[Dovecot] Session IDs
v2.1.2 added support for "session IDs", which is a 9 year unique identifier for that specific IMAP/POP3 connection. Initially I thought it would only be useful for tracking connections going through Dovecot proxies to backends (the session ID is forwarded), but then I thought it could be useful for everyone if auth process also logs the session ID. So I thought for v2.1.6 I'd change the defaults:
a) Failed login:
Apr 28 17:37:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=XtG7KL6+jQB/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=42125 resp=<hidden> Apr 28 17:37:23 auth: Debug: passwd-file(foo,127.0.0.1,<XtG7KL6+jQB/AAAB>): lookup: user=foo file=/usr/local/etc/passwd.imap Apr 28 17:37:23 auth: Info: passwd-file(foo,127.0.0.1,<XtG7KL6+jQB/AAAB>): unknown user Apr 28 17:37:25 auth: Debug: client out: FAIL 1 user=foo Apr 28 17:37:50 imap-login: Info: Aborted login (auth failed, 1 attempts in 27 secs): user=<foo>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<XtG7KL6+jQB/AAAB>
b) Successful login:
Apr 28 17:38:27 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=rNuHLL6+jgB/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=42126 resp=<hidden> Apr 28 17:38:27 auth: Debug: passwd-file(tss,127.0.0.1,<rNuHLL6+jgB/AAAB>): lookup: user=tss file=/usr/local/etc/passwd.imap Apr 28 17:38:27 auth: Debug: client out: OK 2 user=tss Apr 28 17:38:27 auth: Debug: master in: REQUEST 1375993857 14321 2 0f2f78deedcb7e38a278cf79819360c5 Apr 28 17:38:27 auth: Debug: passwd-file(tss,127.0.0.1,<rNuHLL6+jgB/AAAB>): lookup: user=tss file=/usr/local/etc/passwd.imap Apr 28 17:38:27 auth: Debug: master out: USER 1375993857 tss uid=1000 gid=1000 home=/home/tss Apr 28 17:38:27 imap-login: Info: Login: user=<tss>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=14338, secured, session=<rNuHLL6+jgB/AAAB> .. Apr 28 17:47:15 imap(tss,<rNuHLL6+jgB/AAAB>): Info: Disconnected: Logged out in=8 out=369
The last line requires a modified mail_log_prefix, I wasn't planning on changing its default.
I'm mainly wondering:
- Does this change break someone's auth log line parsing?
- Does the auth prefix look prettier with or without <> around session id? :)
- Anything else I should do about this now that I'm changing it anyway?
Timo Sirainen wrote:
v2.1.2 added support for "session IDs", which is a 9 year unique identifier for that specific IMAP/POP3 connection. Initially I thought it would only be useful for tracking connections going through Dovecot proxies to backends (the session ID is forwarded)
Sounds like an interesting debugging feature.
Apr 28 17:38:27 imap-login: Info: Login: user=<tss>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=14338, secured, session=<rNuHLL6+jgB/AAAB> The last line requires a modified mail_log_prefix, I wasn't planning on changing its default.
What does your mail_log_prefix look like?
Can you document the needed variable at http://wiki2.dovecot.org/Variables please?
- Does this change break someone's auth log line parsing?
We don't do any parsing, just sending logs to a central syslog server for debugging purposes.
- Does the auth prefix look prettier with or without <> around session id? :)
It should be separated using a fixed name like session=... for easy parsing.
Regards, Daniel
participants (2)
-
Daniel Parthey
-
Timo Sirainen