URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 80025
[ Назад ]

Исходное сообщение
"Проблемы с авторизацией на почте"

Отправлено Elektron , 28-Апр-08 08:41 
Здраствуйте, недавно поднял сервер в связке Exim + courier-imap + authlib. Все вроде какбы работает нормально, почта отправляется и доставляется, но при авторизации через мэйл клиент (The Bat, Outlook Express другие не пробовал) время авторизации длиться в течении 120 (бывает чуть меньше или чуть больше но разбег не более 2-3 секунд) секунд  после этого захожу в лог maillog и вижу такие строчки:

Apr 28 08:28:28 main pop3d: LOGIN, user=test@test.ru, ip=[192.168.3.40], port=[64042]
Apr 28 08:30:30 main pop3d: LOGOUT, user=test@test.ru, ip=[192.168.3.40], port=[64042], top=0, retr=353123, rcvd=204, sent=380225, time=122

параметр time равняется такому же значению что и время автоизации.

Бьюсь уже с этим долго и не могу понять в чём дело, в конфигах ничего отвечающего за это значение не нашёл, но конфиги копированы с другого сервера один в один, на котором всё замечательно работает без каких либо глюков. Может кто то встречался такой траблой и знает как её можно решить, очень прошу помочь.

Заранее спасибо.
PS. Если потребуется какой либо конфиг, могу скинуть.


Содержание

Сообщения в этом обсуждении
"Проблемы с авторизацией на почте"
Отправлено Heckfy , 29-Апр-08 00:31 
Давай конфиг.
Буду думать.

"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 10:08 
>Давай конфиг.
>Буду думать.

Воть конфиг самого Exim'a:

# $Cambridge: exim/exim-src/src/configure.default,v 1.3 2005/05/10 14:48:07 ph10 Exp $

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.
#sendmail_submit_enable = NO
primary_hostname =mail.test.ru


# The next three settings create two lists of domains and one list of hosts.
# These lists are referred to later in this configuration using the syntax
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:

domainlist local_domains = ${lookup mysql{SELECT domain from domains where domain='${domain}' and (type='LOCAL' or type='VIRTUAL')}}
domainlist relay_to_domains =${lookup mysql{SELECT domain FROM domains WHERE domain='${domain}' AND type='RELAY'}}
hostlist   relay_from_hosts = localhost

# Most straightforward access control requirements can be obtained by
# appropriate settings of the above options. In more complicated situations, you
# may need to modify the Access Control List (ACL) which appears later in this
# file.

# The first setting specifies your local domains, for example:
#
#   domainlist local_domains = my.first.domain : my.second.domain
#
# You can use "@" to mean "the name of the local host", as in the default
# setting above. This is the name that is specified by primary_hostname,
# as specified above (or defaulted). If you do not want to do any local
# deliveries, remove the "@" from the setting above. If you want to accept mail
# addressed to your host's literal IP address, for example, mail addressed to
# "user@[192.168.23.44]", you can add "@[]" as an item in the local domains
# list. You also need to uncomment "allow_domain_literals" below. This is not
# recommended for today's Internet.

# The second setting specifies domains for which your host is an incoming relay.
# If you are not doing any relaying, you should leave the list empty. However,
# if your host is an MX backup or gateway of some kind for some domains, you
# must set relay_to_domains to match those domains. For example:
#
# domainlist relay_to_domains = *.myco.com : my.friend.org
#
# This will allow any host to relay through your host to those domains.
# See the section of the manual entitled "Control of relaying" for more
# information.

# The third setting specifies hosts that can use your host as an outgoing relay
# to any other host on the Internet. Such a setting commonly refers to a
# complete local network as well as the localhost. For example:
#
# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
#
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you
# have to include 127.0.0.1 if you want to allow processes on your host to send
# SMTP mail by using the loopback address. A number of MUAs use this method of
# sending mail.

# All three of these lists may contain many different kinds of item, including
# wildcarded names, regular expressions, and file lookups. See the reference
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

# You should not change those settings until you understand how ACLs work.


# If you are running a version of Exim that was compiled with the content-
# scanning extension, you can cause incoming messages to be automatically
# scanned for viruses. You have to modify the configuration in two places to
# set this up. The first of them is here, where you define the interface to
# your scanner. This example is typical for ClamAV; see the manual for details
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).

#av_scanner = clamd:/var/run/clamav/clamd


# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.


