newer
Re: [Dovecot] File Permissions and...

[Dovecot] Virtual user and post-login 2.0.13

older
[Dovecot] Dovecot service needs a...

Pelle Svensson

25 Aug 2011 25 Aug '11

6:47 p.m.

I tried several variants of suggestions but I can't get it working

dovecot-info.log:

Aug 25 17:37:48 imap-login: Info: Login: user=<vuser>, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser

dovecot.log

Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp@bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure)

dovecot.conf

protocols = imap pop3 base_dir = /var/run/dovecot/

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log

ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no

mail_location = maildir:/home/fetchmail/mailroot/dummy

pop3_uidl_format = %08Xu%08Xv

!include conf.d/*.conf !include_try local.conf

mail_uid=500 mail_gid=500

auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes

# Optional tried with this!!! service config { unix_listener config { group = dovecot mode = 0660 } }

service imap { # tell imap to do post-login lookup using a socket called "imap-postlogin" executable = imap imap-postlogin # Optional tried with this!!!

user=dovecot }

# The service name below doesn't actually matter. service imap-postlogin { # all post-login scripts are executed via script-login binary executable = script-login /home/fetchmail/dovecot-postlogin.sh

# the script process runs as the user specified here (v2.0.14+): # Optional tried with this!!!

# user=dovecot # user = $default_internal_user # this UNIX socket listener must use the same name as given to imap executable # Optional tried with this!!!

#unix_listener imap-postlogin { #} }

users

vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24

ls -l /home/fetchmail/dovecot-postlogin.sh -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh

Any suggestions are very welcome!!

/Thanks

Show replies by date

Mark Willcox

26 Aug 26 Aug

9:41 p.m.

Did you try installing from source after applying the patch? As in:

This is your problem.. It's a bug in v2.0.13. You could patch with
http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config
socket's permissions. I'll hopefully release v2.0.14 in not too distant
future.
-- Timo

That got it working for me. Plus this: service imap { executable = imap imap-postlogin }

service imap-postlogin { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postlogin { } }

The script seems to run as root so I set ownership to the proper user in the script.

Mark Willcox Data Helper, Inc.

On 8/25/2011 10:47 AM, Pelle Svensson wrote:

...

Hi

I tried several variants of suggestions but I can't get it working

dovecot-info.log:

Aug 25 17:37:48 imap-login: Info: Login: user=<vuser>, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser

dovecot.log

Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp@bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure)

dovecot.conf

protocols = imap pop3 base_dir = /var/run/dovecot/

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log

ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no

mail_location = maildir:/home/fetchmail/mailroot/dummy

pop3_uidl_format = %08Xu%08Xv

!include conf.d/*.conf !include_try local.conf

mail_uid=500 mail_gid=500

auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes

# Optional tried with this!!! service config { unix_listener config { group = dovecot mode = 0660 } }

service imap { # tell imap to do post-login lookup using a socket called "imap-postlogin" executable = imap imap-postlogin # Optional tried with this!!!

user=dovecot }

# The service name below doesn't actually matter. service imap-postlogin { # all post-login scripts are executed via script-login binary executable = script-login /home/fetchmail/dovecot-postlogin.sh

# the script process runs as the user specified here (v2.0.14+): # Optional tried with this!!!

# user=dovecot # user = $default_internal_user # this UNIX socket listener must use the same name as given to imap executable # Optional tried with this!!!

#unix_listener imap-postlogin { #} }

users

vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24

ls -l /home/fetchmail/dovecot-postlogin.sh -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh

Any suggestions are very welcome!!

/Thanks

Pelle Svensson

27 Aug 27 Aug

5:54 p.m.

Yes and No!

