Re: [Dovecot] mail check
Am 19.01.2014 22:36, schrieb Paolo: Is there some simple script that parsing the dovecot.info.log can give me a list of the mail checks for a user (better if reports also the type (POP/IMAP), and result of the sessions (Ok/Fail/Error/...))? Regards, Paolo Logwatch may help you http://sourceforge.net/projects/logwatch/ short way may using something like i.e. grep -i user dovecot.info.log etc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
[Dovecot] auth_default_realm, pam_krb5, gssapi
Hi,
Just writing here my note about auth_default_realm, pam_krb5 and gssapi.
It seems that 'pam' passdb and 'gssapi' auth_mechanism doesn't honor
'auth_default_realm' setting, at least in several setups I deal with.
Here is a part of the config:
passdb {
args = max_requests=100 cache_key=%u%r dovecot
driver = pam
}
auth_default_realm = REALM.COM
auth_mechanisms = plain login apop gssapi
auth_username_format = %Uu
The problem is that pam_krb5 strips default realm from username (by
default), even if auth_default_realm is specified and even if user logs
in as 'us...@realm.com' (with domain part).
A part of auth.log:
mail auth: pam_krb5(dovecot:auth): user USER1 authenticated as
us...@realm.com
The same for GSSAPI auth, if specified authorization name doesn't
contain domain part.
A part of mail.log:
mail dovecot: imap-login: Login: user=USER1, method=GSSAPI,
rip=172.16.0.1, lip=192.168.1.1, mpid=5828, TLS,
session=bpzvRmDwPACsFwCX
For several reasons I do need username inside dovecot to contain domain
part. So, I found a solution to this problem - modifying /etc/krb5.conf
this way:
[libdefaults]
default_realm = REALM.COM
[realms]
REALM.COM = {
auth_to_local = RULE:[1:$1@$0]
}
This will add realm part to the local username despite using default
realm.
Maybe it's better to put this example to the wiki?
Tested with ubuntu 12.04 and dovecot 2.2.10, mit kerberos 1.10, amd64.
Taking the opportunity, I'd like to ask, is there a way to make
usernames case insensitive while using GSSAPI. The case:
klist shows:
Principal: us...@realm.com
username in thunderbird 'us...@realm.com'. Dovecot gives me this message
(I use auth_username_format=%Uu for pam_krb5 to be able to login with
lowercase realm):
dovecot: auth:
gssapi(us...@realm.com,172.16.0.1,IIgwMGbw3ACsFgA4): User not
authorized to log in as us...@realm.com
As I know kerberos usernames are case insensitive (user part), at least
kinit and windows against AD works that way.
Seems that k5credentials passdb extra field will not help here too. Does
anyone have an idea?
Thanks.
--
Best regards,
Sergey Urushkin
Re: [Dovecot] mail check
On Mon, 20 Jan 2014, Robert Schetterer wrote: Am 19.01.2014 22:36, schrieb Paolo: Is there some simple script that parsing the dovecot.info.log can give me a list of the mail checks for a user (better if reports also the type (POP/IMAP), and result of the sessions (Ok/Fail/Error/...))? Regards, Paolo Logwatch may help you http://sourceforge.net/projects/logwatch/ I am using CentOS 6.x with default dovecot-2.0.16 and logwatch-7.3.6 In default config it don't give any useful info. Tried to update the docevot script with other from the net and modifing the logs reference, but also using a specified call to it like: logwatch --service dovecot --debug 10 --logfile dovecot I obtain nothing or a complete list of sessions disabling OnlyService = (imap-login|pop3-login|dovecot) in the dovecot.conf file Probably there is some bug or I am missing something. Nothing interesting n the archive list. short way may using something like i.e. grep -i user dovecot.info.log etc That is what I am using now. Hoped in someone that had write something that summarize this output better :-) Regards, Paolo
Re: [Dovecot] imap abort after upgrade from 2.2.4 to 2.2.7
When I did upgrade, 2.2.7 was the latest release. When I ran into the problem, I checked back and found 2.2.8 and 2.2.9 were released shortly one after another. It seemed these releases were sort of buggy. I would like to know if what I described in my previous email was an known issue and was addressed before upgrade to 2.2.10. We are using dovecot as our internal mail service. So stable is most important to us. Regards,
[Dovecot] A variable for the unix user or home path would be useful in some cases
Hello, In our hosting environment, we let users share mailboxes across all their domains and think it's best if the shared mailbox listing (in a file) stays in their unix home path. That would be: /home/USER/imap/shared-mailboxes.db Unfortunately, it seems there is no way to generate that path using a variable. Something like this would be convenient: acl_shared_dict = file:%v/imap/shared-mailboxes.db Instead, we have to use something like this: acl_shared_dict = file:~/../../../shared-mailboxes.db which only works for virtual users. Did somebody solve this another way? Could we have the unix user or home path as a variable? Or could we have a modifier giving us the path or the unix user based on the unix UID? Cheers, Olivier
[Dovecot] Sieve Filter based on Email Body
Is it possible to file emails based on the contents of email body? If yes, can you point me to an example. Thanks in advance
Re: [Dovecot] Sieve Filter based on Email Body
On 2014-01-21 00:22, Roman Gelfand wrote: Is it possible to file emails based on the contents of email body? If yes, can you point me to an example. http://sieve.info/
