: https://serverfault.com/questions/638245/courier-imap-pop3d-auth-over-mysql So, I'm going to try and add as much detail as I can think of: Here are the running processes: # Courier root 8986 0.0 0.1 252 716 ?? I 3:56PM 0:00.00 /usr/local/sbin/courierlogger -pid=/var/run/courier/pop3d.pid -start -name=pop3d /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 27307 0.0 0.1 348 1140 ?? I 3:56PM 0:00.01 /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 23006 0.0 0.3 428 2784 ?? I 6:06PM 0:00.54 /usr/local/libexec/courier-authlib/authdaemond root 31281 0.0 0.1 384 868 ?? I 6:06PM 0:00.01 /usr/local/sbin/courierlogger -pid=/var/run/courier-auth/pid -start /usr/local/libexec/courier-authlib/authdaemond root 14519 0.0 0.1 388 860 ?? I 6:06PM 0:00.01 /usr/local/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/local/bin/couriertls -server -tcpd /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 18844 0.0 0.1 336 1160 ?? I 6:06PM 0:00.03 /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/local/bin/couriertls -server -tcpd /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 10725 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 27621 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 5037 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 1429 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 21358 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 25048 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 26293 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 24357 0.0 0.0 428 324 ?? I 7:37PM 0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 3976 0.0 0.0 428 324 ?? I 7:37PM 0:00.00 /usr/local/libexec/courier-authlib/authdaemond root 32228 0.0 0.0 428 324 ?? I 7:37PM 0:00.00 /usr/local/libexec/courier-authlib/authdaemond #MySQL/MariaDB root 2410 0.0 0.1 688 728 00- I 3:44PM 0:00.04 /bin/sh /usr/local/bin/mysqld_safe _mysql 24080 0.0 4.6 326968 48612 00- I 3:44PM 0:03.94 /usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/mysql --plugin-dir=/usr/local/lib/mysql/plugin --user=_mysql --log-error=/var/mysql/mail.hottub.ca.err --pid-file=mail.hottub.ca.pid --socket=/var/run/mysql/mysql.sock --port=3306 #Postfix root 30588 0.0 0.2 744 2128 ?? Is 3:44PM 0:00.15 /usr/local/libexec/postfix/master -w There are the relevant courier config files I'm using Pop3 for it's lower overhead, and simpler protocol, which I can debug by hand with 'openssl s_client <host> <port> etc. etc.'. # grep -v \# authdaemonrc authmysqlrc pop3d-ssl pop3d.cnf authdaemonrc:authmodulelist="authmysql" authdaemonrc:authmodulelistorig="authuserdb authpwd authpgsql authldap authmysql authsqlite authpipe" authdaemonrc:daemons=10 authdaemonrc:authdaemonvar=/var/run/courier-auth authdaemonrc:DEBUG_LOGIN=3 authdaemonrc:DEFAULTOPTIONS="" authdaemonrc:LOGGEROPTS="" authmysqlrc:MYSQL_SERVER localhost authmysqlrc:MYSQL_USERNAME vmail authmysqlrc:MYSQL_PASSWORD password authmysqlrc:MYSQL_PORT 3306 authmysqlrc:MYSQL_OPT 0 authmysqlrc:MYSQL_DATABASE mail authmysqlrc:MYSQL_USER_TABLE users authmysqlrc:MYSQL_CRYPT_PWFIELD password authmysqlrc:DEFAULT_DOMAIN 127.0.0.1 authmysqlrc:MYSQL_UID_FIELD uid authmysqlrc:MYSQL_GID_FIELD gid authmysqlrc:MYSQL_LOGIN_FIELD login authmysqlrc:MYSQL_HOME_FIELD home authmysqlrc:MYSQL_NAME_FIELD name authmysqlrc:MYSQL_MAILDIR_FIELD maildir authmysqlrc:MYSQL_QUOTA_FIELD quota pop3d-ssl:SSLPORT=995 pop3d-ssl:SSLADDRESS=0 pop3d-ssl:SSLPIDFILE=/var/run/courier/pop3d-ssl.pid pop3d-ssl:SSLLOGGEROPTS="-name=pop3d-ssl" pop3d-ssl:POP3DSSLSTART=YES pop3d-ssl:POP3_STARTTLS=YES pop3d-ssl:POP3_TLS_REQUIRED=1 pop3d-ssl:COURIERTLS=/usr/local/bin/couriertls pop3d-ssl:TLS_CERTFILE=/etc/ssl/pop3d.pem pop3d-ssl:TLS_DHPARAMS=/etc/ssl/dhparams.pem pop3d-ssl:TLS_TRUSTCERTS=/etc/ssl/cert.pem pop3d-ssl:TLS_VERIFYPEER=NONE pop3d-ssl:MAILDIRPATH=Maildir pop3d.cnf: pop3d.cnf:RANDFILE = /etc/ssl/pop3d.rand pop3d.cnf: pop3d.cnf:[ req ] pop3d.cnf:default_bits = 4096 pop3d.cnf:encrypt_key = yes pop3d.cnf:distinguished_name = req_dn pop3d.cnf:x509_extensions = cert_type pop3d.cnf:prompt = no pop3d.cnf:default_md = sha256 pop3d.cnf: pop3d.cnf:[ req_dn ] pop3d.cnf:C=CA pop3d.cnf:ST=ON pop3d.cnf:L=Toronto pop3d.cnf:O=hottub.ca Mail Server pop3d.cnf:OU=Automatically-generated POP3 SSL key pop3d.cnf:CN=mail.hottub.ca pop3d.cnf:emailAddress=postmas...@hottub.ca pop3d.cnf:[ cert_type ] pop3d.cnf:nsCertType = server I'm not using 'localhost', as that allows use of the socket file at /var/run/mysql/mysql.sock, which is outside the postfix jail. (Ask me how long it took to find that one.) The database tables are relatively straightforward: CREATE TABLE domains ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, domain VARCHAR(255) NOT NULL UNIQUE); CREATE TABLE users ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, login VARCHAR(255) NOT NULL UNIQUE, name VARCHAR(255) NOT NULL, password CHAR(128) NOT NULL, uid SMALLINT NOT NULL DEFAULT 2000, gid SMALLINT NOT NULL DEFAULT 2000, home VARCHAR(255) NOT NULL DEFAULT '/var/vmail', maildir VARCHAR(255) NOT NULL, quota VARCHAR(10) NOT NULL DEFAULT '10000000S'); CREATE TABLE alias_maps ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, account VARCHAR(255) NOT NULL UNIQUE, alias VARCHAR(255) NOT NULL); GRANT SELECT ON mail.* to 'vmail'@'127.0.0.1' IDENTIFIED BY 'password';
