authcheck, (C) Vladimir Ivaschenko , GPL2 license http://www.hazard.maks.net/~hazard -------------------------------------------------------------- Authcheck is a daemon written in Perl which you can use to authenticate your mail users against an SQL table. Apart from the flexbility you get, you can quite easily setup virtual IMAP and POP3. One of the methods is to change in usernames "@" to "::" and "." to ".", so that user with email address "user@domain.com" gets a login "user::domain:com". Then write a small delivery wrapper which does the necessary changes for address->username conversion and you're done (or if you use exim mailer, you can use embedded Perl, sample exim.conf configuration is supplied). Note that for this setup you will need a modified version of cyrus imap which permits ":" in the usernames, I have one available at my homepage. authcheck requires several Perl modules in order to work, look at the source to see which. You can install required modules using "PERL -MCPAN -e shell" command. You need to put 3 params in a file called /etc/authcheck.conf: databasename user password tablename Note that each param should be on a separate line. The 1st param is a DBI connection string, eg. dbi:mysql:dbname:host. SQL for the table authcheck uses: create table emailtab ( login varchar(80) primary key, password varchar(80) not null, fname varchar(120), lname varchar(120) ) where login is a login name, password is an encrypted password, fname and lname are optional fields (first name and lastname). The passwords are MD5 crypted. I use a special CGI for user administration of the IMAP accounts - imapadmin.cgi, which you can find at my homepage or in the sql-auth.tar.gz. In Cyrus's imapd.conf, you will need to put this: sasl_pwcheck_method: pwcheck In inetd.conf, put something like that: imap stream tcp nowait cyrus /usr/sbin/tcpd imapd Also you will have to compile SASL with pwcheck support, or you can get prebuilt RPMs on my homepage. Another thing to note is that you need to add user "admin" to the SQL table manually before you can start using administration CGIs (or other administration software). For example, to insert user "admin" with password "1234": INSERT INTO emailtab VALUES ("admin","gdyb21LQTcIANtvYMT7QVQ"); ** Please make sure that only cyrus has access to the /var/pwcheck ** directory (where Unix domain socket is stored), that authcheck has ** correct permissions (most probably, u+rwx only) and that you run authcheck ** as correct user (it is a very BAD idea to run it as root). Thanks to Jeremy Howard, the authcheck daemon now supports pre-forking and has better error detection. Vladimir Ivaschenko