Chris Keating writes:
>
>> Chris,
>>
>> Thanks for your efforts. This works for me. However, this workaround has a
>> few drawbacks that you may already be aware of:
>>
>> 1. If imap access is turned off (via vmoduser -i), then imap access is not
>> granted, but open_relay still tries to run and just leaves the open_smtp
>> file owned by root.root, making roaming break until permissions are changed
>> back.
>>
>> 2. If roaming is disabled for that user (via vmoduser -r), open_relay has no
>> way of knowing since it's separate from authvchkpw now. So they get to roam
>> anyway.
>>
>> 3. For people using multiple authentication modules (not me), anyone who is
>> authenticated will get roaming access.
>>
>> Since we are now forced to use authdaemon (as far as I can tell, anyway),
>> seems like the best solution would be for imaplogin to pass the environment
>> to authdaemond. This would fix everything mentioned above, I think, and
>> perhaps similar issues for other authentication modules.
>>
>
> 1. This is a problem with the vpopmail.c code, IMHO it doesn't recover
> from hiccups as well as it should.
>
> 2,3. The real problem here is that a side effect (SMTP relay authentication)
> is being piggy-backed onto authentication. authdaemond is soley concerned
Correct.
I have said many times before that my opinion is that POP-before-SMTP and
IMAP-before-SMTP approach is a hack, nothing more. This approach might have
made sense 2-3 years ago, but not any more. Pretty much every mail client
out there supports authenticated SMTP, and that's the right solution for
this particular problem. That's what people should be doing. Authenticated
SMTP is a much more reliable, and a technically sane approach.
FWIW, you can still get the old authentication configuration by specifying
--without-authdaemon to Courier-IMAP's configuration script. It's just that
the default setting now builds authdaemon, because it's simply easier for me
with everyone on the same playing field, and everyone using authdaemon.
--
Sam
