passwd

-------

Postfixadmin Squirellmail Plugins To Change Postfix User Password

1 - Download and install change_sqlpass plugin

cd /usr/share/squirrelmail/plugins/

wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_sqlpass-3.3-1.2.tar.gz

tar zxvf change_sqlpass-3.3-1.2.tar.gz

2 - Patch functions.php (BUG with md5crypt)

vi functions.php

Search for this:

case strtolower(PASSWORD_ENCRYPTION_MD5CRYPT): return '"' . md5crypt($password, $salt) . '"';

Change to:

case strtolower(PASSWORD_ENCRYPTION_MD5CRYPT): include_once(SM_PATH . 'plugins/change_sqlpass/md5crypt.php'); return '"' . md5crypt($password, $salt) . '"';

3 - Create new config.php with this content (don’t use the default config.php.sample)

vi config.php

Before you copy the content, change this line with your MySQL password (your_mysql_password):

$csp_dsn = 'mysql://root:your_mysql_password@127.0.0.1/dbispconfig';

Here's the full config.php file:

<?php  /**   * SquirrelMail Change SQL Password Plugin   * Copyright (C) 2001-2002 Tyler Akins   *               2002 Thijs Kinkhorst <kink@users.sourceforge.net>   *               2002-2005 Paul Lesneiwski <paul@openguild.net>   * This program is licensed under GPL. See COPYING for details   *   * @package plugins   * @subpackage Change SQL Password   *   */      // Global Variables, don't touch these unless you want to break the plugin    //    global $csp_dsn, $password_update_queries, $lookup_password_query,           $force_change_password_check_query, $password_encryption,           $csp_salt_query, $csp_salt_static, $csp_secure_port,           $csp_non_standard_http_port, $csp_delimiter, $csp_debug,           $min_password_length, $max_password_length, $include_digit_in_password,           $include_uppercase_letter_in_password, $include_lowercase_letter_in_password,           $include_nonalphanumeric_in_password;       // csp_dsn    //    // Theoretically, any SQL database supported by Pear should be supported    // here.  The DSN (data source name) must contain the information needed    // to connect to your database backend. A MySQL example is included below.    // For more details about DSN syntax and list of supported database types,    // please see:    //   http://pear.php.net/manual/en/package.database.db.intro-dsn.php    //    $csp_dsn = 'mysql://root:your_mysql_password@127.0.0.1/dbispconfig';       // lookup_password_query    //    // This plugin will always verify the user's old password    // against their login password, but an extra check can also    // be done against the database for more security if you    // desire.  If you do not need the extra password check,    // make sure this setting is empty.    //    // This is a query that returns a positive value if a user    // and password pair are found in the database.    //    // This query should return one value (one row, one column), the    // value being ideally a one or a zero, simply indicating that    // the user/password pair does in fact exist in the database.    //    //   %1 in this query will be replaced with the full username    //      (including domain), such as "jose@example.com"    //   %2 in this query will be replaced with the username (without    //      any domain portion), such as "jose"    //   %3 in this query will be replaced with the domain name,    //      such as "example.com"    //   %4 in this query will be replaced with the current (old)    //      password in whatever encryption format is needed per other    //      plugin configuration settings (Note that the syntax of    //      the password will be provided depending on your encryption    //      choices, so you NEVER need to provide quotes around this    //      value in the query here.)    //   %5 in this query will be replaced with the current (old)    //      password in unencrypted plain text.  If you do not use any    //      password encryption, %4 and %5 will be the same values,    //      except %4 will have double quotes around it and %5 will not.    //    //$lookup_password_query = '';    // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"';    $Lookup_Password_Query = 'SELECT count(*) FROM mail_user WHERE email = "%1" AND crypt_password = %4';    //$Lookup_Password_Query = '';       // password_update_queries    //    // An array of SQL queries that will all be executed    // whenever a password change attempt is made.    //    // Any number of queries may be included here.    // The queries will be executed in the order given here.    //    //   %1 in all queries will be replaced with the full username    //      (including domain), such as "jose@example.com"    //   %2 in all queries will be replaced with the username (without    //      any domain portion), such as "jose"    //   %3 in all queries will be replaced with the domain name,    //      such as "example.com"    //   %4 in all queries will be replaced with the new password    //      in whatever encryption format is needed per other    //      plugin configuration settings (Note that the syntax of    //      the password will be provided depending on your    //      encryption choices, so you NEVER need to provide quotes    //      around this value in the queries here.)    //   %5 in all queries will be replaced with the new password    //      in unencrypted plain text - BEWARE!  If you do not use    //      any password encryption, %4 and %5 will be the same    //      values, except %4 will have double quotes around it    //      and %5 will not.    //    $password_update_queries = array(             'UPDATE mail_user SET password = %4 WHERE email = "%1"', //            'UPDATE users SET crypt_password = %4 WHERE username = "%1"', //            'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"', //            'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"',                                    );       // force_change_password_check_query    //    // A query that checks for a flag that indicates if a user    // should be forced to change their password.  This query    // should return one value (one row, one column) which is    // zero if the user does NOT need to change their password,    // or one if the user should be forced to change it now.    //    // This setting should be an empty string if you do not wish    // to enable this functionality.    //    //   %1 in this query will be replaced with the full username    //      (including domain), such as "jose@example.com"    //   %2 in this query will be replaced with the username (without    //      any domain portion), such as "jose"    //   %3 in this query will be replaced with the domain name,    //      such as "example.com"    //    //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"';    //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"';    //$force_change_password_check_query = 'SELECT force_change_pwd FROM mail_user WHERE email = "%1"';    $force_change_password_check_query = '';       // password_encryption    //    // What encryption method do you use to store passwords    // in your database?  Please use one of the following,    // exactly as you see it:    //    //   NONE          Passwords are stored as plain text only    //   MYSQLPWD      Passwords are stored using the MySQL password() function    //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function    //   PHPCRYPT      Passwords are stored using the PHP crypt() function    //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm    //   MD5           Passwords are stored as MD5 hash    //    $password_encryption = 'MD5CRYPT';       // csp_salt_query    // csp_salt_static    //    // Encryption types that need a salt need to know where to get    // that salt.  If you have a constant, known salt value, you    // should define it in $csp_salt_static.  Otherwise, leave that    // value empty and define a value for the $csp_salt_query.    //    // Leave both values empty if you do not need (or use) salts    // to encrypt your passwords.    //    // The query should return one value (one row, one column) which    // is the salt value for the current user's password.  This    // query is ignored if $csp_salt_static is anything but empty.    //    //   %1 in this query will be replaced with the full username    //      (including domain), such as "jose@example.com"    //   %2 in this query will be replaced with the username (without    //      any domain portion), such as "jose"    //   %3 in this query will be replaced with the domain name,    //      such as "example.com"    //    //$csp_salt_static = 'LEFT(crypt_password, 2)';    //$csp_salt_static = '"a4"';  // use this format with MYSQLENCRYPT    //$csp_salt_static = '$2$blowsomefish$';  // use this format with PHPCRYPT      //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM mail_user WHERE email = "%1"';    //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"';    //$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';    $csp_salt_query = 'SELECT SUBSTRING(PASSWORD, 4, 8) FROM mail_user WHERE email = "%1"';        // csp_secure_port    //    // You may ensure that SSL encryption is used during password    // change by setting this to the port that your HTTPS is served    // on (443 is typical).  Set to zero if you do not wish to force    // an HTTPS connection when users are changing their passwords.    //    // You may override this value for certain domains, users, or    // service levels through the Virtual Host Login (vlogin) plugin    // by setting a value(s) for $vlogin_csp_secure_port in the vlogin    // configuration.    //    $csp_secure_port = 0;    //$csp_secure_port = 443;       // csp_non_standard_http_port    //    // If you serve standard HTTP web requests on a non-standard    // port (anything other than port 80), you should specify that    // port number here.  Set to zero otherwise.    //    // You may override this value for certain domains, users, or    // service levels through the Virtual Host Login (vlogin) plugin    // by setting a value(s) for $vlogin_csp_non_standard_http_port    // in the vlogin configuration.    //    //$csp_non_standard_http_port = 8080;    $csp_non_standard_http_port = 0;       // min_password_length    // max_password_length    // include_digit_in_password    // include_uppercase_letter_in_password    // include_lowercase_letter_in_password    // include_nonalphanumeric_in_password    //    // You can set the minimum and maximum password lengths that    // you accept or leave those settings as zero to indicate that    // no limit should be applied.    //    // Turn on any of the other settings here to check that the    // new password contains at least one digit, upper case letter,    // lower case letter and/or one non-alphanumeric character.    //    $min_password_length = 6;    $max_password_length = 0;    $include_digit_in_password = 0;    $include_uppercase_letter_in_password = 0;    $include_lowercase_letter_in_password = 0;    $include_nonalphanumeric_in_password = 0;       // csp_delimiter    //    // if your system has usernames with something other than    // an "@" sign separating the user and domain portion,    // specify that character here    //    //$csp_delimiter = '|';    $csp_delimiter = '@';       // debug mode    //    $csp_debug = 0;    ?>

4 - Download and install compatibility plugin

cd ..

wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.14-1.0.tar.gz

tar zxvf compatibility-2.0.14-1.0.tar.gz

NOTE: This plugin doesn't need activation, only decompress the plugin.