#spamd_address = 127.0.0.1 783


# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.example" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the recipient_unqualified_hosts option if you want to permit
# unqualified addresses from remote sources. If this option is not set, the
# primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# The following line must be uncommented if you want Exim to recognize
# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
# (an IP address) instead of a named domain. The RFCs still require this form,
# but it makes little sense to permit mail to be sent to specific hosts by
# their IP address in the modern Internet. This ancient format has been used
# by those seeking to abuse hosts by using them for unwanted relaying. If you
# really do want to support domain literals, uncomment the following line, and
# see also the "domain_literal" router below.

allow_domain_literals = false


# No deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so causes a panic error to be logged, and
# the delivery to be deferred. This is a paranoic safety catch. There is an
# even stronger safety catch in the form of the FIXED_NEVER_USERS setting
# in the configuration for building Exim. The list of users that it specifies
# is built into the binary, and cannot be changed. The option below just adds
# additional users to the list. The default for FIXED_NEVER_USERS is "root",
# but just to be absolutely sure, the default here is also "root".

# Note that the default setting means you cannot deliver mail addressed to root
# as if it were a normal user. This isn't usually a problem, as most sites have
# an alias for root that redirects such mail to a human administrator.

exim_user = mailnull
exim_group = mail
never_users = root:daemon:bin

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *


# The settings below, which are actually the same as the defaults in the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session.

rfc1413_hosts = *
rfc1413_query_timeout = 0s


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
#
# to control sender and recipient addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# If you want Exim to support the "percent hack" for certain domains,
# uncomment the following line and provide a list of domains. The "percent
# hack" is the feature by which mail addressed to x%y@z (where z is one of
# the domains listed) is locally rerouted to x@y and sent on. If z is not one
# of the "percent hack" domains, x%y is treated as an ordinary local part. This
# hack is rarely needed nowadays; you should not enable it unless you are sure
# that you really need it.
#
# percent_hack_domains =
#
# As well as setting this option you will also need to remove the test
# for local parts containing % in the ACL definition below.


# When Exim can neither deliver a message nor return it to sender, it "freezes"
# the delivery error message (aka "bounce message"). There are also other
# circumstances in which messages get frozen. They will stay on the queue for
# ever unless one of the following options is set.

# This option unfreezes frozen bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

ignore_bounce_errors_after = 3d

# This option cancels (removes) frozen messages that are older than a week.

timeout_frozen_after = 3d
freeze_tell = postmaster
auto_thaw = 1h
message_size_limit = 30M
smtp_accept_max=50
smtp_accept_max_per_connection = 50
smtp_connect_backlog= 50
smtp_accept_max_per_host = 25
split_spool_directory = true
remote_max_parallel = 15
hide mysql_servers = localhost/mail/mail/*test*

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################

begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:
  accept  hosts = :
  deny    local_parts =^.*[@%!/|] : ^\\.
  accept  local_parts   = postmaster
  domains       = +local_domains  
  require verify        = sender
  deny    message       = host is listed in  $dnslist_domain
  dnslists      = 111.111.111.111
  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient
  accept  domains       = +relay_to_domains
          endpass
           message       = unrouteable address
           verify        = recipient
  accept  hosts         = +relay_from_hosts
  accept  authenticated = *
  deny    message       = relay not permitted
acl_check_data:
  
#  warn    message       = X-Spam-Score: $spam_score ($spam_bar)
#          hosts         = !+relay_from_hosts
#      spam          = nobody:true
          
# warn    message       = X-Spam-Report: $spam_report
#      hosts         = !+relay_from_hosts
#      spam          = nobody:true
                    
#  warn    message       = Subject: ***SPAM*** $h_Subject:
#      hosts         = !+relay_from_hosts
#      spam          = nobody
                              
#  deny    message       = This message scored $spam_score spam points.
#      spam          = nobody:true
#      hosts         = !+relay_from_hosts
#      condition     = ${if >{$spam_score_int}{120}{1}{0}}

#  deny    message       = Go Away! Eat Your Spam Self!
#          condition     = ${if match{$message_body} \
#                        {105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
#                        {yes}{no}}
accept  
  


