[Dovecot] Log successful login plain text password
wkaha at yahoo.com
wkaha at yahoo.com
Fri Aug 30 14:12:46 EEST 2013
Cool.
I tried doing the same.
I've installed a proxy with the smallest possible setting
----dovecot.conf----------------------------
protocols = imap
ssl = no
mail_uid = dovenull
mail_gid = dovenull
first_valid_uid = 143
first_valid_gid = 143
auth_mechanisms = plain login
auth_debug_passwords=yes
mail_location=imapc:~/imapc
mail_home = /home/%u
imapc_host = server.name.com
imapc_port = 143
passdb {
args = host=server.name.com
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
driver=imap
}
userdb {
driver = prefetch
}
-------------------------------------
and the result in my logs was
----
Aug 30 15:06:23 free92 dovecot: auth: Debug: master userdb out: USER 12341234124 username at server.name.com imapc_user=username at servername.com imapc_password=ClearPassword auth_token=***some token***
----
that's nice for migrating servers.
all the best
On 30.08.2013, at 08:31, Marco Fretz wrote:
> On 08/28/2013 10:36 AM, wkaha at yahoo.com wrote:
>> Maybe you can find a way in this direction
>>
>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
>
> This looks interesting. Looks like I could automate also a lot of other
> stuff this way, e.g. imap syncing accounts to new server, etc.
>
> I found out that "auth_debug_passwords=yes" does log passwords (also
> successful logins) in proxy mode. But it does not in normal imap/pop
> server mode, or I did something wrong...
>
> It logs something like this:
> Aug 28 11:13:03 barney dovecot: auth: Debug: client out:
> OK#0111#011user=marco at example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD
>
> where CLEARPASWORD is the plain text password.that's pretty much what I
> need. but using some postlogin script might be the more beautiful way...
>
> thanks you all for the responses.
>
>>
>> all the best
>>
>>
>> On 28.08.2013, at 09:14, Marco Fretz wrote:
>>
>>>
>> On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote:
>>>>> Hi Marco
>>>>>
>>>>> when running dovecot -a you will find
>>>>> auth_*
>>>>>
>>>>> I think you could you auth_verbose_passwords to fit your needs.
>>
>> thanks. I've already tried this, but it doesn't log the password on
>> successful logins, only when there is password missmatch:
>>
>> from the conf / manual:
>> "
>> # In case of password mismatches, log the attempted password. Valid
>> values are
>> # no, plain and sha1. sha1 can be useful for detecting brute force
>> password
>> # attempts vs. user simply trying the same password over and over again.
>> #auth_verbose_passwords = no
>> "
>>
>> any other ideas? :)
>>
>>>>>
>>>>> all the best
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 28.08.2013, at 08:57, Marco Fretz wrote:
>>>>>
>>>>>>
>>>>> Hi everyone,
>>>>>
>>>>> I want to use dovecot as a IMAP and POP3 proxy in front of our current
>>>>> E-Mail hosting server to log the plain text passwords of all
>> successful
>>>>> logins for migration reasons. Actually I don't need the password
>> to see
>>>>> in plain text, storing them as SHA256-CRYPT (or something dovecot can
>>>>> use later for auth) hash in a file or DB would be fine, too.
>>>>>
>>>>> I need this for the migration from the current mail server (using
>>>>> proprietary hashing to store passwords) to a new postfix / dovecot
>> base
>>>>> mail system.
>>>>>
>>>>> I played around with "auth_debug_passwords" and all debug / logging
>>>>> options I found in the manual. Nothing logs successful login plaintext
>>>>> passwords.
>>>>>
>>>>> Any hint welcome.
>>>>>
>>>>> Thanks a lot,
>>>>> Marco
More information about the dovecot
mailing list