The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Authentication Data

Discussion in 'E-mail Discussions' started by beddo, Sep 21, 2011.

  1. beddo

    beddo Well-Known Member

    Joined:
    Jan 19, 2007
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England
    cPanel Access Level:
    DataCenter Provider
    Hi folks,

    Long story in the short form, I'm adding redundancy to my mail setup.

    I am looking for a way to copy the email authentication data from a WHM server to be used with Exim on another server.

    Exim uses dovecot through /var/run/dovecot/auth-client to authenticate, so the question then become where does dovecot keep its auth data and how to I access it?

    The key file seems to be: /usr/local/cpanel/bin/dovecot-auth

    If I was to synch this file (say every 30 minutes) to a separate instance of dovecot running on the none WHM server and use the same auth in Exim, would authentication thus be synched?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The files are in /home/username/etc/domain.com location for the username and passwords (passwd and shadow files there). You would only be copying the binary if you copied /usr/local/cpanel/bin/dovecot-auth file.
     
  3. beddo

    beddo Well-Known Member

    Joined:
    Jan 19, 2007
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England
    cPanel Access Level:
    DataCenter Provider
    Thanks for that, many files makes it more complicated - but not impossible.

    So my next theory would be a script that checks for /home/*/etc/*/passwd and /home/*/etc/*/shadow and merges all the results into one passwd and one shadow file.

    Transport that over and somehow make Exim use it.

    If I do come up with a solution I'll make sure to put it up here.
     
  4. beddo

    beddo Well-Known Member

    Joined:
    Jan 19, 2007
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England
    cPanel Access Level:
    DataCenter Provider
    In case anyone is interested, the following perl script collects all the relevant information from my system and puts it into an exim passwd file. It then needs to be copied to the exim server (copy as /etc/exim/passwd and Exim set up to use PAM with that file).

    It may need some modifications depending on system config. I had to put an if in to detect if the path began with /usr or /home for mine and the temp array numbers may vary depending on your paths too.

    Code:
    #!/usr/local/bin/perl
    
    use strict;
    
    my @outputfile;
    my $fname = "/root/passwdcollect";
    if (-e $fname) { unlink($fname); }
    
    my @passwd_list = `find /home/*/etc/*/passwd`;
    my @shadow_list = `find /home/*/etc/*/shadow`;
    
    my @fullpw =();
    my %fullsh =();
    
    foreach (@passwd_list) {
            open (PWLIST, "<$_");
            @fullpw= (@fullpw, <PWLIST>);
    }
    
    foreach (@shadow_list) {
            open (PWLIST, "<$_");
            while ( <PWLIST> ) {
                    my @temp = split(/:/,$_);
                    $fullsh{$temp[0]} = $temp[1];
            }
    }
    
    foreach (@fullpw) {
            my @temp = split(/:/,$_);
            my @temp2 = split(/\//,$temp[5]);
            if ($temp2[1] eq "usr") {
                    push(@outputfile, $temp2[6],"@",$temp2[5],":",$fullsh{$temp2[6]},"::\n");
    
            }
            if ($temp2[1] eq "home") {
                    push(@outputfile, $temp2[5],"@",$temp2[4],":",$fullsh{$temp2[5]},"::\n");
            }
    }
    
    open my $FH,">>$fname" or die "Can't open $fname: $!";
    foreach( @outputfile) {
            print $FH $_;
    }
    close $FH
    
     
    #4 beddo, Sep 25, 2011
    Last edited: Sep 25, 2011
  5. beddo

    beddo Well-Known Member

    Joined:
    Jan 19, 2007
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England
    cPanel Access Level:
    DataCenter Provider
    Please don't use the script in the last post it has a fairly major bug. If the same alias exists under multiple domains it will record the password for the last one it finds against all of those aliases!

    This one works much better. I've also had to modify it to include /home2 as for some random reason one of the accounts uses that despite everything being told otherwise.

    Code:
    #!/usr/local/bin/perl
    
    use strict;
    use File::Basename;
    
    my @outputfile;
    my $fname = "/mnt/iscsi/pass/passwdfred";
    if (-e $fname) { unlink($fname); }
    
    my @passwd_list = `find /home/*/etc/*/passwd`;
    my @shadow_list = `find /home/*/etc/*/shadow`;
    
    my @fullpw =();
    my %fullsh =();
    
    foreach (@passwd_list) {
            open (PWLIST, "<$_");
            @fullpw= (@fullpw, <PWLIST>);
    }
    
    foreach (@shadow_list) {
            my ($fname, $dir) = fileparse($_);
            my @domtemp = split(/\//,$_);
            my $dname = $domtemp[$#domtemp-1];
            open (PWLIST, "<$_");
            while ( <PWLIST> ) {
                    my @temp = split(/:/,$_);
                    my $emailaddr = $temp[0] . "@" . $dname;
                    $fullsh{$emailaddr} = $temp[1];
            }
    }
    
    foreach (@fullpw) {
            my @temp = split(/:/,$_);
            my @temp2 = split(/\//,$temp[5]);
            if ($temp2[1] eq "usr") {
                    my $emailaddr = $temp2[6] . "@" . $temp2[5];
                    push(@outputfile, $emailaddr,":",$fullsh{$emailaddr},"\n");
    
            }
            if ($temp2[1] eq "home" or $temp2[1] eq "home2") {
                    my $emailaddr = $temp2[5] . "@" . $temp2[4];
                    push(@outputfile, $emailaddr,":",$fullsh{$emailaddr},"\n");
            }
    }
    
    open my $FH,">>$fname" or die "Can't open $fname: $!";
    foreach( @outputfile) {
            print $FH $_;
    }
    close $FH
     
Loading...

Share This Page