On 29.10.2004, at 15:38, Jesse wrote:
a) PAM_RHOST patch Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the remote IP. Is this going to be included in the main dovecot tree? It seems like a worthwhile addition. The more informative and concise the logging the better.
This feature is already in 1.0-tests, and I don't really want to release any more 0.99.x releases unless really needed.
b) Better logging Is it possible to get logging of when a client connects and disconnects? I'm very used to seeing this information and it's very useful for debugging user sessions. It's frustrating not being able to easily tell whether a user has opened a connection.
Really many of the log messages could be more verbose. For instance, on disconnect, I see imap-login: Disconnected [ip.here] but the username they were logged in as isn't included. It would be nice to have that rather than having to dig back for a login message with the same IP. Heck, even the pid isn't logged. That would be nice too.
With 1.0-tests auth_verbose = yes gives better logging and allows you to log PID for each line.
The "Disconnected" line is written only when a user connected, but didn't log in. There is no logout-line after a successful login.
Anyway, better and more configurable logging is planned..
c) libwrap Any chance of getting libwrap support built into dovecot?
I had thought about that before, but haven't bothered to implement it yet.
Right now I'm running dovecot out of xinetd, so that I can see when tcp connections are opened, and take advantage of tcpwrappers. But this causes the problem that dovecot thinks all connections come from the local host. Correlating logins to IPs gets to be a lot of hassle, with the information divided over so many lines, while needing multiple ways to track which messages from xinetd, dovecot and pam match each other.
Hmm. Why does it do that? I thought the real socket was passed to Dovecot, so the remote address would be correct. Unless you're doing some kind of proxying in the middle?