[Dovecot] Alerts and pre-authenticated connections
Greetings -
Work moves onward here at setting up our Dovecot IMAP service and
I've got a couple more questions, I'm afraid... :-}
==============================================
Q1. The UW IMAP Server supports "pre-authenticated connections" --
does Dovecot?
Specifically, it is possible to create a symlink from /etc/rimapd to
the UW IMAP server binary and then use rsh or ssh from within the
Pine mail client to execute that on the server to establish the IMAP
connection:
rsh imap.york.ac.uk /etc/rimapd
Pine uses this to open a "pre-authenticated" connection to the UW
IMAP server to avoid the user having to enter their username and
password -- the rsh/ssh mechanism provides the IMAP server with the
user's login name.
I've grepped the Dovecot source but it looks like it doesn't support
this. Am I right in thinking this?
==============================================
Q2. The UW IMAP Server can issue "IMAP Alerts"
The UW IMAP server can issue a sequence of one-line notices to mail
clients using IMAP's ALERT mechanism. The notices are formed formed
from each line in a systemwide file (if non-empty) and a per-user
file (~/.imapalert). Many, but by no means all, mail clients display
these notices to the user -- currently we use this mechanism to
advise people who have totally run out of mail quota.
I've grepped the Dovecot source for "alert" but it looks like the
IMAP Alert mechanism isn't supported. Am I right in thinking this?
==============================================
Cheers, Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
On Tue, 2007-03-13 at 16:01 +0000, Mike Brudenell wrote:
Q1. The UW IMAP Server supports "pre-authenticated connections" --
does Dovecot?
dovecot --exec-mail imap
Q2. The UW IMAP Server can issue "IMAP Alerts"
Greetings -
On 13 Mar 2007, at 16:08, Timo Sirainen wrote:
On Tue, 2007-03-13 at 16:01 +0000, Mike Brudenell wrote:
Q1. The UW IMAP Server supports "pre-authenticated connections" -- does Dovecot?
dovecot --exec-mail imap
Excellent! I hadn't found that command line option yet: thank you.
In case anyone else is wanting pre-authenticated connections Googling
dovecot.org for "--exec-mail" has now led me to this helpful page on
converting from UW IMAP:
http://www.dovecot.org/list/dovecot/2006-January/010968.htmlQ2. The UW IMAP Server can issue "IMAP Alerts"
Hmmm... that might be OK for our current needs.
The nice thing about the UW server is your session monitors the
timestamp on the systemwide and per-user alert files and, if this
changes, re-reads their contents to issue the new/revised
notifications. This enables notifications (eg, "The Mail service is
shutting down at 6pm for emergency work") to be sent during someone's
session, not just at session startup.
Thanks, Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
On Tue, 2007-03-13 at 16:19 +0000, Mike Brudenell wrote:
Q2. The UW IMAP Server can issue "IMAP Alerts"
Hmmm... that might be OK for our current needs.
The nice thing about the UW server is your session monitors the
timestamp on the systemwide and per-user alert files and, if this
changes, re-reads their contents to issue the new/revised
notifications. This enables notifications (eg, "The Mail service is
shutting down at 6pm for emergency work") to be sent during someone's
session, not just at session startup.
Hmm. Perhaps if more people keep asking me about this I'll implement it after v1.0 :) You could also do it quite easily as a plugin.
Greetings -
On 13 Mar 2007, at 16:08, Timo Sirainen wrote:
On Tue, 2007-03-13 at 16:01 +0000, Mike Brudenell wrote:
Q1. The UW IMAP Server supports "pre-authenticated connections" -- does Dovecot?
dovecot --exec-mail imap
I'm having some success with the above but...
When started like this Dovecot doesn't seem to want to write log
entries to the Dovecot logfile as specified in the configuration
file, namely
log_path = /logfiles/mail/live/dovecot
I have checked that I have write access to the logfile as me: I do.
But nevertheless with
/usr/local/sbin/dovecot --exec-mail imap
log output comes out on stdout or stderr instead. For example:
% /usr/local/sbin/dovecot --exec-mail imap
- PREAUTH [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES
MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS
QUOTA] Logged in as pmb1 a01 logout BYE Logging out a01 OK Logout completed. imap(pmb1): Info: Disconnected: Logged out %
Note the final line beginning "imap(pmb1)".
If I instead run the "imap" binary by hand /usr/local/libexec/dovecot/imap the logging still comes out on stdout/stderr.
But after peering at the source code I tried setting the LOGFILE
environment variable to point at the logfile:
setenv LOGFILE /logfiles/mail/live/dovecot
Now if I run the "imap" binary by hand logging does indeed come out
in the logfile.