After applied the patch and changed settings it started to work. But there seems to be things that is not right. Evolution makes sever attempts to login -> all with socket closed If I remove the script (see below) THEN IT'S OKAY.

dovecot is executed as root.

dovecot.conf

protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log

ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no

mail_location = maildir:/home/fetchmail/mailroot/dummy

pop3_uidl_format = %08Xu%08Xv

!include conf.d/*.conf !include_try local.conf

mail_uid=500 mail_gid=500

auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes

service imap { executable = imap imap-postlogin }

service imap-postlogin { executable = script-login /home/fetchmail/dovecot-postlogin.sh unix_listener imap-postlogin { } }

dovecot-postlogin.sh (executed as root)

#!/bin/sh

date >>/home/fetchmail/script.log

kill -s 10 cat /home/fetchmail/.fetchmail.pid | head -n 1 >>/home/fetchmail/script.log

exit 0

script.log

Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011

Wireshark

5 0.001422 192.168.1.<cli>
192.168.1.<srv> TCP 46940 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435269 TSER=0 WS=7 6 0.001641 192.168.1.<srv> 192.168.1.<cli>
TCP imap > 46940 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223554 TSER=16435269 WS=7 7 0.001666
192.168.1.<cli> 192.168.1.<srv> TCP
46940 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435269 TSER=189223554 8 0.05<srv>5
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 9 0.052267
192.168.1.<cli> 192.168.1.<srv> TCP
46940 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435320 TSER=189223605 10 0.055497 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00000 CAPABILITY

11 0.055724 192.168.1.<srv>
192.168.1.<cli> TCP imap > 46940 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223609 TSER=16435324 12 0.055930
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 13 0.095377
192.168.1.<cli> 192.168.1.<srv> TCP
46940 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=16435364 TSER=189223609 14 0.344714 192.168.1.<cli>
192.168.1.<srv> IMAP Request: A00001 LOGIN <vuser> <pass> 15 0.378516
192.168.1.<srv> 192.168.1.<cli> TCP
imap > 46940 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223931 TSER=16435613 16 0.378630 192.168.1.<cli>
192.168.1.<srv> TCP 46940 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435647 TSER=189223931 17 0.378922 192.168.1.<srv> 192.168.1.<cli>
TCP imap > 46940 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223932 TSER=16435647

 22 0.380520

192.168.1.<cli> 192.168.1.<srv> TCP
46941 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435649 TSER=0 WS=7 23 0.380776
192.168.1.<srv> 192.168.1.<cli> TCP
imap > 46941 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223934 TSER=16435649 WS=7 24 0.380796
192.168.1.<cli> 192.168.1.<srv> TCP
46941 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435649 TSER=189223934 25 0.392120 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 26 0.392148 192.168.1.<cli>
192.168.1.<srv> TCP 46941 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435660 TSER=189223945 27 0.392197 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00000 CAPABILITY

28 0.392528 192.168.1.<srv>
192.168.1.<cli> TCP imap > 46941 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223945 TSER=16435660 29 0.392529
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 30 0.394038
192.168.1.<cli> 192.168.1.<srv> IMAP
Request: A00001 LOGIN <vuser> <pass> 31 0.431080
192.168.1.<srv> 192.168.1.<cli> TCP
imap > 46941 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223984 TSER=16435662 32 0.431175 192.168.1.<cli>
192.168.1.<srv> TCP 46941 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435699 TSER=189223984 33 0.431487 192.168.1.<srv> 192.168.1.<cli>
TCP imap > 46941 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223984 TSER=16435699

 38 0.433085

192.168.1.<cli> 192.168.1.<srv> TCP
46942 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435701 TSER=0 WS=7 39 0.433373
192.168.1.<srv> 192.168.1.<cli> TCP
imap > 46942 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223986 TSER=16435701 WS=7 40 0.433400
192.168.1.<cli> 192.168.1.<srv> TCP
46942 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435702 TSER=189223986 41 0.444437 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 42 0.444460 192.168.1.<cli>
192.168.1.<srv> TCP 46942 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435713 TSER=189223997 43 0.444513 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00000 CAPABILITY

