On Mon, 1 Nov 2004, Timo Sirainen wrote:
a) PAM_RHOST patch
This feature is already in 1.0-tests, and I don't really want to release any more 0.99.x releases unless really needed.
No problem here if it's in a future version. I applied the patch on my own copy already.
b) Better logging
With 1.0-tests auth_verbose = yes gives better logging and allows you to log PID for each line.
The "Disconnected" line is written only when a user connected, but didn't log in. There is no logout-line after a successful login.
Anyway, better and more configurable logging is planned..
Glad to hear, guess I'll have to wait for 1.0!
c) libwrap Any chance of getting libwrap support built into dovecot?
I had thought about that before, but haven't bothered to implement it yet.
I think it would be very useful, as tcp_wrappers tends to be more portable than specific firewall implementations.
From what I can tell from looking at other patches, adding libwrap support is typically a matter of only 1-5 lines.
I tried patching dovecot myself but my understanding of the internals of dovecot is weak and I wasn't successful.
Right now I'm running dovecot out of xinetd, so that I can see when tcp connections are opened, and take advantage of tcpwrappers. But this causes the problem that dovecot thinks all connections come from the local host.
Hmm. Why does it do that? I thought the real socket was passed to Dovecot, so the remote address would be correct. Unless you're doing some kind of proxying in the middle?
I'm not doing anything special. Just a standard xinetd config, server = /usr/libexec/dovecot/imap-login, server_args = --ssl. But that's what I get in my local results -- the IP of the local host's ethernet interface.
Jesse j@lumiere.net