[Dovecot] proxy logging

bugtraq bugtraq at md5.com.ar
Mon Feb 4 14:41:05 EET 2008


Yes, the proxy verifies if that password is correct before forward and I
want to insert a record on sql table if is succesfuly or not.

On one of proxy (/var/log/dovecot.log) I can see:

dovecot: Feb 04 10:31:16 Info: auth(default): client in: AUTH   1
PLAIN   service=imap    secured lip=127.0.0.1   rip=127.0.0.1
resp=AGRpZWdvQGpnbS5nb3YuYXIAZnVjayFvZmY=
dovecot: Feb 04 10:31:16 Info: auth-worker(default): mysql: Connected to
mysql-fe0 (vpopmail2)
dovecot: Feb 04 10:31:16 Info: auth-worker(default):
sql(diego at jdomain,127.0.0.1): query: SELECT pw_clear_passwd AS password,
pw_domain AS domain, '192.168.224.1' AS host, 'Y' AS nologin, 'Y' AS
nodelay, 'Y' AS proxy FROM vpopmail WHERE pw_name = 'diego' AND
pw_domain = 'domain' limit 1
dovecot: Feb 04 10:31:16 Info: auth(default): client out: OK    1
user=diego at domain   host=192.168.224.1      nologin proxy   pass=passwd
dovecot: Feb 04 10:31:16 Info: imap-login: proxy(diego at domain): started
proxying to 192.168.224.1:143: user=<diego at domain>, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, TLS
dovecot: Feb 04 10:31:18 Info: imap-login: proxy(diego at domain):
disconnecting 127.0.0.1

I can retrieve any of this for put on sql database?

Regards,.

Timo Sirainen escribió:
> On Thu, 2008-01-24 at 23:38 -0200, diego wrote:
>> Hi, I'm testing dovecot 1.1.beta14 on two debian etch with 
>> drbd+ocfs2[active/active], I use qmail+vpopmail(userdb) and three 
>> front-end with openbsd 4.2 with dovecot 1.1.beta14 as proxy with passdb 
>> sql through vpopmail database.
>> Is posible to add logs into vpopmail.vlog from proxys?, like "update 
>> vlog blah blah..." or in other sql database?
> 
> So the proxy verifies that the password is correct before forwarding the
> connection? And you want it to execute an SQL statement whenever user
> authenticates successfully?
> 
>> I tried with post login scripting but I don't recibe any variable.
> 
> Proxies don't log in, so that doesn't work.
> 
> The only way I see for this to work is if you use a SQL function that
> verifies first if the authentication was successful (you have user-given
> password in %w), and after that does the log update. But if you're using
> MySQL I'm not sure if this will work. There have been some problems with
> MySQL functions before.
> 


More information about the dovecot mailing list