Auth smtp

From Qmail-LDAP Wiki

NAME

auth_smtp - Authenticate smtp clients against LDAP directory

SYNOPSIS

auth_smtp

DESCRIPTION

auth_smtp will be invoked by qmail-smtpd to authenticate smtp users against user information stored into the LDAP directory. Once the user was authenticated successfully, relay is permitted to this user.

auth_smtp can increase or decrease the amount of information logged according to LOGLEVEL environment variable. See for more on this.

qmail-smtpd invokes auth_smtp under the presence of SMTPAUTH environment variable.

THE AUTHENTICATION PROCESS

auth_smtp will authenticate the users by checking if the received 'login_name' and 'password' match what is stored in the directory.

To find the LDAP entry for 'login_name', auth_smtp will search the directory for an entry having the attibute LDAP_UID = 'login_name'. When it finds this entry, it checks if the attribute LDAP_PASSWD = 'password'.

The user password can be stored in the directory using a cryptography algorithm. See LDAP_PASSWD for info on this. And see digest to create cryptographed passwords.

If SMTPAUTH = "TLSREQUIRED", the SMTP traffic will have to be encrypted with TLS before the 'login_name' and 'password' be transmitted through the network.

If the control file ldaprebind is set to 1 auth_smtp will not authenticate the user by retrieving his information from the directory, instead, auth_smtp will try to rebind to the LDAP server with the received 'login_name' and 'password'. If the rebind was successfull the user was authenticated.

CONTROL FILES

ldapbasedn, ldaplogin, ldapobjectclass, ldappassword, ldaprebind, ldapserver, ldaptimeout

ENVIRONMENT VARIABLES

LOGLEVEL