[Dovecot] Logging and libwrap

[Jesse]

On Mon, 1 Nov 2004, Timo Sirainen wrote:

>> a) PAM_RHOST patch

> This feature is already in 1.0-tests, and I don't really want to release any 
> more 0.99.x releases unless really needed.

No problem here if it's in a future version. I applied the patch on my own 
copy already.

>> b) Better logging
>
> With 1.0-tests auth_verbose = yes gives better logging and allows you to log 
> PID for each line.
>
> The "Disconnected" line is written only when a user connected, but didn't log 
> in. There is no logout-line after a successful login.
>
> Anyway, better and more configurable logging is planned..

Glad to hear, guess I'll have to wait for 1.0!

>> c) libwrap
>> Any chance of getting libwrap support built into dovecot?
>
> I had thought about that before, but haven't bothered to implement it yet.

I think it would be very useful, as tcp_wrappers tends to be more portable 
than specific firewall implementations.

>From what I can tell from looking at other patches, adding libwrap support 
is typically a matter of only 1-5 lines.

I tried patching dovecot myself but my understanding of the internals of 
dovecot is weak and I wasn't successful.

>> Right now I'm running dovecot out of xinetd, so that I can see when tcp 
>> connections are opened, and take advantage of tcpwrappers. But this causes 
>> the problem that dovecot thinks all connections come from the local host.

> Hmm. Why does it do that? I thought the real socket was passed to Dovecot, so 
> the remote address would be correct. Unless you're doing some kind of 
> proxying in the middle?

I'm not doing anything special. Just a standard xinetd config, server = 
/usr/libexec/dovecot/imap-login, server_args = --ssl. But that's what I 
get in my local results -- the IP of the local host's ethernet interface.

---
Jesse <j at lumiere.net>