######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################

begin routers
dnslookup:
    driver = dnslookup
    domains = ! +local_domains
    transport = remote_smtp
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
    no_more
system_aliases:
    driver = redirect
    allow_fail
    allow_defer
    data = ${lookup mysql{SELECT recipients FROM aliases  WHERE local_part='${local_part}' AND domain='${domain}'}}
userforward:
    driver = redirect
    allow_fail
    allow_defer
    data = ${lookup mysql{SELECT recipients FROM userforward WHERE local_part='${local_part}' AND domain='${domain}'}}
mysqluser:
   driver = accept
   condition = ${if eq{}{${lookup mysql{SELECT home FROM users  WHERE id='${local_part}' AND  mbox_host='${domain}' AND active='Y'}}}{no}{yes}}
   transport = mysql_delivery

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
    driver = smtp
mysql_delivery:
    driver = appendfile
    check_string = ""
    create_directory
    delivery_date_add
    directory = ${lookup mysql{SELECT home FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}}
    directory_mode = 777
    envelope_to_add
    group = mail
    maildir_format
    maildir_tag = ,S=$message_size
    message_prefix = ""
    message_suffix = ""
    mode = 0777
    quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
    quota_size_regex = S=(\d+)$
    quota_warn_threshold = 75%
    return_path_add
address_pipe:
    driver = pipe
    return_output
address_file:
    driver = appendfile
    delivery_date_add
    envelope_to_add
    return_path_add
address_reply:
    driver = autoreply
######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Address or Domain    Error       Retries
# -----------------    -----       -------

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

# There are no authenticator specifications in this default configuration file.

begin authenticators
auth_plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = ${lookup mysql{SELECT id FROM users WHERE id = '${quote_mysql:${local_part:$2}}' AND mbox_host = '${quote_mysql:${domain:$2}}' AND passwd = '${quote_mysql:$3}' AND active = 'Y'}{yes}{no}}
    server_prompts = :
server_set_id = $2
auth_login:
     driver = plaintext
     public_name = LOGIN    
     server_condition = ${lookup mysql{SELECT id FROM users  WHERE id = '${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}' AND passwd = '${quote_mysql:$2}' AND active = 'Y'}{yes}{no}}
     server_prompts = Username:: : Password::
server_set_id = $1
#auth_cram_md5:
#     driver = cram_md5
#     public_name = CRAM-MD5
#     server_secret = ${lookup mysql{SELECT passwd FROM users  WHERE id = '${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}' AND active = 'Y'}{$value}fail}
#server_set_id = $1

######################################################################
#                   CONFIGURATION FOR local_scan()                   #
######################################################################

# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.

# begin local_scan


"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 10:12 
Конфиг imapd:

##NAME: ADDRESS:0
#
#  Address to listen on, can be set to a single IP address.
#
# ADDRESS=127.0.0.1

ADDRESS=0

##NAME: PORT:1
#
#  Port numbers that connections are accepted on.  The default is 143,
#  the standard IMAP port.
#
#  Multiple port numbers can be separated by commas.  When multiple port
#  numbers are used it is possible to select a specific IP address for a
#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
#  The previous ADDRESS setting is a default for ports that do not have
#  a specified IP address.

PORT=143

##NAME: AUTHSERVICE:0
#
#  It's possible to authenticate using a different 'service' parameter
#  depending on the connection's port.  This only works with authentication
#  modules that use the 'service' parameter, such as PAM.  Example:
#
#  AUTHSERVICE143=imap
#  AUTHSERVICE993=imaps

##NAME: MAXDAEMONS:0
#
#  Maximum number of IMAP servers started
#

MAXDAEMONS=40

##NAME: MAXPERIP:0
#
#  Maximum number of connections to accept from the same IP address

MAXPERIP=4

##NAME: PIDFILE:0
#
#  File where couriertcpd will save its process ID
#

PIDFILE=/var/run/imapd.pid

##NAME: TCPDOPTS:0
#
# Miscellaneous couriertcpd options that shouldn't be changed.
#

TCPDOPTS="-nodnslookup -noidentlookup"

##NAME: LOGGEROPTS:0
#
# courierlogger(1) options.                                        
#

LOGGEROPTS="-name=imapd"

##NAME: DEFDOMAIN:0
#
# Optional default domain. If the username does not contain the        
# first character of DEFDOMAIN, then it is appended to the username.
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
# only if the username does not contain any character from DOMAINSEP.
# You can set different default domains based on the the interface IP
# address using the -access and -accesslocal options of couriertcpd(1).

