mobile logo

Zimbra – Pop before smtp authentication howto

posted on March 26, 2008 / IN Linux / 4 Comments

We had a client with 3000+ named users, and each of them were configured without authentication for smtp relaying, the qmail/vpopmail system they were migrating from had “pop before smtp” authentication. Well, we wanted to have as little disruption as possible for the migration so we needed to enable this same feature in Zimbra.

It is still planned to cutover the clients to SMTP Authentication, but this allows for a somewhat smoother transition.

1) Download and install Pop-before-smtp
– Changes in /etc/
$dbfile = '/opt/zimbra/postfix/conf/pop-before-smtp';
$ENV{'PATH'} = '/opt/zimbra/postfix/sbin';
$logtime_pat = '(dddd-dd-dd d+:d+:d+)';

$pat = ‘[LOGTIME],d+ INFO [Pop3Server-d+\] [name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4};oip=(d+.d+.d+.d+);] pop – user [A-Za-z0-9._%-
]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4} authenticated, mechanism=login’;

$out_pat = ‘[LOGTIME],d+ INFO [Pop3Server-d+\] [name=[A-Z0-9._%+-]+@[A-Z0-9.-]+.[A-Z]{2,4};oip=(d+.d+.d+.d+);] pop – quit from client’;
(you can download my file at the bottom of the page)

2) Change /opt/zimbra/conf/
from: %%uncomment VAR:!zimbraLogToSyslog%%log4j.rootLogger=INFO,LOGFILE
to: %%uncomment VAR:!zimbraLogToSyslog%%log4j.rootLogger=DEBUG,LOGFILE

3) add a line at the beginning of /opt/zimbra/conf/
check_client_access hash:/opt/zimbra/postfix/conf/pop-before-smtp

Restart zimbra and start the pop-before-smtp daemon.

It would be nice if the INFO logging had the IP address of the authenticated user, rather than having to enable debug.

If you need help with this type of setup, our Linux and Zimbra experts are ready to help.

Update — You don’t need to set logging to debug. Use these rules in place of the ones in step 1:

$PID_pat = '^[LOGTIME],d+ INFO [Pop3[A-Za-z]+-(d+)] ';
$IP_pat = $PID_pat . '[ip=(d+.d+.d+.d+);] pop - connected';
$OK_pat = $PID_pat . '[name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4};] pop - user [A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4} authenticated, mechanism=[A-Za-z]+';

As mentioned below, the quotes may not allow you to cut and paste properly. Use the download link for the proper config file format.

Download Config file to work with DEBUG logging. 

Download Config file to work with INFO logging.

By admin

Tagged With


Please use the form to leave a comment

    • KR
      Posted on April 10, 20084:00 pm Reply

      Great post, but it appears your single quotes were turned into “smart quotes” which might cause some people some problems if they cut-and-paste your instructions.

    • Jason
      Posted on June 1, 20081:58 am Reply

      thanks for this article. after some tweaking of the INFO expressions, I came up with these in order to catch both IMAP and POP authentications:

      $PID_pat = ‘^[LOGTIME],d+ INFO [(?:Pop3|Imap)[A-Za-z]+-(d+)] ‘;
      $IP_pat = $PID_pat . ‘[Ss]+(?:[|=)(d+.d+.d+.d+)[Ss]+ connected’;
      $OK_pat = $PID_pat . ‘[Ss]+name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4}[Ss]+(?:pop|imap) – user [A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4} authenticated, mechanism=[A-Za-z]+’;

    • cmontero
      Posted on August 22, 200811:30 am Reply

      I have tried this, but the file /opt/zimbra/postfix/conf/pop-before-smtp.db does not have any data..

      maybe some file permissions need to be modified? i’m using zimbra version 5.0.9


    • marnellej
      Posted on June 30, 20111:50 am Reply

      Tried this on Release 7.1.1_GA_3196.UBUNTU10_64 UBUNTU10_64 FOSS edition. but can’t seem to get it to work. do you have an updated that I can try ?

Page 1 of 1

Leave a comment.