[Dovecot] Session IDs

Timo Sirainen tss at iki.fi
Sat Apr 28 17:53:12 EEST 2012


v2.1.2 added support for "session IDs", which is a 9 year unique identifier for that specific IMAP/POP3 connection. Initially I thought it would only be useful for tracking connections going through Dovecot proxies to backends (the session ID is forwarded), but then I thought it could be useful for everyone if auth process also logs the session ID. So I thought for v2.1.6 I'd change the defaults:

a) Failed login:

Apr 28 17:37:23 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured session=XtG7KL6+jQB/AAAB        lip=127.0.0.1   rip=127.0.0.1   lport=143       rport=42125     resp=<hidden>
Apr 28 17:37:23 auth: Debug: passwd-file(foo,127.0.0.1,<XtG7KL6+jQB/AAAB>): lookup: user=foo file=/usr/local/etc/passwd.imap
Apr 28 17:37:23 auth: Info: passwd-file(foo,127.0.0.1,<XtG7KL6+jQB/AAAB>): unknown user
Apr 28 17:37:25 auth: Debug: client out: FAIL   1       user=foo
Apr 28 17:37:50 imap-login: Info: Aborted login (auth failed, 1 attempts in 27 secs): user=<foo>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<XtG7KL6+jQB/AAAB>

b) Successful login:

Apr 28 17:38:27 auth: Debug: client in: AUTH    2       PLAIN   service=imap    secured session=rNuHLL6+jgB/AAAB        lip=127.0.0.1   rip=127.0.0.1   lport=143       rport=42126     resp=<hidden>
Apr 28 17:38:27 auth: Debug: passwd-file(tss,127.0.0.1,<rNuHLL6+jgB/AAAB>): lookup: user=tss file=/usr/local/etc/passwd.imap
Apr 28 17:38:27 auth: Debug: client out: OK     2       user=tss
Apr 28 17:38:27 auth: Debug: master in: REQUEST 1375993857      14321   2       0f2f78deedcb7e38a278cf79819360c5
Apr 28 17:38:27 auth: Debug: passwd-file(tss,127.0.0.1,<rNuHLL6+jgB/AAAB>): lookup: user=tss file=/usr/local/etc/passwd.imap
Apr 28 17:38:27 auth: Debug: master out: USER   1375993857      tss     uid=1000        gid=1000        home=/home/tss
Apr 28 17:38:27 imap-login: Info: Login: user=<tss>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=14338, secured, session=<rNuHLL6+jgB/AAAB>
..
Apr 28 17:47:15 imap(tss,<rNuHLL6+jgB/AAAB>): Info: Disconnected: Logged out in=8 out=369

The last line requires a modified mail_log_prefix, I wasn't planning on changing its default.

I'm mainly wondering:

1) Does this change break someone's auth log line parsing?
2) Does the auth prefix look prettier with or without <> around session id? :)
3) Anything else I should do about this now that I'm changing it anyway?




More information about the dovecot mailing list