#DEFDOMAIN="@example.com"

##NAME: IMAP_CAPABILITY:1
#
# IMAP_CAPABILITY specifies what most of the response should be to the
# CAPABILITY command.
#
# If you have properly configured Courier to use CRAM-MD5, CRAM-SHA1, or
# CRAM-SHA256 authentication (see INSTALL), set IMAP_CAPABILITY as follows:
#
# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
#

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"

##NAME: KEYWORDS_CAPABILITY:0
#
# IMAP_KEYWORDS=1 enables custom IMAP keywords.  Set this option to 0 to
# disable custom keywords.

IMAP_KEYWORDS=1

##NAME: ACL_CAPABILITY:0
#
# IMAP_ACL=1 enables IMAP ACL extension. Set this option to 0 to
# disable ACL capabilities announce.

IMAP_ACL=1

##NAME: SMAP1_CAPABILITY:0
#
# EXPERIMENTAL
#
# To enable the experimental "Simple Mail Access Protocol" extensions,
# uncomment the following setting.
#
# SMAP_CAPABILITY=SMAP1

##NAME: IMAP_CAPABILITY_ORIG:2
#
# For use by webadmin

IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"

##NAME: IMAP_PROXY:0
#
# Enable proxying.  See README.proxy

IMAP_PROXY=0

##NAME: PROXY_HOSTNAME:0
#
# Override value from gethostname() when checking if a proxy connection is
# required.
#
# PROXY_HOSTNAME=

##NAME: IMAP_PROXY_FOREIGN:0
#
# Proxying to non-Courier servers.  Re-sends the CAPABILITY command after
# logging in to the remote server.  May not work with all IMAP clients.

IMAP_PROXY_FOREIGN=0

##NAME: IMAP_IDLE_TIMEOUT:0
#
# This setting controls how often
# the server polls for changes to the folder, in IDLE mode (in seconds).

IMAP_IDLE_TIMEOUT=60

##NAME: IMAP_CAPABILITY_TLS:0
#
# The following setting will advertise SASL PLAIN authentication after
# STARTTLS is established.  If you want to allow SASL PLAIN authentication
# with or without TLS then just comment this out, and add AUTH=PLAIN to
# IMAP_CAPABILITY

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

##NAME: IMAP_TLS_ORIG:0
#
# For use by webadmin

IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"

##NAME: IMAP_DISABLETHREADSORT:0
#
# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
# server side sorting and threading.
#
# Those capabilities will still be advertised, but the server will reject
# them.  Set this option if you want to disable all the extra load from
# server-side threading and sorting.  Not advertising those capabilities
# will simply result in the clients reading the entire folder, and sorting
# it on the client side.  That will still put some load on the server.
# advertising these capabilities, but rejecting the commands, will stop this
# silliness.
#

IMAP_DISABLETHREADSORT=0

##NAME: IMAP_CHECK_ALL_FOLDERS:0
#
# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
# mail in every folder.  Not all IMAP clients use the IMAP's new mail
# indicator, but some do.  Normally new mail is checked only in INBOX,
# because it is a comparatively time consuming operation, and it would be
# a complete waste of time unless mail filters are used to deliver
# mail directly to folders.
#
# When IMAP clients are used which support new mail indication, and when
# mail filters are used to sort incoming mail into folders, setting
# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
# mail in folders.  Note that this will result in slightly more load on the
# server.
#

IMAP_CHECK_ALL_FOLDERS=0

##NAME: IMAP_OBSOLETE_CLIENT:0
#
# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
# what \\HasNoChildren really means.

IMAP_OBSOLETE_CLIENT=0

##NAME: IMAP_UMASK:0
#
# IMAP_UMASK sets the umask of the server process.  The value of IMAP_UMASK is
# simply passed to the "umask" command.  The default value is 022.
#
# This feature is mostly useful for shared folders, where the file permissions
# of the messages may be important.

IMAP_UMASK=022

##NAME: IMAP_ULIMITD:0
#
# IMAP_ULIMITD sets the maximum size of the data segment of the server
# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
# command (or ulimit -v).  The argument to ulimi sets the upper limit on the
# size of the data segment of the server process, in kilobytes.  The default
# value of 65536 sets a very generous limit of 64 megabytes, which should
# be more than plenty for anyone.
#
# This feature is used as an additional safety check that should stop
# any potential denial-of-service attacks that exploit any kind of
# a memory leak to exhaust all the available memory on the server.
# It is theoretically possible that obscenely huge folders will also
# result in the server running out of memory when doing server-side
# sorting (by my calculations you have to have at least 100,000 messages
# in a single folder, for that to happen).

