[Dovecot] 'doveadm who' enhancement request

Brad Davidson brandond at uoregon.edu
Thu Jun 3 03:20:59 EEST 2010 

Timo,

> > Is there any chance 'doveadm who'
> > could use this to display the original connection source?
> 
> If login_trusted_networks contains proxies, I think it should already
do
> that?..

Interesting. I'd tried putting the private network in
login_trusted_networks but it got stuck in a loop until the director
process ran out of file handles, so I took it back out. This is probably
a little weird in that it's proxying to itself, and also trusting the
looped connection. I guess it's running the original endpoints through
the authdb for validation, which then proxies, causes another authdb
lookup, etc?

/etc/dovecot/dovecot.conf:
director_servers = 10.142.0.162
director_mail_servers = 10.142.0.162
login_trusted_networks = 10.142.0.0/24
passdb {
  driver = sql
  args = /etc/dovecot/proxy-sqlite.conf
}
passdb {
  driver = pam
}
userdb {
  driver = passwd
}

/etc/dovecot/proxy-sqlite.conf:
driver = sqlite
connect = /dev/null
password_query = SELECT null AS password, 'Y' AS nopassword, 'Y' AS
proxy WHERE '%{lip}' NOT LIKE '10.142.0.%%' AND '%{lip}' != '%{rip}'

The verbose auth look during the loop looked like:

(lots more of the following omitted)
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection:
pid=19120
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH
1       PLAIN   service=imap    secured lip=128.223.142.138
rip=128.223.157.45        lport=993       rport=60872     resp=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1
user=brandond   proxy   pass=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug:
sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS
nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%'
AND '128.223.142.138' != '128.223.157.45'
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection:
pid=19121
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH
1       PLAIN   service=imap    secured lip=128.223.142.138
rip=128.223.157.45        lport=993       rport=60872     resp=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1
user=brandond   proxy   pass=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug:
sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS
nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%'
AND '128.223.142.138' != '128.223.157.45'
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH
1       PLAIN   service=imap    secured lip=128.223.142.138
rip=128.223.157.45        lport=993       rport=60872     resp=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1
user=brandond   proxy   pass=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug:
sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS
nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%'
AND '128.223.142.138' != '128.223.157.45'
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection:
pid=19123
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection:
pid=19124
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
socket(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
connect(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH
1       PLAIN   service=imap    secured lip=128.223.142.138
rip=128.223.157.45        lport=993       rport=60872     resp=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
socket(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
connect(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1
user=brandond   proxy   pass=<hidden>
Jun  2 13:48:58 cc-popmap7 dovecot: auth: Debug:
sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS
nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%'
AND '128.223.142.138' != '128.223.157.45'
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
socket(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: director: Error:
connect(/var/run/dovecot//auth-login) failed: Too many open files
Jun  2 13:48:58 cc-popmap7 dovecot: imap-login: Warning: Error sending
handshake to auth server: Broken pipe

-Brad

More information about the dovecot mailing list