BUT using the "dovecot --execmail imap" command instead still has
logging coming out on stdout/stderr, not in the logfile ... it's as
if this latter isn't seeing/using the LOGFILE environment variable.
Can someone explain what I'm doing wrong, please, and how to use the
dovecot --exec-mail imap
trick to do pre-authenticated connections whilst getting logging out
in the right place? (Ideally as specified in the configuration file,
and not having to fiddle on manually setting the LOGFILE environment
variable.)
With thanks, Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
On Thu, 2007-03-15 at 13:47 +0000, Mike Brudenell wrote:
Can someone explain what I'm doing wrong, please, and how to use the dovecot --exec-mail imap trick to do pre-authenticated connections whilst getting logging out
in the right place? (Ideally as specified in the configuration file,
and not having to fiddle on manually setting the LOGFILE environment
variable.)
Many thanks, Timo...
On 15 Mar 2007, at 13:59, Timo Sirainen wrote:
On Thu, 2007-03-15 at 13:47 +0000, Mike Brudenell wrote:
Can someone explain what I'm doing wrong, please, and how to use the dovecot --exec-mail imap trick to do pre-authenticated connections whilst getting logging out in the right place? (Ideally as specified in the configuration file, and not having to fiddle on manually setting the LOGFILE environment variable.)
...that does indeed get the logging going to the right place.
Unfortunately starting a pre-authenticated session doesn't actually
create a log entry to say someone has connected or who it was, or the
IP address they came from (eg, in the REMOTEHOST shell environment
variable for an rsh session). It would be helpful to get something
logged as for a normal connection, say:
dovecot: Mar 15 14:55:08 Info: imap: Login: user=<pmb1>, method=PREAUTH, rip=144.32.226.226, lip=144.32.128.132 ^^^^^^^ ^^^^^^^^^^^^^^--- from REMOTEHOST?
In contrast, closing a pre-authenticated session does log something,
but only
imap(pmb1): Info: Disconnected: Logged out
It seems to not be using the mail_log_prefix template which normally
would log the above with a timestamp and (in my customised
configuration file) pid:
dovecot: Mar 15 14:34:39 Info: IMAP(pmb1)[19021]: Disconnected:
Logged out
This lack of logging is a bit of a pain as we use the IMAP logfiles
to track down people's reading sessions if we ever need to
investigate a problem.
Hopeful smile...
Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
On Thu, 2007-03-15 at 15:05 +0000, Mike Brudenell wrote:
Unfortunately starting a pre-authenticated session doesn't actually
create a log entry to say someone has connected or who it was, or the
IP address they came from (eg, in the REMOTEHOST shell environment
variable for an rsh session). It would be helpful to get something
logged as for a normal connection, say:dovecot: Mar 15 14:55:08 Info: imap: Login: user=<pmb1>, method=PREAUTH, rip=144.32.226.226, lip=144.32.128.132 ^^^^^^^ ^^^^^^^^^^^^^^--- from REMOTEHOST?
One problem with this is that I don't think there's any way to get the IP address in any standard way.
Another problem is that the logging format is in login_log_format and login_log_format_elements settings. Those are completely handled in imap-login/pop3-login code, so I'd have to duplicate that code to imap binary, just for this one preauth logging message which is used by almost no-one.
You could make a script that logs it and starts dovecot --exec-mail, or you could write a plugin that logs it. The plugin would be pretty easy:
// gcc prelogin.c -shared -c -o prelogin.so #include "lib.h" #include <stdlib.h> void prelogin_init(void) { i_info("Login: user=<%s> method=PREAUTH rip=%s lip=%s", getenv("USER"), getenv("REMOTEIP"), getenv("LOCALIP")); }
It seems to not be using the mail_log_prefix template which normally
would log the above with a timestamp and (in my customised
configuration file) pid: dovecot: Mar 15 14:34:39 Info: IMAP(pmb1)[19021]: Disconnected:
Logged out
Well, OK, this I can fix:
http://dovecot.org/list/dovecot-cvs/2007-March/008178.html http://dovecot.org/list/dovecot-cvs/2007-March/008180.html http://dovecot.org/list/dovecot-cvs/2007-March/008181.html http://dovecot.org/list/dovecot-cvs/2007-March/008184.html http://dovecot.org/list/dovecot-cvs/2007-March/008182.html http://dovecot.org/list/dovecot-cvs/2007-March/008183.html
participants (2)
-
Mike Brudenell
-
Timo Sirainen