IMAP_ULIMITD=65536

##NAME: IMAP_USELOCKS:0
#
# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
# multiple access to the same folder.  This incurs slight additional
# overhead.  Concurrent multiple access will still work without this setting,
# however occasionally a minor race condition may result in an IMAP client
# downloading the same message twice, or a keyword update will fail.
#
# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.

IMAP_USELOCKS=1

##NAME: IMAP_SHAREDINDEXFILE:0
#
# The index of all accessible folders.  Do not change this setting unless
# you know what you're doing.  See README.sharedfolders for additional
# information.

IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index

##NAME: IMAP_ENHANCEDIDLE:0
#
# If Courier was compiled with the File Alteration Monitor, setting
# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
# clients may open the same folder concurrently, and receive updates to
# folder contents in realtime.  See the imapd(8) man page for additional
# information.
#
# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
# in the IMAP_CAPABILITY list.
#

IMAP_ENHANCEDIDLE=0

##NAME: IMAP_TRASHFOLDERNAME:0
#
# The name of the magic trash Folder.  For MSOE compatibility,
# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
#
# IMPORTANT:  If you change this, you must also change IMAP_EMPTYTRASH

IMAP_TRASHFOLDERNAME=Trash

##NAME: IMAP_EMPTYTRASH:0
#
# The following setting is optional, and causes messages from the given
# folder to be automatically deleted after the given number of days.
# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
# setting, below, purges 7 day old messages from the Trash folder.
# Another useful setting would be:
#
# IMAP_EMPTYTRASH=Trash:7,Sent:30
#
# This would also delete messages from the Sent folder (presumably copies
# of sent mail) after 30 days.  This is a global setting that is applied to
# every mail account, and is probably useful in a controlled, corporate
# environment.
#
# Important: the purging is controlled by CTIME, not MTIME (the file time
# as shown by ls).  It is perfectly ordinary to see stuff in Trash that's
# a year old.  That's the file modification time, MTIME, that's displayed.
# This is generally when the message was originally delivered to this
# mailbox.  Purging is controlled by a different timestamp, CTIME, which is
# changed when the file is moved to the Trash folder (and at other times too).
#
# You might want to disable this setting in certain situations - it results
# in a stat() of every file in each folder, at login and logout.
#

IMAP_EMPTYTRASH=Trash:7

##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
#
# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
# effectively allows an undo of message deletion by fishing the deleted
# mail from trash.  Trash can be manually expunged as usually, and mail
# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
#
# NOTE: shared folders are still expunged as usual.  Shared folders are
# not affected.
#

IMAP_MOVE_EXPUNGE_TO_TRASH=0


##NAME: OUTBOX:0
#
# The next set of options deal with the "Outbox" enhancement.
# Uncomment the following setting to create a special folder, named
# INBOX.Outbox
#
# OUTBOX=.Outbox

##NAME: SENDMAIL:0
#
# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
# a message to the INBOX.Outbox folder.  For all practical matters,
# INBOX.Outbox looks and behaves just like any other IMAP folder.  If this
# folder doesn't exist it must be created by the IMAP mail client, just
# like any other IMAP folder.  The kicker: any message copied or moved to
# this folder is will be E-mailed by the Courier-IMAP server, by running
# the SENDMAIL program.  Therefore, messages copied or moved to this
# folder must be well-formed RFC-2822 messages, with the recipient list
# specified in the To:, Cc:, and Bcc: headers.  Courier-IMAP relies on
# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
# message piped on standard input.  $SENDER will be the return address
# of the message, which is set by the authentication module.
#
# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
#

SENDMAIL=/usr/sbin/sendmail

##NAME: HEADERFROM:0
#
# For administrative and oversight purposes, the return address, $SENDER
# will also be saved in the X-IMAP-Sender mail header.  This header gets
# added to the sent E-mail (but it doesn't get saved in the copy of the
# message that's saved in the folder)
#
# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
# the magic OUTBOX treatment.  Therefore advance LARTing is in order for
# _all_ of your lusers, until every one of them is aware of this.  Otherwise if
# OUTBOX is left at its default setting - a folder name that might be used
# accidentally - some people may be in for a rude surprise.  You can redefine
# the name of the magic folder by changing OUTBOX, above.  You should do that
# and pick a less-obvious name.  Perhaps brand it with your organizational
# name ( OUTBOX=.WidgetsAndSonsOutbox )

