Difference between revisions of "IMAP"

From Organic Design wiki
(There are no mail services running on OD, so I may as well use that)
m
 
(3 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
*logging at /var/log/dovecot.log
 
*logging at /var/log/dovecot.log
 
*mbox files at /var/mail/[first letter of username]/[username]
 
*mbox files at /var/mail/[first letter of username]/[username]
 +
==Authentication against MediaWiki==
 +
It would be nice to have the same password for the IMAP email account as is used with the wiki. To do this we use dovecot's ability to use a sql database to obtain user and password information.
 +
 +
MediaWiki uses hashed passwords. Here is a code fragment that show how this is done:
 +
<pre>
 +
function wfEncryptPassword( $userid, $password ) {
 +
        global $wgPasswordSalt;
 +
        $p = md5( $password);
 +
 +
        if($wgPasswordSalt)
 +
                return md5( "{$userid}-{$p}" );
 +
        else
 +
                return $p;
 +
}
 +
</pre>
 +
As you see the global ''$wgPasswordSalt'' affects how the passwords are stored. On Organicdesign we have this option enabled.  Also note that the salt used is an integer representing the key of the user. Eg 2. For the authentication to work the query must obtain the ''user_id'' from the ''user_name'' and return the row on success. Terms preceeded with % are substitutionss made by dovecot before the query is executed.
 +
<pre>
 +
password_query = SELECT 500 AS uid, 500 AS gid, '' as home,\
 +
NULL AS password, user_id, user_name AS user FROM users WHERE user_name = '%u' AND user_password = md5(concat(user_id,'-',md5('%w')));
 +
 +
</pre>
 +
 
==Todo==
 
==Todo==
 
*Need help setting up an ''MX'' record in DNS to be able to test mail delivery and collection.
 
*Need help setting up an ''MX'' record in DNS to be able to test mail delivery and collection.

Latest revision as of 08:46, 23 March 2008

IMAP is a much improved mail delivery and organisation system. Dovecot is a modern and flexible IMAP server. The plan is to set up IMAP on OrganicDesign in order to have better control of our mail service, and as a service to offer clients by ensuring it's installation is included as part of Debian Post Install. Also, by having our mail folders centralised on our own server the data can be included in our weekly FS backups.

It should also be possible to directly authenticate mail users against the users table of a wiki.

  • See: /etc/dovecot/dovecot-sql.conf

Current state

  • logging at /var/log/dovecot.log
  • mbox files at /var/mail/[first letter of username]/[username]

Authentication against MediaWiki

It would be nice to have the same password for the IMAP email account as is used with the wiki. To do this we use dovecot's ability to use a sql database to obtain user and password information.

MediaWiki uses hashed passwords. Here is a code fragment that show how this is done:

function wfEncryptPassword( $userid, $password ) {
        global $wgPasswordSalt;
        $p = md5( $password);

        if($wgPasswordSalt)
                return md5( "{$userid}-{$p}" );
        else
                return $p;
}

As you see the global $wgPasswordSalt affects how the passwords are stored. On Organicdesign we have this option enabled. Also note that the salt used is an integer representing the key of the user. Eg 2. For the authentication to work the query must obtain the user_id from the user_name and return the row on success. Terms preceeded with % are substitutionss made by dovecot before the query is executed.

password_query = SELECT 500 AS uid, 500 AS gid, '' as home,\
NULL AS password, user_id, user_name AS user FROM users WHERE user_name = '%u' AND user_password = md5(concat(user_id,'-',md5('%w')));

Todo

  • Need help setting up an MX record in DNS to be able to test mail delivery and collection.
does this mean we need to set up Bind on the server, or should I just configure the webdrive DNS to point an MX record to our IP?
I think this is all that is required. Maybe use a domain that does not currently have mail services running on it. Eg peerix.org. No bind just upstream DNS --Rob 13:27, 15 March 2008 (NZDT)
There are no mail services running on OD, so I may as well use that --Nad 14:32, 15 March 2008 (NZDT)