Traiano Welcome <traiano <at> gmail.com> writes: > > Hi List > > I'm currently in the process of migrating my dovecot imap/pop users to a > new server and have to extract their passwords in order to import them into > the new system (different password encryption schemes). > > I've tried enabling auth_* debug parameters in my dovecot.conf in the hope > that this would result in logging plaintext passwords to the dovecot log. > However dovecot does not log the passwords in plaintext under any debugging > configuration. > > My question: Is there any other configuration of dovecot that would allow > me to capture POP/IMAP passwords at a successful login time? > > Dovecot version: 1.0.7 (from dovecot-1.0.7-7.el5_7.1 rpm) > > The output of dovecot -n is: > > --- > # 1.0.7: /etc/dovecot.conf > info_log_path: /var/log/dovecot.debug > verbose_ssl: yes > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > mail_location: mbox:~:INBOX=~/Mailbox > mail_debug: yes > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_plugin_dir(default): /usr/lib64/dovecot/imap > mail_plugin_dir(imap): /usr/lib64/dovecot/imap > mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 > auth default: > mechanisms: plain login > verbose: yes > debug: yes > debug_passwords: yes > passdb: > driver: pam > userdb: > driver: passwd > socket: > type: listen > client: > path: /var/run/dovecot/auth-client > mode: 438 > --- > > My dovecot.conf is as follows: > > ------ > info_log_path = /var/log/dovecot.debug > verbose_ssl = yes > mail_location = mbox:~:INBOX=~/Mailbox > mail_debug = yes > protocol imap { > } > protocol pop3 { > } > protocol lda { > postmaster_address = postmaster <at> example.com > } > auth_verbose = yes > auth_debug = yes > auth_debug_passwords = yes > auth default { > mechanisms = plain login > passdb pam { > } > userdb passwd { > } > user = root > socket listen { > client { > path = /var/run/dovecot/auth-client > mode = 0666 > } > } > } > dict { > } > plugin { > } > --- > > Many thanks in advance! > Traiano > >
Yes this is possible, i did it today for my own server which was also running dovecot 1.x. I hope i got all steps; but if not this should get you a head start in the right direction. requires SQL and prefetching; largely based on a lot of googling, trying and this page; http://wiki1.dovecot.org/UserDatabase/Prefetch Steps to implement (based on SQL login); 1) Change MySQL 'user' query (all fields that are needed for LDA) note: adjust query to match your own fields/query user_query = SELECT home, uid, gid FROM mail_users WHERE address = '%u' AND active = '1' 2) Change MySQL 'password' query (prepend all 'user info' fields with userdb_) note: adjust query to match your own fields/query password_query = SELECT <...>, '%w' as userdb_plain_pass FROM mail_users WHERE address = '%u' AND active = '1' 3) Add new executables for imap and pop3 login; vi /usr/local/sbin/pop3.sh add this: #!/bin/sh echo "UPDATE mail_users SET modified=now(), type='pop3', plainpwd='$PLAIN_PASS' WHERE address = '$USER'" | mysql --host=<host> -- user=<usr> --password=<pass> <dbname> exec /usr/lib/dovecot/pop3 "$@" vi /usr/local/sbin/imap.sh add this: #!/bin/sh echo "UPDATE mail_users SET modified=now(), type='pop3', plainpwd='$PLAIN_PASS' WHERE address = '$USER'" | mysql --host=<host> -- user=<usr> --password=<pass> <dbname> exec /usr/lib/dovecot/imap "$@" Chmod +x them and make sure both the query as the "/usr/lib/dovecot/<exec>" matches your environment. 4) In dovecot.conf; change executables for imap and pop3 login to point to new bash scripts protocol pop3 { ... mail_executable = /usr/local/sbin/pop3.sh ... } protocol imap { ... mail_executable = /usr/local/sbin/imap.sh ... } 5) Still in dovecot.conf add: userdb { driver = prefetch } 6) restart dovecot, done. /etc/init.d/dovecot restart Regards, Gilles