HEADERFROM=X-IMAP-Sender

##NAME: OUTBOX_MULTIPLE_SEND:0
#
# Remove the following comment to allow a COPY of more than one message to
# the Outbox, at a time.
#
# OUTBOX_MULTIPLE_SEND=1

##NAME: IMAPDSTART:0
#
# IMAPDSTART is not used directly.  Rather, this is a convenient flag to
# be read by your system startup script in /etc/rc.d, like this:
#
#  . /usr/local/etc/courier-imap/imapd
#
#  case x$IMAPDSTART in
#  x[yY]*)
#        /usr/local/libexec/courier-imap/imapd.rc start
#        ;;
#  esac
#
# The default setting is going to be NO, so you'll have to manually flip
# it to yes.

IMAPDSTART=NO

##NAME: MAILDIRPATH:0
#
# MAILDIRPATH - directory name of the maildir directory.
#
MAILDIRPATH=Maildir


"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 10:15 
Конфиг pop3d:

##VERSION: $Id: pop3d.dist.in,v 1.16 2005/07/05 12:42:51 mrsam Exp $

##NAME: PIDFILE:0
#

PIDFILE=/var/run/pop3d.pid

##NAME: MAXDAEMONS:0
#
#  Maximum number of POP3 servers started
#

MAXDAEMONS=40

##NAME: MAXPERIP:4
#
#  Maximum number of connections to accept from the same IP address

MAXPERIP=4

##NAME: POP3AUTH:1
#
# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
# POP3AUTH="LOGIN"
#
# If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH
# to something like this:
#
# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

POP3AUTH=""

##NAME: POP3AUTH_ORIG:1
#
# For use by webadmin

#POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"

##NAME: POP3AUTH_TLS:1
#
# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
# POP3AUTH_TLS="LOGIN PLAIN"

POP3AUTH_TLS=""

##NAME: POP3AUTH_TLS_ORIG:0
#
# For use by webadmin

POP3AUTH_TLS_ORIG="LOGIN PLAIN"

##NAME: POP3_PROXY:0
#
# Enable proxying.  See README.proxy

POP3_PROXY=0

##NAME: PROXY_HOSTNAME:0
#
# Override value from gethostname() when checking if a proxy connection is
# required.

# PROXY_HOSTNAME=

##NAME: PORT:1
#
# Port to listen on for connections.  The default is port 110.
#
#  Multiple port numbers can be separated by commas.  When multiple port
#  numbers are used it is possibly to select a specific IP address for a
#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
#  The ADDRESS setting is a default for ports that do not have a specified
#  IP address.

PORT=110

##NAME: ADDRESS:0
#
# IP address to listen on.  0 means all IP addresses.

ADDRESS=0

##NAME: TCPDOPTS:0
#
# Other couriertcpd(1) options.  The following defaults should be fine.
#

TCPDOPTS="-nodnslookup -noidentlookup"

##NAME: LOGGEROPTS:0
#
# courierlogger(1) options.
#

LOGGEROPTS="-name=pop3d"

##NAME: DEFDOMAIN:0
#
# Optional default domain. If the username does not contain the
# first character of DEFDOMAIN, then it is appended to the username.
# If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended
# only if the username does not contain any character from DOMAINSEP.
# You can set different default domains based on the the interface IP
# address using the -access and -accesslocal options of couriertcpd(1).

#DEFDOMAIN="@example.com"

##NAME: POP3DSTART:0
#
# POP3DSTART is not referenced anywhere in the standard Courier programs
# or scripts.  Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
#  . /usr/local/etc/courier-imap/pop3d
#  case x$POP3DSTART in
#  x[yY]*)
#        /usr/local/libexec/courier-imap/pop3d.rc start
#        ;;
#  esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.

POP3DSTART=NO

##NAME: MAILDIRPATH:0
#
# MAILDIRPATH - directory name of the maildir directory.
#
MAILDIRPATH=Maildir


"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 10:18 
>Конфиг authmysqlrc:

##VERSION: $Id: authmysqlrc,v 1.18 2004/11/14 02:58:16 mrsam Exp $

##NAME: LOCATION:0
#
# The server name, userid, and password used to log in.

MYSQL_SERVER        localhost
MYSQL_USERNAME        mail
MYSQL_PASSWORD        *test*

##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
# MYSQL_SOCKET        /var/mysql/mysql.sock

##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.

MYSQL_PORT        3306

##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.

