http:// / courierauthd.shtml

This page is not finished. The information here is basically accurate, but should not be considered complete. When the page is finished, this notice will be removed and the menu at the top of the web site will be updated to include this page.


I'm thinking of different ways for qmail's qmail-smtpd program to handle the AUTH command. The current method involves running a checkpassword program- which is fairly simple to set up, but with some programs it can involve issues with what userid the programs run as, and on a busy server the overhead of running a separate process can be rather expensive in terms of time, memory, and CPU cycles.

One of the ideas I had was to use a cdb file containing all of the valid email addresses and their encrypted passwords. I will probably do this, just because it's the easiest and safest way to allow "mailhubs" (internet-facing machines whose only job is to accept incoming mail, filter out viruses and spam, and then forward the messages to another machine which has the mailboxes) to support the AUTH command without having to transmit requests over the network.

However, an idea which has intrigued me is the idea of using vpopmail's vpopmaild program. It's a TCP-based server which, with the proper authorization, supports almost everything you can do with the vpopmail command line programs. The first command, login, can be used to check the validity of a given userid/password combination, especially if it's immediately followed by a quit command.

The vpopmaild program is only available with vpopmail version 5.4.15 or higher. This page explains how to set up a daemontools service to run it.

However, using vpopmaild locks you into vpopmail- and since my POP3 and IMAP servers actually use courier-authlib to log into the mailboxes, and because courier-authlib has a documented working API, I figured it might be cool to write a little server which uses the courier-authlib API to do the work, but presents the same interface to its callers that vpopmaild uses (or at least enough of that interface to support the SMTP AUTH command.)

That program I call courierauthd.


courierauthd.c is the entire program.

Compiling and installing

under construction...

# gcc `courierauthconfig --ldflags` -lcourierauth -o courierauthd courierauthd.c
# strip courierauthd

bsd ??? seems to require env LD_CONFIG_PATH=/usr/lib/courier-authlib
need access to a BSD machine for testing... no idea why adding the lib path to the /etc/ file doesn't work.

set up standard service structure, server must run as "daemon" user in order to talk to authdaemond. run script is service-courierauthd-run