On 04 Feb 2016, at 19:41, Thomas Möhle <thomas@bitkomplex.de> wrote:

Am 04.02.2016 um 17:43 schrieb Timo Sirainen:

...

On 04 Feb 2016, at 03:44, Thomas Möhle <thomas@bitkomplex.de> wrote:

...

Hello,

I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?

Something like this should work in recent versions:

passdb { .. override_fields = userdb_pass=%w }

plugin { mail_filter = mail-filter %{userdb:pass} }

Thanks for that idea, unfortunately %{ seems to be misinterpreted and the mail-filter script recieves the rest of the string "userdb:pass}" as a parameter, instead of the password.

Do you have v2.2.19 or newer? That's required for %{userdb:*} to work. Without that you'd need to override the whole mail_filter in your passdb/userdb.

So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?

Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Thu, 4 Feb 2016, Thomas Möhle wrote:

not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.

did you tried some alternate spelling?

%{userdb_pass} %{userdb:userdb_pass} %{userdb_userdb_pass}

something like this.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVrRIOnz1H7kL/d9rAQKAvQf/dwBF4XdgnBzouPAv3xArENgYo8SZefBO Hmn00/eL8ZAJn4ZvLmZUgCgqidNfDQFbnTBSj3PIsQQNFweLUhmlRDwsWca9WKpc uHzuOAnbmGs3EXT+oQK1A3y+gUGkkwtBeCgIjw2IABg8j1GRdz2oXE+sI9xlkjPA AFqMwBNX2k5aeJ91kdTWHihsIlB8YCbsxPTUjl9/GlpzIPkA4DSkg/o0Husnql4+ U4KOBiB3oEooK3YwDuXxnr9Uo7rDC+2Vj1UgHu5UzHq2ZtHeDOsL9kpj8tqPBHmi 9rk92hLwzDr7F/dWTibL5FvPXvC3+yX6UzQShpKYUBPtfLzsjfT8PA== =4F04 -----END PGP SIGNATURE-----

Am 05.02.2016 um 10:38 schrieb Timo Sirainen:

...

On 05 Feb 2016, at 00:54, Thomas Möhle <thomas@bitkomplex.de> wrote:

...

...

So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?

Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.

Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.

Check with:

doveadm auth login user@domain password

In the output there's supposed to be the "pass" field in userdb extra fields. If not, try adding before your first userdb:

userdb { driver = prefetch result_success = continue }

I don't think that was supposed to be necessary though.

Still nothing. It seems like the extra field doesn't even exist. :/

doveadm auth login thomas@example.com mypassword passdb: thomas@example.com auth succeeded extra fields: user=thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000 userdb extra fields: thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000

Am 05.02.2016 um 11:31 schrieb Thomas Möhle:

Am 05.02.2016 um 10:38 schrieb Timo Sirainen:

...

...

On 05 Feb 2016, at 00:54, Thomas Möhle <thomas@bitkomplex.de> wrote:

Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.

Check with:

doveadm auth login user@domain password

In the output there's supposed to be the "pass" field in userdb extra fields. If not, try adding before your first userdb:

userdb { driver = prefetch result_success = continue }

I don't think that was supposed to be necessary though.

Still nothing. It seems like the extra field doesn't even exist. :/

doveadm auth login thomas@example.com mypassword passdb: thomas@example.com auth succeeded userdb extra fields: thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000

I'm still stuck on this issue. What can I do, if "override_fields = userdb_pass=%u" sets the field to the username? Is it possible, that this is a bug in v2.2.21?

you did a

doveadm auth cache flush

to ensure the data is not taken from cache?

I just tried it, just to make sure, but ince I'm restarting dovecot after any config change anyway, it didn't make a difference.