MYSQL_OPT        0

##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:

MYSQL_DATABASE        mail

##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data.  See README.authmysqlrc
# for the required fields in this table.

MYSQL_USER_TABLE    users

##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined.  Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD.  Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.

#MYSQL_CRYPT_PWFIELD    passwd

##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
MYSQL_CLEAR_PWFIELD    passwd

##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
#DEFAULT_DOMAIN        example.com

##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD        uid

##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account

MYSQL_GID_FIELD        gid

##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id.  Basically the query is:
#
#  SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#

MYSQL_LOGIN_FIELD    email

##NAME: MYSQL_HOME_FIELD:0
#

MYSQL_HOME_FIELD    home

##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)

MYSQL_NAME_FIELD    email

##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD    home

##NAME: MYSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional field specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
#
# MYSQL_DEFAULTDELIVERY defaultdelivery

##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota.  See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD    quota

##NAME: MYSQL_AUXOPTIONS:0
#
# Auxiliary options.  The MYSQL_AUXOPTIONS field should be a char field that
# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
# pairs.  These names are additional attributes that define various per-account
# "options", as given in INSTALL's description of the "Account OPTIONS"
# setting.
#
# MYSQL_AUXOPTIONS_FIELD    auxoptions
#
# You might want to try something like this, if you'd like to use a bunch
# of individual fields, instead of a single text blob:
#
# MYSQL_AUXOPTIONS_FIELD    CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
#
# This will let you define fields called "disableimap", etc, with the end result
# being something that the OPTIONS parser understands.


##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
# MYSQL_WHERE_CLAUSE    server='mailhost.example.com'

##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
#
# The username field should include the domain (see example below).
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
#         $(local_part), $(domain), $(service)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the service being authenticated: imap, imaps,
# pop3 or pop3s.  Courier mail server only: service will also expand out to
# "courier", when searching for local mail account's location.  In this case,
# if the "maildir" field is not empty it will be used in place of
# DEFAULTDELIVERY.  Courier mail server will also use esmtp when doing
# authenticated ESMTP.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE    SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),            \
#            CONCAT('{MD5}', popbox.password_hash),        \
#            popbox.clearpw,                    \
#            domain.uid,                    \
#            domain.gid,                    \
#            CONCAT(domain.path, '/', popbox.mbox_name),    \
#            '',                        \
#            domain.quota,                    \
#            '',                        \
#            CONCAT("disableimap=",disableimap,",disablepop3=",    \
#                              disablepop3,",disablewebmail=",disablewebmail, \
#                              ",sharedgroup=",sharedgroup)             \
#            FROM popbox, domain                \
#            WHERE popbox.local_part = '$(local_part)'    \
#            AND popbox.domain_name = '$(domain)'        \
#            AND popbox.domain_name = domain.domain_name


##NAME: MYSQL_ENUMERATE_CLAUSE:1
#
# {EXPERIMENTAL}
# Optional custom SQL query used to enumerate accounts for authenumerate,
# in order to compile a list of accounts for shared folders.  The query
# should return the following fields: name, uid, gid, homedir, maildir, options
#
# Example:
# MYSQL_ENUMERATE_CLAUSE    SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),            \
#            domain.uid,                    \
#            domain.gid,                    \
#            CONCAT(domain.path, '/', popbox.mbox_name),    \
#            '',                        \
#            CONCAT('sharedgroup=', sharedgroup)        \
#            FROM popbox, domain                \
#            WHERE popbox.local_part = '$(local_part)'    \
#            AND popbox.domain_name = '$(domain)'        \
#            AND popbox.domain_name = domain.domain_name

##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
#     $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE    UPDATE    popbox                    \
#            SET    clearpw='$(newpass)',            \
#                password_hash='$(newpass_crypt)'    \
#            WHERE    local_part='$(local_part)'        \
#            AND    domain_name='$(domain)'
#


"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 10:20 
>>Конфиг authdaemonrc:

##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $

##NAME: authmodulelist:2
#
# The authentication modules that are linked into authdaemond.  The
# default list is installed.  You may selectively disable modules simply
# by removing them from the following list.  The available modules you
# can use are: authuserdb authvchkpw authpam authldap authmysql authpgsql

