[Dovecot] Vpopmail and lastauth

Rick Romero rick at havokmon.com
Tue Apr 12 16:51:07 EEST 2011 

I had the same issue - Dovecot has it's own method of updating  
lastauth and doesn't put the IP address in the field, but 'pop' or  
'imap'.  I'd rather have the IP.  It was easier to just write my own  
postauth script.

I've added a 'type' field so I can keep track of pop/imap/smtp  
separately, you probably don't want to use that, as the default  
vpopmail install assumes only 1 lastauth record per username.

service pop3 {
   executable = /usr/local/libexec/dovecot/pop3 pop-postlogin
}

service pop-postlogin {
   executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh
   user = vpopmail
}

service imap-postlogin {
   executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh
   user = vpopmail
}
service imap {
   executable = /usr/local/libexec/dovecot/imap imap-postlogin
}

----------------------------------------

lastauth-imap.sh:
#!/bin/sh
/usr/local/etc/dovecot/lastauth-imap.pl &
exec "$@"

----------------------------------------

lastauth-pop.sh:
#!/bin/sh
/usr/local/etc/dovecot/lastauth-pop.pl &
exec "$@"

----------------------------------------

lastauth.pl  (softlinked as lastauth-pop.pl/lastauth-imap.pl)
#!/usr/bin/perl -w
##
## Update LastAuth from Dovecot
##
use strict;
use DBI;

my $key;
my ($username, $domain) = split(/@/,$ENV{USER});
my $remote_ip = $ENV{IP};
my $authtype = "pop/imap";

if (index($0,"imap") != -1)  {
    $authtype = "dovecot-imap";
}
if (index($0,"pop") != -1)  {
    $authtype = "dovecot-pop";
}

my $driver = DBI->install_driver('mysql');

my $dbh = DBI->connect('DBI:mysql:vpopmail:localhost','user','pass');
die "Unable to Connect $DBI::errstr\n" unless (defined $dbh);

#$ENV{PATH} = "/bin:/usr/bin:/usr/local/bin:.";

#my $update_data = $dbh->prepare(q{REPLACE into lastauth set user = ?,  
domain = ?, remote_ip = ?, timestamp = ?, type = ? });
#my  
$num_rows=$update_data->execute($username,$domain,$remote_ip,time,$authtype);
my $update_data = $dbh->prepare(q{REPLACE into lastauth set user = ?,  
domain = ?, remote_ip = ?, timestamp = ? });
my $num_rows=$update_data->execute($username,$domain,$remote_ip,time);

$dbh->disconnect;

------------------------------------------------------------------------------------------------------

Rick

Quoting "mailing at securitylabs.it" <mailing at securitylabs.it>:

> Hello, I'm migrating many accounts to a new server with vpopmail  
> 5.4.33 and dovecot 2.0.11.
>
> I've already vpopmail 5.4.32 and dovecot 1.2.16 on others servers  
> running without problems.
>
> With dovecot 2.0.11 my lastauth file is not updated. This file  
> usually is update on any access (smtp, pop3, imap) with the client's  
> IP, for every mailbox. Now it's updated only when a client  
> authenticate itself via SMTP (smtp-auth with qmail + vpopmail), and  
> not with imap/pop3 access.
>
> My conf:
>
> # 2.0.11: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1
> auth_cache_negative_ttl = 2 mins
> auth_cache_size = 1000 M
> auth_cache_ttl = 2 mins
> auth_mechanisms = plain cram-md5 apop
> auth_username_chars =  
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
> disable_plaintext_auth = no
> first_valid_uid = 89
> last_valid_uid = 95
> lock_method = dotlock
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> login_greeting = Server ready.
> mail_fsync = never
> mail_gid = vchkpw
> mail_location = maildir:~/Maildir
> mail_privileged_group = vchkpw
> mail_uid = vpopmail
> namespace {
>   inbox = yes
>   location =
>   prefix = INBOX.
>   separator = .
>   type = private
> }
> passdb {
>   args = webmail=127.0.0.1
>   driver = vpopmail
> }
> plugin/mail_log_events = delete expunge
> plugin/mail_log_group_events =
> plugin/quota = maildir
> plugin/quota_rule = ?:storage=0
> pop3_uidl_format = %f
> protocols = imap pop3
> service auth {
>   unix_listener auth-userdb {
>     group = vchkpw
>     mode = 0600
>     user = vpopmail
>   }
> }
> service imap-login {
>   client_limit = 256
>   process_limit = 128
>   process_min_avail = 3
>   service_count = 1
> }
> service imap {
>   drop_priv_before_exec = yes
>   process_limit = 256
>   vsz_limit = 256 M
> }
> service pop3-login {
>   client_limit = 256
>   process_limit = 128
>   process_min_avail = 3
>   service_count = 1
> }
> service pop3 {
>   drop_priv_before_exec = yes
>   process_limit = 256
>   vsz_limit = 256 M
> }
> ssl_cert = </usr/local/etc/dovecot/dovecot.crt
> ssl_key = </usr/local/etc/dovecot/dovecot.key
> userdb {
>   args = quota_template=quota_rule=*:backend=%q
>   driver = vpopmail
> }
> protocol imap {
>   mail_max_userip_connections = 10
>   mail_plugins = " notify quota imap_quota mail_log"
> }

More information about the dovecot mailing list