Hello,
I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?
Thanks, Thomas
On 04 Feb 2016, at 03:44, Thomas Möhle thomas@bitkomplex.de wrote:
Hello,
I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?
Something like this should work in recent versions:
passdb { .. override_fields = userdb_pass=%w }
plugin { mail_filter = mail-filter %{userdb:pass} }
Am 04.02.2016 um 17:43 schrieb Timo Sirainen:
On 04 Feb 2016, at 03:44, Thomas Möhle thomas@bitkomplex.de wrote:
Hello,
I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?
Something like this should work in recent versions:
passdb { .. override_fields = userdb_pass=%w }
plugin { mail_filter = mail-filter %{userdb:pass} }
Thanks for that idea, unfortunately %{ seems to be misinterpreted and the mail-filter script recieves the rest of the string "userdb:pass}" as a parameter, instead of the password.
So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?
On 04 Feb 2016, at 19:41, Thomas Möhle thomas@bitkomplex.de wrote:
Am 04.02.2016 um 17:43 schrieb Timo Sirainen:
On 04 Feb 2016, at 03:44, Thomas Möhle thomas@bitkomplex.de wrote:
Hello,
I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?
Something like this should work in recent versions:
passdb { .. override_fields = userdb_pass=%w }
plugin { mail_filter = mail-filter %{userdb:pass} }
Thanks for that idea, unfortunately %{ seems to be misinterpreted and the mail-filter script recieves the rest of the string "userdb:pass}" as a parameter, instead of the password.
Do you have v2.2.19 or newer? That's required for %{userdb:*} to work. Without that you'd need to override the whole mail_filter in your passdb/userdb.
So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?
Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.
Am 04.02.2016 um 20:54 schrieb Timo Sirainen:
On 04 Feb 2016, at 19:41, Thomas Möhle thomas@bitkomplex.de wrote:
Am 04.02.2016 um 17:43 schrieb Timo Sirainen:
On 04 Feb 2016, at 03:44, Thomas Möhle thomas@bitkomplex.de wrote:
Hello,
I would like to use the users password within a mail-filter script. Dovecots %w variable is only available within dovecot-auth, is there any way to access the password for a mail-filter?
Something like this should work in recent versions:
passdb { .. override_fields = userdb_pass=%w }
plugin { mail_filter = mail-filter %{userdb:pass} }
Thanks for that idea, unfortunately %{ seems to be misinterpreted and the mail-filter script recieves the rest of the string "userdb:pass}" as a parameter, instead of the password.
Do you have v2.2.19 or newer? That's required for %{userdb:*} to work. Without that you'd need to override the whole mail_filter in your passdb/userdb.
I had v2.2.18 (Ubuntu 15.10) installed, so I updated to v2.2.21 now.
So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?
Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.
Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 4 Feb 2016, Thomas Möhle wrote:
not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.
did you tried some alternate spelling?
%{userdb_pass} %{userdb:userdb_pass} %{userdb_userdb_pass}
something like this.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVrRIOnz1H7kL/d9rAQKAvQf/dwBF4XdgnBzouPAv3xArENgYo8SZefBO Hmn00/eL8ZAJn4ZvLmZUgCgqidNfDQFbnTBSj3PIsQQNFweLUhmlRDwsWca9WKpc uHzuOAnbmGs3EXT+oQK1A3y+gUGkkwtBeCgIjw2IABg8j1GRdz2oXE+sI9xlkjPA AFqMwBNX2k5aeJ91kdTWHihsIlB8YCbsxPTUjl9/GlpzIPkA4DSkg/o0Husnql4+ U4KOBiB3oEooK3YwDuXxnr9Uo7rDC+2Vj1UgHu5UzHq2ZtHeDOsL9kpj8tqPBHmi 9rk92hLwzDr7F/dWTibL5FvPXvC3+yX6UzQShpKYUBPtfLzsjfT8PA== =4F04 -----END PGP SIGNATURE-----
On 05 Feb 2016, at 00:54, Thomas Möhle thomas@bitkomplex.de wrote:
So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?
Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.
Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.
Check with:
doveadm auth login user@domain password
In the output there's supposed to be the "pass" field in userdb extra fields. If not, try adding before your first userdb:
userdb { driver = prefetch result_success = continue }
I don't think that was supposed to be necessary though.
Am 05.02.2016 um 10:38 schrieb Timo Sirainen:
On 05 Feb 2016, at 00:54, Thomas Möhle thomas@bitkomplex.de wrote:
So, do I get this right? During login the content of dovecots %w variable is supposed to be stored in a userdb field, called userdb_pass, and the %{x} is supposed to get the content of that field?
Mostly, yes. You need the "pass" field to be in userdb to access it in mail processes. The password is only available in passdb though, so you need to store it with userdb_ prefix to get it saved into userdb extra fields instead of passdb extra fields.
Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.
Check with:
doveadm auth login user@domain password
In the output there's supposed to be the "pass" field in userdb extra fields. If not, try adding before your first userdb:
userdb { driver = prefetch result_success = continue }
I don't think that was supposed to be necessary though.
Still nothing. It seems like the extra field doesn't even exist. :/
doveadm auth login thomas@example.com mypassword passdb: thomas@example.com auth succeeded extra fields: user=thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000 userdb extra fields: thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000
So let me show you my config, just to be sure:
/etc/dovecot/conf.d/auth-sql.conf.ext: passdb { driver = sql override_fields = userdb_pass=%w args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = prefetch result_success = continue } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext }
Am 05.02.2016 um 11:31 schrieb Thomas Möhle:
Am 05.02.2016 um 10:38 schrieb Timo Sirainen:
On 05 Feb 2016, at 00:54, Thomas Möhle thomas@bitkomplex.de wrote:
Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable. I tried replacing the %w with %u, to see, if the filter-script would at least recieve the username then, but that doesn't work, either. So I'm not sure, if %{userdb:pass} isn't read correctly, or if "override_fields = userdb_pass=%w" doesn't set it right.
Check with:
doveadm auth login user@domain password
In the output there's supposed to be the "pass" field in userdb extra fields. If not, try adding before your first userdb:
userdb { driver = prefetch result_success = continue }
I don't think that was supposed to be necessary though.
Still nothing. It seems like the extra field doesn't even exist. :/
doveadm auth login thomas@example.com mypassword passdb: thomas@example.com auth succeeded userdb extra fields: thomas@example.com home=/var/mail/example.com/thomas mail=maildir:/var/mail/example.com/thomas/mail:LAYOUT=fs quota_rule=*:bytes=0 uid=5000 gid=5000
I'm still stuck on this issue. What can I do, if "override_fields = userdb_pass=%u" sets the field to the username? Is it possible, that this is a bug in v2.2.21?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 4 Feb 2016, Thomas Möhle wrote:
Unfortunately it still doesn't work. The filter-script does not recieve any data from that variable.
you did a
doveadm auth cache flush
to ensure the data is not taken from cache?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVrR12nz1H7kL/d9rAQKatwgAx9MobYbSfmW1nJ3GEGJWKhkJSAqDPwSS 7Fln4464QPuxcuD60Tm2TnEjqO4RNjbylYfenfIQ7wAYEE9AtFWGsYBgYegZcpFh 1D9BN24dupq7cAO/sq+tJ2zKhiFYyuuPlT8fJTaAvSaVMVf74ln1cvol/dIM+Pza QoPvnPy06BC7TuGcl5WqsFUiQY8Udho1YfpHMpYJ1hsM4Qh/CwECfHIME+Dt7CqB 6RDf+y+kyU4C2gLEu8SDm795H4FHd06bDlaSA8f2p12/fSsMCtlclEQNZuKccOm5 ThL4lgxnM2fStAKmbUa34FiJJtdoKscsxIvSZSyPCyhOK72sRjgDKQ== =nLiS -----END PGP SIGNATURE-----
participants (4)
-
Steffen Kaiser
-
Thomas Möhle
-
Thomas Möhle (@bitkomplex)
-
Timo Sirainen