#authmodulelist="authuserdb authvchkpw authpam authldap authmysql authpgsql"
authmodulelist="authmysql"
##NAME: authmodulelistorig:3
#
# This setting is used by Courier's webadmin module, and should be left
# alone

authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql"
#authmodulelistorig="authmysql"
##NAME: daemons:0
#
# The number of daemon processes that are started.  authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE:  Some platforms may experience a problem if there's more than
# one daemon.  Specifically, SystemV derived platforms that use TLI with
# socket emulation.  I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases.  Symptoms
# include sporadic authentication failures.  If you start getting
# authentication failures, increase daemons.  However, the default of 5
# SHOULD be sufficient.  Bumping up daemon count is only a short-term
# solution.  The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...

daemons=5

##NAME: authdaemonvar:2
#
# authdaemonvar is here, but is not used directly by authdaemond.  It's
# used by various configuration and build scripts, so don't touch it!

authdaemonvar=/var/run/authdaemond

##NAME: subsystem:0
#
# The syslog facility uses subsystem to determine which log messages
# are recorded in which log files.
#
# The currently defined subsystems are:
#
#    o auth
#    o authpriv
#    o console
#    o cron
#    o daemon
#    o ftp
#    o kern
#    o lpr
#    o mail
#    o news
#    o security
#    o user
#    o uucp
#    o local0
#    o local1
#    o local2
#    o local3
#    o local4
#    o local5
#    o local6
#    o local7
#
# Note:  Not all of the above facility names are implemented on
# every system.  Check your system's syslog documentation for
# information on which facility names are allowed, and which log
# files record the corresponding messages for each facility.

subsystem=mail

##NAME: DEBUG_LOGIN:0
#
# Dump additional diagnostics to syslog
#
# DEBUG_LOGIN=0   - turn off debugging
# DEBUG_LOGIN=1   - turn on debugging
# DEBUG_LOGIN=2   - turn on debugging + log passwords too
#
# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
#
# Note that most information is sent to syslog at level 'debug', so
# you may need to modify your /etc/syslog.conf to be able to see it.

DEBUG_LOGIN=2

##NAME: DEFAULTOPTIONS:0
#
# A comma-separated list of option=value pairs. Each option is applied
# to an account if the account does not have its own specific value for
# that option. So for example, you can set
#   DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
# and then enable webmail and/or imap on individual accounts by setting
# disablewebmail=0 and/or disableimap=0 on the account.

DEFAULTOPTIONS="wbnodsn=1"

##NAME: LOGGEROPTS:0
#
# courierlogger(1) options, e.g. to set syslog facility
#

LOGGEROPTS=""

##NAME: LDAP_TLS_OPTIONS:0
#
# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
# Examples:
#
#LDAPTLS_CACERT=/path/to/cacert.pem
#LDAPTLS_REQCERT=demand
#LDAPTLS_CERT=/path/to/clientcert.pem
#LDAPTLS_KEY=/path/to/clientkey.pem


"Проблемы с авторизацией на почте"
Отправлено Heckfy , 29-Апр-08 11:23 
Интересно.
1. Попробуй запустить курьера и pop3d с ключами, включающими отладку.
2. Авторизуйся с сервисами телнетом.

Пример сеанса с IMAP:
http://www.opennet.me/docs/RUS/exit_setup/dovecot.html
http://www.google.com/search?q=site:opennet.ru+telnet+imap

Простой пример для POP3:
http://lithium.opennet.ru/kuban.ru/net.html

Напиши, что у тебя происходит на стороне сервера и в телнете.


"Проблемы с авторизацией на почте"
Отправлено hate , 29-Апр-08 11:35 

#auth_cram_md5:
#     driver = cram_md5
#     public_name = CRAM-MD5
#     server_secret = ${lookup mysql{SELECT passwd FROM users  WHERE id =
'${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}'
AND active = 'Y'}{$value}fail}


  Заремь две последние строки.


"Проблемы с авторизацией на почте"
Отправлено Elektron , 29-Апр-08 11:39 
>[оверквотинг удален]
>#     public_name = CRAM-MD5
>#     server_secret = ${lookup mysql{SELECT passwd FROM users  WHERE id
>=
>'${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}'
>AND active = 'Y'}{$value}fail}
>
>
>
>
>  Заремь две последние строки.

НА самом деле эти строки заремлены, просто здесь перенеслось


"Проблемы с авторизацией на почте"
Отправлено _KAV_ , 29-Апр-08 13:36 
А может, сначала стандартная проверка - как ДНС работает?
для проверки зайти телнетом с юзерской машины на почтовый сервак - если тоже логин долгий, то настроить ДНС.