44 0.444845 192.168.1.<srv>
192.168.1.<cli> TCP imap > 46942 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223997 TSER=16435713 45 0.445050
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 46 0.445088
192.168.1.<cli> 192.168.1.<srv> IMAP
Request: A00001 LOGIN <vuser> <pass> 47 0.478720
192.168.1.<srv> 192.168.1.<cli> TCP
imap > 46942 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189224031 TSER=16435713 48 0.478773 192.168.1.<cli>
192.168.1.<srv> TCP 46942 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435747 TSER=189224031 49 0.479127 192.168.1.<srv> 192.168.1.<cli>
TCP imap > 46942 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189224032 TSER=16435747

dovecot-info.log

Aug 27 16:04:21 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:04:41 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:04:41 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:04:41 auth: Debug: auth client connected (pid=9059) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=192.168.1.<srv>
rip=192.168.1.<cli> lport=143 rport=46940
resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(<vuser>,192.168.1.<cli>): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user=<vuser> Aug 27 16:04:41 auth: Debug: master in: REQUEST 927727617 9059 1 c568e08d3d68829bca50fda1a4f8ed97 Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 927727617 <vuser> uid=500
gid=500 home=/home/fetchmail
mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap-login: Info: Login: user=<<vuser>>, method=PLAIN, rip=192.168.1.<cli>, lip=192.168.1.<srv>, mpid=9061 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap(<vuser>): Info: Post-login script denied access to user <vuser> Aug 27 16:04:41 auth: Debug: auth client connected (pid=9067) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=192.168.1.<srv>
rip=192.168.1.<cli> lport=143 rport=46941
resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(<vuser>,192.168.1.<cli>): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user=<vuser> Aug 27 16:04:41 auth: Debug: master in: REQUEST 1678376961 9067 1 cb882af650f4f063315e94b62647e68f Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1678376961 <vuser> uid=500
gid=500 home=/home/fetchmail
mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap-login: Info: Login: user=<<vuser>>, method=PLAIN, rip=192.168.1.<cli>, lip=192.168.1.<srv>, mpid=9068 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap(<vuser>): Info: Post-login script denied access to user <vuser> Aug 27 16:04:41 auth: Debug: auth client connected (pid=9074) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=192.168.1.<srv>
rip=192.168.1.<cli> lport=143 rport=46942
resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(<vuser>,192.168.1.<cli>): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user=<vuser> Aug 27 16:04:41 auth: Debug: master in: REQUEST 1091174401 9074 1 9c488b8afd276e661170f65f0e8d0a2c Aug 27 16:04:41 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1091174401 <vuser> uid=500
gid=500 home=/home/fetchmail
mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap-login: Info: Login: user=<<vuser>>, method=PLAIN, rip=192.168.1.<cli>, lip=192.168.1.<srv>, mpid=9075 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:04:41 imap(<vuser>): Info: Post-login script denied access to user <vuser>

dovecot.log

========

<empty>

######################################## ############## No without script ############### ########################################

dovecot.conf

protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log

ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no

mail_location = maildir:/home/fetchmail/mailroot/dummy

pop3_uidl_format = %08Xu%08Xv

!include conf.d/*.conf !include_try local.conf

mail_uid=500 mail_gid=500

auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes

#service imap { # executable = imap imap-postlogin #}

#service imap-postlogin { # executable = script-login /home/fetchmail/dovecot-postlogin.sh # unix_listener imap-postlogin { # } #}

Wireshark

25 7.624239 192.168.1.<cli>
192.168.1.<srv> TCP 54240 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=18242752 TSER=0 WS=7 26 7.624457 192.168.1.<srv> 192.168.1.<cli>
TCP imap > 54240 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=191031128 TSER=18242752 WS=7 27 7.624482
192.168.1.<cli> 192.168.1.<srv> TCP
54240 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=18242752 TSER=191031128 28 7.675570 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 29 7.675608 192.168.1.<cli>
192.168.1.<srv> TCP 54240 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=18242804 TSER=191031179 30 7.675716 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00000 CAPABILITY

