[Dovecot] logging IMAP username rather than UNIX username
Hi there
I'd like to change my setup to log the _actual_ IMAP user's login, rather than the UNIX username. My system uses a virtual uid setup with qmail, where the mailboxes are owned by the 'vmail' user and authentication is via checkpassword using user%domain (ie email, just with % instead of @). So dovecot is recording _all_ logins as:
imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
I have the following log format specified:
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
I have also tried:
login_log_format_elements = user=<%n@%d> method=%m rip=%r lip=%l %c
However, this results in a log file entry of:
imap-login: Login: user=<vmail@>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
How do I configure dovecot to log the _actual_ username which the client supplies during authentication?
Thanks Dale
My auth section config is:
auth default { mechanisms = plain passdb checkpassword { args = /var/qmail/bin/qmail-vauth } userdb prefetch { } user = auth }
2008/10/22 Dale Gallagher <dale.gallagher@gmail.com>:
Hi there
I'd like to change my setup to log the _actual_ IMAP user's login, rather than the UNIX username. My system uses a virtual uid setup with qmail, where the mailboxes are owned by the 'vmail' user and authentication is via checkpassword using user%domain (ie email, just with % instead of @). So dovecot is recording _all_ logins as:
imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
I have the following log format specified:
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
I have also tried:
login_log_format_elements = user=<%n@%d> method=%m rip=%r lip=%l %c
However, this results in a log file entry of:
imap-login: Login: user=<vmail@>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
How do I configure dovecot to log the _actual_ username which the client supplies during authentication?
Thanks Dale
On Wed, 2008-10-22 at 12:00 +0200, Dale Gallagher wrote:
Hi there
I'd like to change my setup to log the _actual_ IMAP user's login, rather than the UNIX username. My system uses a virtual uid setup with qmail, where the mailboxes are owned by the 'vmail' user and authentication is via checkpassword using user%domain (ie email, just with % instead of @). So dovecot is recording _all_ logins as:
imap-login: Login: user=<vmail>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
That means your authentication changes the username.
passdb checkpassword { args = /var/qmail/bin/qmail-vauth }
Most likely qmail-vauth changes USER environment to vmail. If you can't edit qmail-vauth directly, create a wrapper script that unsets the USER environment before calling Dovecot's checkpassword-reply.
Hi Timo
2008/10/22 Timo Sirainen <tss@iki.fi>:
That means your authentication changes the username.
passdb checkpassword { args = /var/qmail/bin/qmail-vauth }
Most likely qmail-vauth changes USER environment to vmail. If you can't edit qmail-vauth directly, create a wrapper script that unsets the USER environment before calling Dovecot's checkpassword-reply.
Yes, you're spot on! USER is changed. Thanks for the heads-up, I'll see if writing a wrapper works, without messing with the fact that the process has to run as the vmail user.....
Thanks Dale
participants (2)
-
Dale Gallagher
-
Timo Sirainen