[Dovecot] Vpopmail and lastauth
Hello, I'm migrating many accounts to a new server with vpopmail 5.4.33 and dovecot 2.0.11.
I've already vpopmail 5.4.32 and dovecot 1.2.16 on others servers running without problems.
With dovecot 2.0.11 my lastauth file is not updated. This file usually is update on any access (smtp, pop3, imap) with the client's IP, for every mailbox. Now it's updated only when a client authenticate itself via SMTP (smtp-auth with qmail + vpopmail), and not with imap/pop3 access.
My conf:
# 2.0.11: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 auth_cache_negative_ttl = 2 mins auth_cache_size = 1000 M auth_cache_ttl = 2 mins auth_mechanisms = plain cram-md5 apop auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& disable_plaintext_auth = no first_valid_uid = 89 last_valid_uid = 95 lock_method = dotlock log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Server ready. mail_fsync = never mail_gid = vchkpw mail_location = maildir:~/Maildir mail_privileged_group = vchkpw mail_uid = vpopmail namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = webmail=127.0.0.1 driver = vpopmail } plugin/mail_log_events = delete expunge plugin/mail_log_group_events = plugin/quota = maildir plugin/quota_rule = ?:storage=0 pop3_uidl_format = %f protocols = imap pop3 service auth { unix_listener auth-userdb { group = vchkpw mode = 0600 user = vpopmail } } service imap-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service imap { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 M } service pop3-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service pop3 { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 M } ssl_cert = </usr/local/etc/dovecot/dovecot.crt ssl_key = </usr/local/etc/dovecot/dovecot.key userdb { args = quota_template=quota_rule=*:backend=%q driver = vpopmail } protocol imap { mail_max_userip_connections = 10 mail_plugins = " notify quota imap_quota mail_log" }
I had the same issue - Dovecot has it's own method of updating
lastauth and doesn't put the IP address in the field, but 'pop' or
'imap'. I'd rather have the IP. It was easier to just write my own
postauth script.
I've added a 'type' field so I can keep track of pop/imap/smtp
separately, you probably don't want to use that, as the default
vpopmail install assumes only 1 lastauth record per username.
service pop3 { executable = /usr/local/libexec/dovecot/pop3 pop-postlogin }
service pop-postlogin { executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh user = vpopmail }
service imap-postlogin { executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh user = vpopmail } service imap { executable = /usr/local/libexec/dovecot/imap imap-postlogin }
lastauth-imap.sh: #!/bin/sh /usr/local/etc/dovecot/lastauth-imap.pl & exec "$@"
lastauth-pop.sh: #!/bin/sh /usr/local/etc/dovecot/lastauth-pop.pl & exec "$@"
lastauth.pl (softlinked as lastauth-pop.pl/lastauth-imap.pl) #!/usr/bin/perl -w ## ## Update LastAuth from Dovecot ## use strict; use DBI;
my $key; my ($username, $domain) = split(/@/,$ENV{USER}); my $remote_ip = $ENV{IP}; my $authtype = "pop/imap";
if (index($0,"imap") != -1) { $authtype = "dovecot-imap"; } if (index($0,"pop") != -1) { $authtype = "dovecot-pop"; }
my $driver = DBI->install_driver('mysql');
my $dbh = DBI->connect('DBI:mysql:vpopmail:localhost','user','pass'); die "Unable to Connect $DBI::errstr\n" unless (defined $dbh);
#$ENV{PATH} = "/bin:/usr/bin:/usr/local/bin:.";
#my $update_data = $dbh->prepare(q{REPLACE into lastauth set user = ?,
domain = ?, remote_ip = ?, timestamp = ?, type = ? });
#my
$num_rows=$update_data->execute($username,$domain,$remote_ip,time,$authtype);
my $update_data = $dbh->prepare(q{REPLACE into lastauth set user = ?,
domain = ?, remote_ip = ?, timestamp = ? });
my $num_rows=$update_data->execute($username,$domain,$remote_ip,time);
$dbh->disconnect;
Rick
Quoting "mailing@securitylabs.it" <mailing@securitylabs.it>:
Hello, I'm migrating many accounts to a new server with vpopmail
5.4.33 and dovecot 2.0.11.I've already vpopmail 5.4.32 and dovecot 1.2.16 on others servers
running without problems.With dovecot 2.0.11 my lastauth file is not updated. This file
usually is update on any access (smtp, pop3, imap) with the client's
IP, for every mailbox. Now it's updated only when a client
authenticate itself via SMTP (smtp-auth with qmail + vpopmail), and
not with imap/pop3 access.My conf:
# 2.0.11: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 auth_cache_negative_ttl = 2 mins auth_cache_size = 1000 M auth_cache_ttl = 2 mins auth_mechanisms = plain cram-md5 apop auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& disable_plaintext_auth = no first_valid_uid = 89 last_valid_uid = 95 lock_method = dotlock log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Server ready. mail_fsync = never mail_gid = vchkpw mail_location = maildir:~/Maildir mail_privileged_group = vchkpw mail_uid = vpopmail namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = webmail=127.0.0.1 driver = vpopmail } plugin/mail_log_events = delete expunge plugin/mail_log_group_events = plugin/quota = maildir plugin/quota_rule = ?:storage=0 pop3_uidl_format = %f protocols = imap pop3 service auth { unix_listener auth-userdb { group = vchkpw mode = 0600 user = vpopmail } } service imap-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service imap { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 M } service pop3-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service pop3 { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 M } ssl_cert = </usr/local/etc/dovecot/dovecot.crt ssl_key = </usr/local/etc/dovecot/dovecot.key userdb { args = quota_template=quota_rule=*:backend=%q driver = vpopmail } protocol imap { mail_max_userip_connections = 10 mail_plugins = " notify quota imap_quota mail_log" }
On 12/04/2011 15:51, Rick Romero wrote:
I had the same issue - Dovecot has it's own method of updating lastauth and doesn't put the IP address in the field, but 'pop' or 'imap'.
That's would be fine, I don't need the IP and with 1.2.16 it works (no IP, only pop3/imap logged). But with 2.0.11 the file is not updated at all.
I can use a post login script as suggested by you but since I only need the file to be updated as in 1.2.x I'm figuring out if I need to update my conf in some way.
On Tue, 2011-04-12 at 16:03 +0200, mailing@securitylabs.it wrote:
On 12/04/2011 15:51, Rick Romero wrote:
I had the same issue - Dovecot has it's own method of updating lastauth and doesn't put the IP address in the field, but 'pop' or 'imap'.
That's would be fine, I don't need the IP and with 1.2.16 it works (no IP, only pop3/imap logged). But with 2.0.11 the file is not updated at all.
I can use a post login script as suggested by you but since I only need the file to be updated as in 1.2.x I'm figuring out if I need to update my conf in some way.
Probably adding blocking=no args to passdb and userdb helps:
passdb { driver = vpopmail args = blocking=no } userdb { driver = vpopmail args = blocking=no }
Also instead of those two changes, you could apply this patch: http://hg.dovecot.org/dovecot-2.0/rev/bbcef91eac7e
On 12/04/2011 16:13, Timo Sirainen wrote:
On Tue, 2011-04-12 at 16:03 +0200, mailing@securitylabs.it wrote:
On 12/04/2011 15:51, Rick Romero wrote:
I had the same issue - Dovecot has it's own method of updating lastauth and doesn't put the IP address in the field, but 'pop' or 'imap'. That's would be fine, I don't need the IP and with 1.2.16 it works (no IP, only pop3/imap logged). But with 2.0.11 the file is not updated at all.
Also instead of those two changes, you could apply this patch: http://hg.dovecot.org/dovecot-2.0/rev/bbcef91eac7e
Thank you Timo, the patch works.
participants (3)
-
mailing@securitylabs.it
-
Rick Romero
-
Timo Sirainen