31 7.675977 192.168.1.<srv>
192.168.1.<cli> TCP imap > 54240 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=191031179 TSER=18242804 32 7.676181
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 33 7.715281
192.168.1.<cli> 192.168.1.<srv> TCP
54240 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=18242844 TSER=191031180 34 7.924499 192.168.1.<cli>
192.168.1.<srv> IMAP Request: A00001 LOGIN <vuser> <pass> 35 7.936249
192.168.1.<srv> 192.168.1.<cli> IMAP
Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS

36 7.936292 192.168.1.<cli>
192.168.1.<srv> TCP 54240 > imap [ACK] Seq=60 Ack=555 Win=8064 Len=0 TSV=18243065 TSER=191031439 37 7.936406 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00002 LIST "" "" 38 7.936864 192.168.1.<srv> 192.168.1.<cli> IMAP Response: * LIST (\Noselect) "." "" 39 7.936951 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00003 LIST "" {1+}

40 7.937715 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * LIST (\HasNoChildren) "." "Trash" 41 7.937987 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00004 LSUB "" {1+} 42 7.938655 192.168.1.<srv> 192.168.1.<cli> IMAP Response: * LSUB () "." "INBOX" 43 7.938903 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00005 LIST "" {1+}

44 7.939538 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * LIST (\HasNoChildren) "." "Trash" 45 7.939781 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00006 LSUB "" {1+} 46 7.940370 192.168.1.<srv> 192.168.1.<cli> IMAP Response: * LSUB () "." "INBOX"

47 7.980409 192.168.1.<cli>
192.168.1.<srv> TCP 54240 > imap [ACK] Seq=175 Ack=2853 Win=13312 Len=0 TSV=18243109 TSER=191031444 48 8.024229 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00007 SELECT {20+}

49 8.025564 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 50 8.025591
192.168.1.<cli> 192.168.1.<srv> TCP
54240 > imap [ACK] Seq=218 Ack=3168 Win=14592 Len=0 TSV=18243154 TSER=191031529 51 8.025718 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00008 UID FETCH 1:4 (FLAGS)

52 8.026519 192.168.1.<srv>
192.168.1.<cli> IMAP Response: * 1 FETCH (UID 1 FLAGS (\Seen)) 53 8.026654 192.168.1.<cli> 192.168.1.<srv> IMAP Request: A00009 STATUS {20+}

dovecot-info.log

Aug 27 16:34:45 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:34:48 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:34:48 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:34:48 auth: Debug: auth client connected (pid=9352) Aug 27 16:34:49 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=192.168.1.<srv>
rip=192.168.1.<cli> lport=143 rport=54240
resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:34:49 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: auth(<vuser>,192.168.1.<cli>): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:34:49 auth: Debug: client out: OK 1 user=<vuser> Aug 27 16:34:49 auth: Debug: master in: REQUEST 2999713793 9352 1 595e05b06e4f241795732866abb9cf89 Aug 27 16:34:49 auth: Debug: passwd-file(<vuser>,192.168.1.<cli>): lookup: user=<vuser> file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: master out: USER 2999713793 <vuser> uid=500
gid=500 home=/home/fetchmail
mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:34:49 imap-login: Info: Login: user=<<vuser>>, method=PLAIN, rip=192.168.1.<cli>, lip=192.168.1.<srv>, mpid=9354 Aug 27 16:34:49 imap: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/<vuser> Aug 27 16:34:49 imap(<vuser>): Debug: Effective uid=500, gid=500, home=/home/fetchmail Aug 27 16:34:49 imap(<vuser>): Debug: maildir++: root=/home/fetchmail/mailroot/<vuser>, index=, control=, inbox=/home/fetchmail/mailroot/<vuser>

...

