[Dovecot] pop-before-smtp in SQL?
I need pop-before-smtp (let's not discuss the advisability of the method), but I'm annoyed at the inefficiency of the classical perl script that parses the logs.
A long time ago I modified the perl to add the tuple (IP, time) to an SQL table that the MTA looks at, and to clean up periodically. I found that this was the best way to deal with multiple servers that have to share an SQL database anyway.
Wouldn't it be quite trivial to make dovecot write to an SQL table upon sucessful login, instead of all this log file parsing by an additional daemon?
On Fri, 2005-08-19 at 16:59 +0200, Lorens wrote:
Wouldn't it be quite trivial to make dovecot write to an SQL table upon sucessful login, instead of all this log file parsing by an additional daemon?
If you use sql userdb, you can just add the insert command into the user_query. Although that doesn't work if Dovecot LDA is used, since it also calls user_query when delivering mails. I've in TODO that there should be a separate post_login command.
Another way that already works is to update mail_executable location to some script which does the SQL insertion and after that executes the real imap or pop3 binary.
On Fri, Aug 19, 2005 at 07:26:46PM +0300, Timo Sirainen wrote:
If you use sql userdb, you can just add the insert command into the user_query.
That is what I am using, but surely the user_query is executed even if the password is not correct, and access should therefore not be granted?
I've in TODO that there should be a separate post_login command.
OK, that was what I was looking for.
Another way that already works is to update mail_executable location to some script which does the SQL insertion and after that executes the real imap or pop3 binary.
I'll try that. Thanks a lot.
On Fri, 2005-08-19 at 18:40 +0200, Lorens wrote:
On Fri, Aug 19, 2005 at 07:26:46PM +0300, Timo Sirainen wrote:
If you use sql userdb, you can just add the insert command into the user_query.
That is what I am using, but surely the user_query is executed even if the password is not correct, and access should therefore not be granted?
No. pass_query is executed always, user_query only after authentication was successful.
On Fri, Aug 19, 2005 at 07:26:46PM +0300, Timo Sirainen wrote:
If you use sql userdb, you can just add the insert command into the user_query.
How would I do that? I've tried with a colon, with a backslash-escaped colon, with two distinct lines.
I get ($variables my editing):
Error: auth(default): sql($mylogin,$myip): User query failed: You have an error in your SQL syntax near '\; SELECT maildir $etc...
With two distinct lines only the last is taken into account (unsurprisingly). I do need the select maildir that user_query corrently represents!
I used %i for IP, inspired by
http://dovecot.org/pipermail/dovecot/2003-November/002554.htmland while I'm encouraged by the presence of my ip in the error message, i doesn't seem to be the right letter, it expands to the null string.
Anyway,
Another way that already works is to update mail_executable location to some script which does the SQL insertion and after that executes the real imap or pop3 binary.
That does work. For the record (until post_login comes!) this is how I did it:
dovecot.conf:
protocol pop3 { mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/pop3 } protocol imap { mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/imap }
/usr/lib/dovecot/popbsmtp.sh:
#!/bin/sh
( echo "Login from $3" >> /var/log/dovecot3
IP=`echo $3 | sed 's/\]//'`
if [ -n "$IP" ]
then
echo popbsmtp logging $IP
export HOME=/root/
echo "replace into popbsmtp VALUES('$IP',now();" | mysql mail
export HOME=/
fi) >> /var/log/dovecot3 2>&1
exec $*
I edited out an ugly pipe in the IP= line that removes IPs from my own network who can relay anyway.
What took me most time was comprehending that even though I'd specified both
login_user = dovecot
and
auth default { user = dovecotauth }
mail_executable was executed 1) as root and 2) without a home directory, which made the mysql fail since I was relying on $HOME/.my.cnf.
But now that it works, it works well :-)
participants (2)
-
Lorens
-
Timo Sirainen