Re: [Dovecot] Virtual user and post-login 2.0.13
Did you try installing from source after applying the patch? As in:
This is your problem.. It's a bug in v2.0.13. You could patch with
http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config
socket's permissions. I'll hopefully release v2.0.14 in not too distant
future.
-- Timo
That got it working for me. Plus this:
service imap {
executable = imap imap-postlogin
}
service imap-postlogin {
executable = script-login /usr/local/bin/set_postpop
unix_listener imap-postlogin {
}
}
The script seems to run as root so I set ownership to the proper user in
the script.
_________
Mark Willcox
Data Helper, Inc.
On 8/25/2011 10:47 AM, Pelle Svensson wrote:
> Hi
>
> I tried several variants of suggestions but I can't get it working
>
> dovecot-info.log:
> ===
> Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN,
> rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264
> Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user
> vuser
>
> dovecot.log
>
> Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user
> p...@bredband.net: Error reading configuration:
> net_connect_unix(/var/run/dovecot/config) failed: Permission denied
> Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error
> occurred. Refer to server log for more information.
> Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned
> error 89 (Fatal failure)
>
> dovecot.conf
>
> protocols = imap pop3
> base_dir = /var/run/dovecot/
>
> log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot-info.log
>
> ssl = no # v1.2+, for older versions use: ssl_disable = yes
> disable_plaintext_auth = no
>
> mail_location = maildir:/home/fetchmail/mailroot/dummy
>
> pop3_uidl_format = %08Xu%08Xv
>
>
> !include conf.d/*.conf
> !include_try local.conf
>
> mail_uid=500
> mail_gid=500
>
> auth_verbose = yes
> auth_debug=yes
> auth_debug_passwords=yes
> mail_debug=yes
>
> # Optional tried with this!!!
> service config {
> unix_listener config {
> group = dovecot
> mode = 0660
> }
> }
>
> service imap {
> # tell imap to do post-login lookup using a socket called "imap-postlogin"
> executable = imap imap-postlogin
> # Optional tried with this!!!
>
> user=dovecot
> }
>
> # The service name below doesn't actually matter.
> service imap-postlogin {
> # all post-login scripts are executed via script-login binary
> executable = script-login /home/fetchmail/dovecot-postlogin.sh
>
> # the script process runs as the user specified here (v2.0.14+):
> # Optional tried with this!!!
>
> # user=dovecot
> # user = $default_internal_user
> # this UNIX socket listener must use the same name as given to imap
> executable
> # Optional tried with this!!!
>
> #unix_listener imap-postlogin {
> #}
> }
>
>
> users
>
> vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root
> allow_nets=192.168.1.0/24
>
> ls -l /home/fetchmail/dovecot-postlogin.sh
> -rwxrwxrwx. 1 dovecot root108 Aug 25 17:08 dovecot-postlogin.sh
>
> Any suggestions are very welcome!!
>
> /Thanks
>
>
>
Re: [Dovecot] Post-login scripting with virtual users
I downloaded the source and patched script-login.c. It is working fine now! Thank you! My script is running as root now and it resisted all efforts to make it run as popuser, but I can work with that. Why did I wait so long to move from bincimap? _ Mark Willcox Data Helper, Inc. On 8/24/2011 7:04 PM, Timo Sirainen wrote: > You didn't get past the config reading error, it now fails before it > even gets that far. > > On Wed, 2011-08-24 at 17:16 -0500, Mark Willcox wrote: >> I don't think that this is the problem now. I removed the unix_listener >> as per Rick's advice. That got me past the Error reading >> configuration. Just to be sure, I made the config socket world-readable >> which made no difference. >> >> Now instead I get: >> Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: >> Connection refused >> >> The script is executable. On a hunch, I made the directly that the >> scripts writes to world-writable, which didn't help. The Connection >> refused" means that there was some kind of problem with my script, I >> assume. It seems that the script does not run at all. Is there anything >> I can do to narrow down what is going wrong? Some higher level of logging? >> >> Thanks! >> >> _____ >> Mark Willcox >> Data Helper, Inc. >> >> >> On 8/24/2011 3:37 PM, Timo Sirainen wrote: >>> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >>> >>>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>>> Error: user devn...@dhzone.com: Error reading configuration: >>>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >>> This is your problem.. It's a bug in v2.0.13. You could patch with >>> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >>> socket's permissions. I'll hopefully release v2.0.14 in not too distant >>> future.
Re: [Dovecot] Post-login scripting with virtual users
I am about 97.2% certain that it never tries to run the script. I changed it to simply touch a file in /tmp with the same result. I simplified it to: #!/bin/sh exec "$@" Still refused. _ Mark Willcox Data Helper, Inc. On 8/24/2011 5:16 PM, Mark Willcox wrote: > I don't think that this is the problem now. I removed the unix_listener > as per Rick's advice. That got me past the Error reading > configuration. Just to be sure, I made the config socket world-readable > which made no difference. > > Now instead I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > The script is executable. On a hunch, I made the directly that the > scripts writes to world-writable, which didn't help. The Connection > refused" means that there was some kind of problem with my script, I > assume. It seems that the script does not run at all. Is there anything > I can do to narrow down what is going wrong? Some higher level of logging? > > Thanks! > > _ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 3:37 PM, Timo Sirainen wrote: >> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >> >>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>> Error: user devn...@dhzone.com: Error reading configuration: >>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >> This is your problem.. It's a bug in v2.0.13. You could patch with >> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >> socket's permissions. I'll hopefully release v2.0.14 in not too distant >> future.