Date: Fri, 26 Aug 2011 13:41:18 -0500 From: willcox@datahelper.com CC: dovecot@dovecot.org Subject: Re: [Dovecot] Virtual user and post-login 2.0.13

Did you try installing from source after applying the patch? As in:
This is your problem.. It's a bug in v2.0.13. You could patch with
http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config
socket's permissions. I'll hopefully release v2.0.14 in not too distant
future.
-- Timo
That got it working for me. Plus this: service imap { executable = imap imap-postlogin }

service imap-postlogin { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postlogin { } }

The script seems to run as root so I set ownership to the proper user in the script.

Mark Willcox Data Helper, Inc.

On 8/25/2011 10:47 AM, Pelle Svensson wrote:

...
Hi

I tried several variants of suggestions but I can't get it working

dovecot-info.log:

Aug 25 17:37:48 imap-login: Info: Login: user=<vuser>, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser

dovecot.log

Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp@bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure)

dovecot.conf

protocols = imap pop3 base_dir = /var/run/dovecot/

log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log

ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no

mail_location = maildir:/home/fetchmail/mailroot/dummy

pop3_uidl_format = %08Xu%08Xv

!include conf.d/*.conf !include_try local.conf

mail_uid=500 mail_gid=500

auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes

# Optional tried with this!!! service config { unix_listener config { group = dovecot mode = 0660 } }

service imap { # tell imap to do post-login lookup using a socket called "imap-postlogin" executable = imap imap-postlogin # Optional tried with this!!!

user=dovecot }

# The service name below doesn't actually matter. service imap-postlogin { # all post-login scripts are executed via script-login binary executable = script-login /home/fetchmail/dovecot-postlogin.sh

# the script process runs as the user specified here (v2.0.14+): # Optional tried with this!!!

# user=dovecot # user = $default_internal_user # this UNIX socket listener must use the same name as given to imap executable # Optional tried with this!!!

#unix_listener imap-postlogin { #} }

users

vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24

ls -l /home/fetchmail/dovecot-postlogin.sh -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh

Any suggestions are very welcome!!

/Thanks

Timo Sirainen

29 Aug 29 Aug

6:20 a.m.

On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote:

...

dovecot-postlogin.sh (executed as root)

#!/bin/sh

date >>/home/fetchmail/script.log

kill -s 10 cat /home/fetchmail/.fetchmail.pid | head -n 1 >>/home/fetchmail/script.log

exit 0

exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting shows.

Pelle Svensson

30 Aug 30 Aug

3:54 p.m.

You are right! It works now!

...

From: tss@iki.fi To: pelle2004@hotmail.com Date: Mon, 29 Aug 2011 06:20:54 +0300 CC: dovecot@dovecot.org Subject: Re: [Dovecot] Virtual user and post-login 2.0.13

On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote:

...
dovecot-postlogin.sh (executed as root)

#!/bin/sh

date >>/home/fetchmail/script.log

kill -s 10 cat /home/fetchmail/.fetchmail.pid | head -n 1 >>/home/fetchmail/script.log

exit 0

exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting shows.

4891

Age (days ago)

4896

Last active (days ago)

List overview

4 comments

3 participants

participants (3)

Mark Willcox
Pelle Svensson
Timo Sirainen

[Dovecot] Virtual user and post-login 2.0.13

Pelle Svensson

dovecot-info.log:

dovecot.log

dovecot.conf

users

Mark Willcox

dovecot-info.log:

dovecot.log

dovecot.conf

users

Pelle Svensson

dovecot.conf

dovecot-postlogin.sh (executed as root)

script.log

Wireshark

dovecot-info.log

dovecot.conf

Wireshark

dovecot-info.log

dovecot-info.log:

dovecot.log

dovecot.conf

users

Timo Sirainen

dovecot-postlogin.sh (executed as root)

Pelle Svensson

dovecot-postlogin.sh (executed as root)

tags

participants (3)