T M D A

  
TMDA Homepage TMDA @ SourceForge      
Overview
Introduction
History
Features
Results & Testimonials
TMDA In Use
Press Coverage
 
Usage
Requirements
Download
Installation
Configuration
HOWTOs
 
HOWTOs
Overview
tmda-ofmipd
 
Support
Troubleshooting
FAQ
Bugs & Patches
Mailing Lists
List Archive
External Resources
 
Author
Jason R. Mastaler
 
© 2001-2002
  

tmda-ofmipd


What is it ?

tmda-ofmipd is an async I/O based authenticated ofmip proxy for TMDA. This allows users of any mail client capable of SMTP Authentication (e.g, Outlook, Eudora, Mozilla) to "tag" their outgoing mail as described in the Client Configuration section.

tmda-ofmipd does this by listening on an available port (e.g, 8025), accepting SMTP connections to that port, and then "tagging" the message according to the TMDA configuration of the authenticated user.

I call it a proxy because it's not replacing the real SMTP server. It only accepts the message from the client, transforms the headers, and then sends the message by handing it off to the real SMTP server.

There are several reasons why you may want (or have to) use tmda-ofmipd to take advantage of TMDA's client features:
  • Your mail client (MUA) doesn't support a /usr/sbin/sendmail interface, but rather uses direct SMTP to send mail. This includes practically all non-Unix mail clients, and even some Unix clients such as Mozilla.

  • You want to maintain your TMDA configuration in one central location instead of on your workstation and your mail server. Unless the two share a home directory via NFS or somesuch, this isn't trivial. tmda-ofmipd allows you to maintain only one set of files (on the server).

Requirements

  • Python 2.2 or greater. tmda-ofmipd uses some essential features that were introduced in the 2.2 release. If your Python is older than this, please upgrade.

  • An MUA that supports RFC 2554 SMTP Authentication (i.e, username/password). TMDA FAQ 5.6 contains a preliminary list of MUAs known to work with tmda-ofmipd.

    NOTE: If your MUA only supports a sendmail command-line interface, but you still want to use tmda-ofmipd, see below for some options.

Authentication

tmda-ofmipd implements the minimal SMTP protocol as defined in RFC 2821, the ESMTP EHLO command defined in RFC 1869, and SMTP Authentication (PLAIN, LOGIN, CRAM-MD5 methods) as defined in RFC 2554. The proxy cannot be used by an unauthenticated user.

Authentication Sources

tmda-ofmipd can get its authentication information from several different sources.
  1. From a "password" file that you create. The format of this file is simple. Each line of the file should contain a username and password separated by a colon; one entry per line. e.g,
    bobby:FooBar chloe:baz_bap johndoe:8i9/hjuy+33
    The username fields should match the usernames of the TMDA users on your mail server.

    The passwords need not be the same as any other passwords on the system. In fact, for security reasons, they should remain distinct!

    The default location for the authentication file /etc/tofmipd if running in global mode (see below), otherwise ~user/.tmda/tofmipd. These defaults can be overridden using tmda-ofmipd's `-a' flag.

    The authentication file must be chmod 600 or 400, and be owned by the user running the daemon. tmda-ofmipd will fail to start otherwise.

  2. A checkpassword compatible programs such as checkpassword-pam. This would allow you to utilize your existing password database. Use tmda-ofmipd's `-A' flag to specify the program and arguments. The help output contains such an example.

  3. Against a pop3, imap and imaps server. Use tmda-ofmipd's `-R' flag to specify the protocol, and optionally the hostname and port of the server. See the help output for example usage.

Running

Familiarize yourself with tmda-ofmipd's command-line options by reading the output of:
tmda-ofmipd --help
tmda-ofmipd can be run in two modes. "Personal" by your non-privileged TMDA user account for your own personal use, or "Global" by your system administrator to serve multiple TMDA users on the system with once instance of the daemon.

Personal mode

  1. Create an authentication file as described above in ~/.tmda/tofmipd.

  2. Start tmda-ofmipd:
    $ tmda-ofmipd -d &
    [1] 48676
    tmda-ofmipd started at Sun Jul 14 09:31:33 NZST 2002
            Listening on nightshade.la.mastaler.com:8025
    
    
    tmda-ofmipd is now listening for connections on port 8025 of your server.
    $ telnet nightshade.la.mastaler.com 8025
    Trying 128.165.148.67...
    Connected to nightshade.la.mastaler.com.
    Escape character is '^]'.
    220 nightshade.la.mastaler.com ESMTP tmda-ofmipd
    quit
    221 Bye
    Connection closed by foreign host.
    
    
    The host:port combination can be changed using the `-p' option. The `-d' option prints debugging information to stderr which might be useful until you get tmda-ofmipd working as you want it to.

Global mode

  1. Create an authentication file as described above in /etc/tofmipd.

  2. Create a non-priveleged user account for tmda-ofmipd to run under. The following creates an account for user `tofmipd', group `tofmipd' under FreeBSD:
    # pw groupadd tofmipd
    # pw useradd tofmipd -g tofmipd -s /nonexistent
    
    
    If you choose a name other than `tofmipd', make sure to start tmda-ofmipd with the `-u' option.

  3. Start tmda-ofmipd as root:
    # tmda-ofmipd -d &
    [1] 48676
    tmda-ofmipd started at Sun Jul 14 09:31:33 NZST 2002
            Listening on nightshade.la.mastaler.com:8025
    
    
    tmda-ofmipd is now running seteuid user `tofmipd', and listening for connections on port 8025 of your server.
    # telnet nightshade.la.mastaler.com 8025
    Trying 128.165.148.67...
    Connected to nightshade.la.mastaler.com.
    Escape character is '^]'.
    220 nightshade.la.mastaler.com ESMTP tmda-ofmipd
    quit
    221 Bye
    Connection closed by foreign host.
    
    
    The host:port combination can be changed using the `-p' option. The `-d' option prints debugging information to stderr which might be useful until you get tmda-ofmipd working as you want it to.

MUA Configuration

You must now configure your MUA to use a port other than 25 to send outgoing mail (by default, tmda-ofmipd runs on port 8025). Configuring your mail client to use an alternate SMTP port to send outgoing mail differs for every client, and is beyond to scope of this document. However, see the following two links for examples of how to do this for some of the more popular clients.

  • http://directory.purdue.edu/MAIL-HUB/md/smtp_auth.html
  • http://independence.net/internet/port26.htm

    If your MUA only supports a sendmail interface for sending mail, see TMDA FAQ 5.7 for some options.