[Dovecot] Log successful login plain text password

Fri Aug 30 14:12:46 EEST 2013

Cool.

I tried doing the same.
I've installed a proxy with the smallest possible setting

----dovecot.conf----------------------------
protocols = imap
ssl = no
mail_uid = dovenull
mail_gid = dovenull
first_valid_uid = 143
first_valid_gid = 143
auth_mechanisms = plain login
auth_debug_passwords=yes
mail_location=imapc:~/imapc
mail_home = /home/%u
imapc_host = server.name.com
imapc_port = 143
passdb {
  args = host=server.name.com
  default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
  driver=imap
}
userdb {
  driver = prefetch
}

-------------------------------------

and the result in my logs was

----
Aug 30 15:06:23 free92 dovecot: auth: Debug: master userdb out: USER	12341234124	username at server.name.com	imapc_user=username at servername.com	imapc_password=ClearPassword	auth_token=***some token***
----

that's nice for migrating servers.

all the best

On 30.08.2013, at 08:31, Marco Fretz wrote:

> On 08/28/2013 10:36 AM, wkaha at yahoo.com wrote:
>> Maybe you can find a way in this direction
>> 
>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
> 
> This looks interesting. Looks like I could automate also a lot of other
> stuff this way, e.g. imap syncing accounts to new server, etc.
> 
> I found out that "auth_debug_passwords=yes" does log passwords (also
> successful logins) in proxy mode. But it does not in normal imap/pop
> server mode, or I did something wrong...
> 
> It logs something like this:
> Aug 28 11:13:03 barney dovecot: auth: Debug: client out:
> OK#0111#011user=marco at example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD
> 
> where CLEARPASWORD is the plain text password.that's pretty much what I
> need. but using some postlogin script might be the more beautiful way...
> 
> thanks you all for the responses.
> 
>> 
>> all the best
>> 
>> 
>> On 28.08.2013, at 09:14, Marco Fretz wrote:
>> 
>>> 
>> On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote:
>>>>> Hi Marco
>>>>> 
>>>>> when running dovecot -a you will find
>>>>> auth_*
>>>>> 
>>>>> I think you could you auth_verbose_passwords to fit your needs.
>> 
>> thanks. I've already tried this, but it doesn't log the password on
>> successful logins, only when there is password missmatch:
>> 
>> from the conf / manual:
>> "
>> # In case of password mismatches, log the attempted password. Valid
>> values are
>> # no, plain and sha1. sha1 can be useful for detecting brute force
>> password
>> # attempts vs. user simply trying the same password over and over again.
>> #auth_verbose_passwords = no
>> "
>> 
>> any other ideas? :)
>> 
>>>>> 
>>>>> all the best
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On 28.08.2013, at 08:57, Marco Fretz wrote:
>>>>> 
>>>>>> 
>>>>> Hi everyone,
>>>>> 
>>>>> I want to use dovecot as a IMAP and POP3 proxy in front of our current
>>>>> E-Mail hosting server to log the plain text passwords of all
>> successful
>>>>> logins for migration reasons. Actually I don't need the password
>> to see
>>>>> in plain text, storing them as SHA256-CRYPT (or something dovecot can
>>>>> use later for auth) hash in a file or DB would be fine, too.
>>>>> 
>>>>> I need this for the migration from the current mail server (using
>>>>> proprietary hashing to store passwords) to a new postfix / dovecot
>> base
>>>>> mail system.
>>>>> 
>>>>> I played around with "auth_debug_passwords" and all debug / logging
>>>>> options I found in the manual. Nothing logs successful login plaintext
>>>>> passwords.
>>>>> 
>>>>> Any hint welcome.
>>>>> 
>>>>> Thanks a lot,
>>>>> Marco