Welcome to my blog! Feel free to post comments.
- Andrew


Visit Coldfusion Community


<< December, 2006 >>
SMTWTFS
12
3456789
10111213141516
17181920212223
24252627282930
31
Search Blog

Categories
922r (1) RSS
Actionscript 3 (2) RSS
Backup (2) RSS
Bluetooth (1) RSS
charting (1) RSS
ColdFusion (27) RSS
compliance (1) RSS
craigslist (1) RSS
dot-Net (1) RSS
DRM (1) RSS
Eclipse (2) RSS
Firewall (1) RSS
Flash (1) RSS
Flex 2 (7) RSS
Flex 3 (2) RSS
FusionDox (1) RSS
gmail (1) RSS
google (3) RSS
ipod/iphone (1) RSS
Java (4) RSS
Javascript (1) RSS
JRun (2) RSS
Linux (1) RSS
maps (1) RSS
Motorcycles (1) RSS
MP3 (1) RSS
Open Source (4) RSS
PHP (2) RSS
Qmail (3) RSS
Rants (4) RSS
sks (1) RSS
Vista (2) RSS
Windows 2003 (2) RSS
Archives
June 2008 (1)
May 2008 (1)
April 2008 (2)
March 2008 (1)
February 2008 (2)
January 2008 (1)
December 2007 (2)
November 2007 (7)
October 2007 (2)
September 2007 (1)
August 2007 (3)
July 2007 (5)
June 2007 (4)
March 2007 (2)
January 2007 (6)
December 2006 (1)
November 2006 (1)
June 2006 (1)
May 2006 (1)
October 2005 (2)
August 2005 (1)
July 2005 (1)
RSS
RSS 1.0 (all)
More RSS feeds...


Powered by
BlogCFM v1.14

Authenticating web applications agains vpopmail + qmail
30 December 2006
Categories:   ColdFusion Qmail

We run qmail + vpopmail + spamassassin for email.  it is relatively nice, however the spamassassin config uses qmail-scanner and has a global configuration for multiple domains.  sooo... I wanted to build a web based app where users could manage a whitelist of email addresses to go into the global config.

The first challenge: I dont want to have to add new accounts for everybody that wants access to the whitelist, so I better re-use what security info is available.

Turns out that you can get lots of useful information about a domain in vpopmail by running this command:

/home/vpopmail/bin/vuserinfo -a postmaster@yourdomain.com

This will pull out the postmaster password and a bunch of other useful things.  For now at least, the password is all we need.

Now, choose your technology to write your web app, but use something that can execute local commands.  In this case, we have ColdFusion running on Redhat Enterprise Linux, so we can use the <cfexecute> tag to run the above command, capture the output, which includes the password, and scrape it to pull out the info we want.  Now all we do is compare what the user entered to the real password, and you are done!

So, once this was all put together, users authenticate to my web app by using their domain name and vpopmail postmaster password.

Hope this was helpful.  Feel free to ask me questions if you have similar problems and need help.

Posted by aschwabe at 12:00 AM | Link | 0 comments