Re: [Dovecot] Post-login scripting with virtual users
I don't think that this is the problem now. I removed the unix_listener as per Rick's advice. That got me past the Error reading configuration. Just to be sure, I made the config socket world-readable which made no difference. Now instead I get: Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: Connection refused The script is executable. On a hunch, I made the directly that the scripts writes to world-writable, which didn't help. The Connection refused" means that there was some kind of problem with my script, I assume. It seems that the script does not run at all. Is there anything I can do to narrow down what is going wrong? Some higher level of logging? Thanks! _________ Mark Willcox Data Helper, Inc. On 8/24/2011 3:37 PM, Timo Sirainen wrote: > On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > >> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >> Error: user devn...@dhzone.com: Error reading configuration: >> net_connect_unix(/var/run/dovecot/config) failed: Permission denied > This is your problem.. It's a bug in v2.0.13. You could patch with > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > socket's permissions. I'll hopefully release v2.0.14 in not too distant > future.
Re: [Dovecot] Post-login scripting with virtual users
Much closer! It seems to run the script, but now I get:
Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed:
Connection refused
I thought it might be because popuser has no logon capability
(/sbin/nologin), but I changed that and connection is still refused.
Can it be my script? It is just:
#!/bin/bash
echo "$USER $IP `host $IP`" > /var/lib/postpop/db/$IP
exec "$@"
The IP-named file is not being created. popuser owns the folder.
Also, when I get this working, can I set up a pop3 equivalent?
_____
Mark Willcox
Data Helper, Inc.
On 8/24/2011 2:06 PM, Rick Romero wrote:
>
> Quoting Mark Willcox :
>
>> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a
>> bincimap installation using checklocalpwd. All email is in folders
>> owned by a unprivileged user, popuser. The email users are entirely
>> virtual and have no relationship to actual linux users.
>>
>> I am trying to implement a Post-login script to register the IP address
>> that the authentication came from. Dovecot seems to be trying to
>> execute the script as the email non-user, which does not work. I have
>> specified that the script should be run as popuser, but it still runs as
>> devn...@dhzone.com for instance. Everything up top that point seems to
>> be happening happily under popuser.
>>
>
> I'd remove the unix_listener directive:
> service imap-postpop {
>executable = script-login /usr/local/bin/set_postpop
>user = popuser
> }
>
> The equivalent is working for me.
>
> Rick
[Dovecot] Post-login scripting with virtual users
I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a
bincimap installation using checklocalpwd. All email is in folders
owned by a unprivileged user, popuser. The email users are entirely
virtual and have no relationship to actual linux users.
My userdb calls return the UID and GID of popuser and all goes well
retrieving the mail via POP3 and IMAP.
I am trying to implement a Post-login script to register the IP address
that the authentication came from. Dovecot seems to be trying to
execute the script as the email non-user, which does not work. I have
specified that the script should be run as popuser, but it still runs as
devn...@dhzone.com for instance. Everything up top that point seems to
be happening happily under popuser.
I added a "user = popuser" directive and it had no effect that I could
see. I know that dovecot read the directive because I changed it to
"user = 555" and dovecot would not run because "555" is not a user.
I tried adding a "User = popuser" within the unix_listener but that also
had no effect.
Any ideas? Thank you!
--
Here is my dovecot -n:
# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.40.3-0.fc15.x86_64 x86_64 Fedora release 15 (Lovelock)
auth_debug = yes
disable_plaintext_auth = no
mail_debug = yes
mbox_write_locks = fcntl
passdb {
args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = sql
}
protocols = imap pop3
service imap-postpop {
executable = script-login /usr/local/bin/set_postpop
unix_listener imap-postpop {
}
user = popuser
}
service imap {
executable = imap imap-postpop
}
ssl_cert = From the maillog:
Aug 24 13:01:57 callisto dovecot: auth: Debug: client out:
OK#0111#011user=devn...@dhzone.com
Aug 24 13:01:57 callisto dovecot: auth: Debug: master in: REQUEST...
Aug 24 13:01:57 callisto dovecot: auth: Debug:
sql(devn...@dhzone.com,75.221.209.232): SELECT home, uid, gid FROM users
WHERE id = 'devn...@dhzone.com'
Aug 24 13:01:57 callisto dovecot: auth: Debug: master out:
USER#0114007264257#011devn...@dhzone.com#011home=/var/qmail/popbox/dhzone-com/devnull#011uid=555#011gid=555
Aug 24 13:01:57 callisto dovecot: imap-login: Login:
user=, method=PLAIN, rip=75.221.209.232,
lip=76.76.59.241, mpid=667
Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login:
Error: user devn...@dhzone.com: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied
Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login:
Fatal: Internal error occurred. Refer to server log for more information.
Aug 24 13:01:57 callisto dovecot: imap(devn...@dhzone.com): Post-login
script denied access to user devn...@dhzone.com
Aug 24 13:01:57 callisto dovecot: log: Error: service(imap-postpop):
child 668 returned error 89 (Fatal failure)
Aug 24 13:02:03 callisto dovecot: master: Warning: Killed with signal 15
(by pid=1 uid=0 code=kill)
--
_
Mark Willcox
Data Helper, Inc.
