Zarafa Exim4 integration

From Zarafa wiki

Revision as of 23:22, 23 November 2010 by Ynypokizek (Talk | contribs)
Jump to: navigation, search


UNDER COSTRUCTION, PLEASE SEE THIS POST IN RESERVE COPY


CLICK HERE


The following Exim configuration will integrate Exim with the internal Zarafa user database for alias checking and SMTP authentication.

Please note this setup only works when using the DB user plugin. Unix and LDAP plugin will not correctly work with this config.

Configure Exim as a server by the following command and define domains we host and make sure to select "split" method for config files.

 dpkg-reconfigure exim4-config

Create the file /etc/exim4/conf.d/auth/40_zarafa_smtp and add the following lines:

<code>

  # authenticators for SMTP AUTH with zarafa db
  #
  auth_plain:
          driver              = plaintext
          public_name         = PLAIN
          server_prompts      = :
          # don't send password over unencrypted connections
          server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
          server_condition    = ${lookup mysql{ZARAFA_PLAIN}{1}{0}}
          server_set_id       = $auth2
  #
  auth_login:
          driver              = plaintext
          public_name         = LOGIN
          server_prompts      = "Username:: : Password::"
          # don't send password over unencrypted connections
          server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
          server_condition    = ${lookup mysql{ZARAFA_LOGIN}{1}{0}}
          server_set_id       = $auth1

</code>

Create the file /etc/exim4/conf.d/main/100_zarafa_mysql and add the following lines:

<code>

  # mysql settings for recipient verify and authentication
  #
  MYSQL_SERVER             = localhost
  MYSQL_DB                 = zarafa
  MYSQL_USER               = root
  MYSQL_PASS               = 
  #
  ZARAFA_USER = SELECT DISTINCT `value` FROM `objectproperty` WHERE \
                propname = 'loginname' \
                AND objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
                value = '${quote_mysql:$local_part@$domain}')
  #
  ZARAFA_PLAIN = SELECT DISTINCT `objectid` FROM `objectproperty` WHERE \
                 objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
                 `propname` = 'loginname' AND `value` = '$auth2') \
                 AND `propname` = 'password' \
                 AND `value` = CONCAT(SUBSTR(`value`, 1, 8), \
                 MD5(CONCAT(SUBSTR(`value`, 1, 8), '$auth3')))
  #
  ZARAFA_LOGIN = SELECT DISTINCT `objectid` FROM `objectproperty` WHERE \
                 objectid = (SELECT DISTINCT(`objectid`) FROM `objectproperty` WHERE \
                 `propname` = 'loginname' AND `value` = '$auth1') \
                 AND `propname` = 'password' \
                 AND `value` = CONCAT(SUBSTR(`value`, 1, 8), \
                 MD5(CONCAT(SUBSTR(`value`, 1, 8), '$auth2')))
  #
  hide mysql_servers = MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASS

</code>

Create the file /etc/exim4/conf.d/router/700_zarafa_dagent and add the following lines:

<code>

  # router for delivery via zarafa-dagent
  #
  zarafa_user:
          debug_print         = "R: zarafa for $local_part@$domain"
          cannot_route_message = no such user
          driver              = accept
          # In order to deliver messages to a recipient with a suffix like for example user+suffix@zarafa.com,
          # (used in VERP) we need to tell Exim that everything after the plus-sign has to be stripped.
          # After the definition of 'local_part_suffix' 'local_part' does not contain the suffix anymore.
          # Uncomment the next two lines to enable this behaviour.
          #local_part_suffix = +*
          #local_part_suffix_optional
          condition           = ${lookup mysql{ZARAFA_USER} {1}{0}}
          local_parts         = !root
          # specify your local domains which should be delivered to zarafa
          # with "domainlist local_domains    = localhost : yourdomain.com"
          # in main section of exim4.conf
          domains             = +local_domains
          transport           = zarafa_pipe
          require_files       = +/usr/bin/zarafa-dagent
          # !! if you use "verify = recipient" in any ACLs
          # you have to leave "no_verify" and "no_expn" disabled
          # otherwise your ACL will always fail
          #no_verify
          #no_expn

</code>

Create the file /etc/exim4/conf.d/transport/30_zarafa_dagent and add the following lines:

<code>

  #  transport for delivery via zarafa-dagent
  #
  zarafa_pipe:
          debug_print         = "T: zarafa_pipe for $local_part@$domain"
          driver              = pipe
          path                = "/bin:/usr/bin:/usr/local/bin"
          #command       = "/usr/bin/zarafa-dagent -s $local_part"
          #if (zarafa_usernames != $local_part) - you have to use this command instead
          command = /usr/bin/zarafa-dagent -s "${lookup mysql{ZARAFA_USER} {$value}}
          return_path_add
          delivery_date_add
          envelope_to_add

</code>


Execute the following commands to activate your configuration.

 update-exim4.conf
 /etc/init.d/exim4 restart

Local part affixes and LMTP

As mentioned above in the <tt>zarafa_user</tt> router, if the local part contains affixes (either suffixes or prefixes), we want these to be stripped from the 'real' part of the <tt>local_part</tt>. Especially for LMTP, which requires an RCPT TO command followed with a real local user. Luckily, this is default behaviour for LMTP in Exim 4.40.

If you encounter any problems in the zarafa-dagent not accepting <tt>prefix-username+suffix</tt> recipient addresses, check the <tt>rcpt_include_affixes</tt> setting in your SMTP/LMTP transport: Exim 4.40 generic transport options (see <tt>rcpt_include_affixes</tt>).

Personal tools