5 - Install pear DB

pear install DB

6 - Clean the installation

cd ..

rm change_sqlpass-3.3-1.2.tar.gz

rm compatibility-2.0.14-1.0.tar.gz

7 - Activate the plugin in SquirrelMail

squirrelmail-configure

8. Plugins

x. change_sqlpass

Save S and exit Q.

                       --------X  -------

Postfixadmin Squirellmail Plugins To Change Postfix User Password

What is Postfixadmin Squirellmail Plugins ?

This plugin is used to help postfix user to be able to change their password, autovacation and forwarding via squirellmail webmail without need to asking admin to change their needs.

Prepare anything to start

1. Zend Framework Minimal. We can download it from this URL http://framework.zend.com/releases/ZendFramework-1.10.8/ZendFramework-1....

2. We need to recompile / install php to support XMLRPC

3. We need to install PHP MDB2 library using PEAR 

4. Download and Install postfixadmin-squirellmail plugins, we can download it via SVN command below :

#svn co  http://squirrelmail-postfixadmin.palepurple.co.uk/svn

I Assume we already have apache, php, mysql and webmail install and running properly in the server 

Download and Copy Zend Framework Library to PHP Include Path

Note : 

My php Include Path is stored in /usr/local/lib/php

Login into the server as root

#cd /root

#wget http://framework.zend.com/releases/ZendFramework-1.10.8/ZendFramework-1....

#tar -zxvf ZendFramework-1.10.8-minimal.tar.gz

#cd /root/ZendFramework-1.10.8-minimal/library

#mv Zend /usr/local/lib/php/

Recompile PHP to support PHP XMLRPC Extensions

Previously i have php-5.2.14 in my root directory, so i can just recompile it using the sources

#cd /root

#cd php-5.2.14

#./configure '--enable-fpm' '--enable-fastcgi' '--with-mcrypt' '--with-zlib' '--enable-mbstring' '--disable-debug' '--enable-inline-optimization' '--enable-sockets' '--enable-zip' '--with-curl' '--with-mysql=/usr/local' '--with-xmlrpc' 

#make

#make install

Install PHP MDB2 Library Using PEAR

#pear install MDB2#mysql

Download and Install Postfixadmin-squirellmail plugins

#cd /root 

#svn co  http://squirrelmail-postfixadmin.palepurple.co.uk/svn

#cd svn/tags

#mv squirrelmail-postfixadmin-0.4.3 /home/users1/webmail/plugins/postfixadmin

Edit the plugins

#cd /home/users1/webmail/plugins/postfixadmin

#cp config.php.sample config.php

#pico config.php

$CONF['database_type'] = 'mysql'; /* or mysql or other db as supported by MBD2 */

$CONF['database_host'] = 'localhost';

$CONF['database_user'] = 'postfix';

$CONF['database_password'] = 'yourpostfixpassword';

$CONF['database_name'] = 'postfix';

$CONF['vacation_domain'] = 'autoreply.my.domain.com';

$AllowVacation = true;

$AllowChangePass = true;

Edit plugin function

sudo vim /usr/share/squirrelmail/plugins/postfixadmin/functions.inc.php

line 24: add 

ini_set('include_path',ini_get('include_path').':/usr/share/php:');  

Configure Squirellmail Plugins

#cd /home/users1/webmail/config

#./conf.pl

Press 8 for plugins

You will see an Available Plugins there. Example if "postfixadmin" plugin is in number 2 then

Press 2 for postfixadmin

Press S for Save data

Press Q for Quit

Restart Your Webserver.

#/usr/local/apache/bin/apachectl stop

#/usr/local/apache/bin/apachectl start

Open your browser and try to access your webmail 

Login into the webmail and click Options

You will see 3 new options there like : Auto Response, Forwarding and Change Password

Click Change Password

Input your old password

Input twice your new password.

Logout from squirellmail

       ------------X---------

NoteThe settings $AllowForwarding and $AllowChangePass can be set to true only if you are using Postfix Admin to manage your Postfix mail server.6. Login to SquirrelMail and click Options, you should now see the new Auto Response section.

7. Congratulations, it works.

------------