Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: [SOLVED] pop before smtp authentication

  1. #1
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default [SOLVED] pop before smtp authentication

    We are migrating from Qmail/Vpopmail to Zimbra. On the qmail side, we have pop before smtp authentication configured for relay access.

    Is some form of pop before smtp available for Zimbra?

    Thanks,
    Nick

  2. #2
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default Resolved pop before smtp auth

    I was able to get this working. Zimbra team, maybe you should consider this as an option in the future..

    1) Download and install Pop-before-smtp Home
    - Changes in /etc/pop-before-smtp-conf.pl:
    $dbfile = '/opt/zimbra/postfix/conf/pop-before-smtp';
    $ENV{'PATH'} = '/opt/zimbra/postfix/sbin';
    $logtime_pat = '(\d\d\d\d-\d\d-\d\d \d+:\d+:\d+)';

    $pat = '[LOGTIME],\d+\ INFO \[Pop3Server-\d+\\] \[name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4};oip=(\d+\.\d+\.\d+\.\d+);\] pop \- user [A-Za-z0-9._%-
    ]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4} authenticated, mechanism=login';

    $out_pat = '[LOGTIME],\d+\ INFO \[Pop3Server-\d+\\] \[name=[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4};oip=(\d+\.\d+\.\d+\.\d+);\] pop \- quit from client';


    (you can download my pop-before-smtp-conf.pl file http://www.mnxsolutions.com/scripts/...e-smtp-conf.pl )

    2) Change /opt/zimbra/conf/log4j.properties.in:
    from: %%uncomment VAR:!zimbraLogToSyslog%%log4j.rootLogger=INFO,LOGF ILE
    to: %%uncomment VAR:!zimbraLogToSyslog%%log4j.rootLogger=DEBUG,LOG FILE

    3) add a line at the beginning of /opt/zimbra/conf/postfix_recipient_restrictions.cf

    check_client_access hash:/opt/zimbra/postfix/conf/pop-before-smtp


    Restart zimbra and start he pop-before-smtp daemon.

    It would be nice if the INFO logging had the IP address of the authenticated user, rather than having to enable debug.

    nick - mnxsolutions.com

  3. #3
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default [Resolved] Pop before smtp auth

    I tried posting this here, but it did go through. Anyhow, I created a posting on our blog with all the details here:.


    Quick summary:
    1) Download and install Pop-before-smtp
    2) Change /opt/zimbra/conf/log4j.properties.in
    3) add a line at the beginning of opt/zimbra/conf/postfix_recipient_restrictions.cf
    4) Restart zimbra and start the pop-before-smtp daemon.
    MNX Solutions - Your Linux, UNIX and SAP Basis experts

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Cool & welcome to the forums!
    I see you've already met our watchdog fido: http://www.zimbra.com/forums/announc...ty-update.html
    -Don't worry, he won't bite ya too hard anymore

  5. #5
    Join Date
    Sep 2007
    Posts
    46
    Rep Power
    8

    Default

    I have created RPM for centos-5 with patches you proposed in pop-before-smtp-conf.pl. For me it was required to patch pop-before-smtp to make it use perl Date::Format and Date::Parse installed with zimbra-core, instead of installing it from CPAN.
    These changes for /opt/zimbra/conf/log4j.properties.in and /opt/zimbra/conf/postfix_recipient_restrictions.cf are done by post install script of the RPM and they are reverted at uninstall of the rpm by preun script.
    If anybody interested I can place this rpm, spec and patch somewhere for viewing/downloading.

    --
    Sergey.

  6. #6
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default Update

    I actually rewrote the pop-before-smtp configuration to support standard multi-line logging, no need to update the log4j properties.

    Refer to the blog posting for the latest updated information: http://www.mnxsolutions.com/blog/lin...ion-howto.html

    Use these rules in place of $pat and $out_pat in step 1:

    $PID_pat = ‘^[LOGTIME],\d+\ INFO \[Pop3[A-Za-z]+-(\d+)\] ‘;
    $IP_pat = $PID_pat . ‘\[ip=(\d+\.\d+\.\d+\.\d+);\] pop \- connected’;
    $OK_pat = $PID_pat . ‘\[name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4};\] pop \- user [A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4} authenticated, mechanism=[A-Za-z]+’;
    $FAIL_pat='sdfsdf';
    MNX Solutions - Your Linux, UNIX and SAP Basis experts

  7. #7
    Join Date
    Sep 2007
    Posts
    46
    Rep Power
    8

    Default

    How did you managed zimbra to write Pop3 authentication messages to /var/log/maillog?
    Or have you changed it to be /opt/zimbra/log/mailbox.log and did not mentioned it here in your previous posts?
    --
    Sergey.

  8. #8
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default

    I left that part out on accident. The config files are available for download on the blog posting, and point to the mailbox.log file.
    MNX Solutions - Your Linux, UNIX and SAP Basis experts

  9. #9
    Join Date
    Jun 2008
    Posts
    1
    Rep Power
    7

    Default Support for IMAP

    Due to out zimbra implementation being a migration from an existing server with hundreds of users all using pop-before-smtp, we were require to enable this tool as well. Everything from the mnxsolutions blog posting above worked fine except that the INFO multiline authentication patterns did not catch IMAP logins, so we changed them to the following and everything appears to be working correctly, both POP3 and IMAP:

    $PID_pat = '^[LOGTIME],\d+\ INFO \[(?:Pop3|Imap)[A-Za-z]+-(\d+)\] ';
    $IP_pat = $PID_pat . '[\S\s]+(?:\[|=)(\d+\.\d+\.\d+\.\d+)[\S\s]+ connected';
    $OK_pat = $PID_pat . '[\S\s]+name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}[\S\s]+(?op|imap) \- user [A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4} authenticated, mechanism=[A-Za-z]+';

  10. #10
    Join Date
    Oct 2009
    Posts
    12
    Rep Power
    6

    Default

    Does the above pattern matching applicable for zimbra 6?

Similar Threads

  1. SMTP Authentication
    By ferra in forum Installation
    Replies: 13
    Last Post: 06-26-2008, 08:25 AM
  2. SMTP authentication problems continue
    By EdMartin in forum Installation
    Replies: 2
    Last Post: 01-11-2008, 03:23 AM
  3. can't you help me
    By iwan siahaan in forum Administrators
    Replies: 6
    Last Post: 12-17-2007, 06:53 PM
  4. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  5. SMTP SASL authentication failure
    By igeorg in forum Developers
    Replies: 5
    Last Post: 10-10-2005, 02:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •