Re: [Dovecot] Proxy logging destuser
On Tue, 2008-08-26 at 07:20 +0200, Paul Gamble - MWEB wrote: Hi Timo The patch you provided to allow Dovecot-as-proxy's login processes to log the destuser only does so for successful authentications/logins. What is the possibility that this information could additionally be logged for successful lookups, but failed authentication, e.g. valid user-name/invalid password? How about each login attempt is logged with auth_verbose=yes? http://hg.dovecot.org/dovecot-1.1/rev/f42c9561421b signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Proxy logging destuser
Hi Timo The patch you provided to allow Dovecot-as-proxy's login processes to log the destuser only does so for successful authentications/logins. What is the possibility that this information could additionally be logged for successful lookups, but failed authentication, e.g. valid user-name/invalid password? The patch mentioned is: http://hg.dovecot.org/dovecot-1.1/raw-rev/5d0406541434 Regards -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: 14 August 2008 10:22 PM To: Paul Gamble - MWEB Cc: Dovecot Mailing List Subject: Re: [Dovecot] Proxy logging destuser New from MWEB: Cellphone and Internet bundles! Bundle your Internet access with your cellular contract from R75 per month. Call 08600 32000 or click here(http://www.mweb.co.za/productsservices/MTALKMobile/tabid/1223/Default.aspx) for more info on the great deals available. MWEB :-) JUST LIKE THAT
[Dovecot] Proxy logging destuser
Hi All My first post to the list, so hello world! Having searched the list archives and the wiki for an answer to this, I don't think it is possible. However, let me ask nonetheless... Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. The only way to get the proxy to log destuser at all, as far as I can figure out, is to enable auth debug - not something I want to do in a production environment. Thanking-you, Paul New from MWEB: Cellphone and Internet bundles! Bundle your Internet access with your cellular contract from R75 per month. Call 08600 32000 or click here(http://www.mweb.co.za/productsservices/MTALKMobile/tabid/1223/Default.aspx) for more info on the great deals available. MWEB :-) JUST LIKE THAT
Re: [Dovecot] Proxy logging destuser
On Aug 14, 2008, at 2:36 AM, Paul Gamble - MWEB wrote: Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. Could you try if this patch works: http://hg.dovecot.org/dovecot-1.1/raw-rev/5d0406541434 PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Proxy logging destuser
Hi Timo Thanks very much, hadn't finished my morning coffee and already a patch :) The patch does the trick: - My dovecot.conf for the proxy: ... login_log_format_elements = pid=%p user=%u method=%m rsock=%r:%b lsock=%l:%a proto=%s %c login_log_format = MYPROXY %s %$: ... - gives me, via syslog: Aug 14 10:14:03 withnail dovecot: imap-login: MYPROXY pid=6516, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:48157, lsock=127.0.0.1:1143, proto=IMAP, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:143/pgamble*master: Aug 14 10:26:02 withnail dovecot: pop3-login: MYPROXY pid=6514, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:55991, lsock=127.0.0.1:1110, proto=POP3, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:110/pgamble*master: This is just on a dev box, hence the odd IP's, log format, etc. I'm using master authentication for the backend auth and so the the master user and separator character are imbedded in the backend user, i.e. client-proxy_user, (pgamble*master above) and it would be convenient to have them available separately, but I can live with it as-is. So...great stuff, thanks very much! What is your approach with regards to incorporating these kinds of patches (in response to ad-hoc user requests) into your main development tree? It would obviously be nice to know that this will be incorporated at some point... Would it be feasible to add a config variable for this (along the lines of %u, %p, %s, etc, etc)? Regards, Paul Gamble -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timo Sirainen Sent: 14 August 2008 09:12 AM To: Paul Gamble - MWEB Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Proxy logging destuser On Aug 14, 2008, at 2:36 AM, Paul Gamble - MWEB wrote: Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the destuser, i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging? %u gives me the uid provided by the client of course, but it would useful for my purposes to catch the destuser in the same log line. Could you try if this patch works: http://hg.dovecot.org/dovecot-1.1/raw-rev/5d0406541434 New from MWEB: Cellphone and Internet bundles! Bundle your Internet access with your cellular contract from R75 per month. Call 08600 32000 or click here(http://www.mweb.co.za/productsservices/MTALKMobile/tabid/1223/Default.aspx) for more info on the great deals available. MWEB :-) JUST LIKE THAT
Re: [Dovecot] Proxy logging destuser
On Aug 14, 2008, at 4:42 AM, Paul Gamble - MWEB wrote: Aug 14 10:14:03 withnail dovecot: imap-login: MYPROXY pid=6516, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:48157, lsock=127.0.0.1:1143, proto=IMAP, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:143/pgamble*master: Aug 14 10:26:02 withnail dovecot: pop3-login: MYPROXY pid=6514, [EMAIL PROTECTED], method=PLAIN, rsock=127.0.0.1:55991, lsock=127.0.0.1:1110, proto=POP3, secured proxy([EMAIL PROTECTED]): started proxying to 127.0.0.1:110/pgamble*master: This is just on a dev box, hence the odd IP's, log format, etc. I'm using master authentication for the backend auth and so the the master user and separator character are imbedded in the backend user, i.e. client-proxy_user, (pgamble*master above) and it would be convenient to have them available separately, but I can live with it as-is. So...great stuff, thanks very much! What is your approach with regards to incorporating these kinds of patches (in response to ad-hoc user requests) into your main development tree? It would obviously be nice to know that this will be incorporated at some point... The URL I gave was to the main v1.1 tree. So this feature will be in v1.1.3. Would it be feasible to add a config variable for this (along the lines of %u, %p, %s, etc, etc)? That is getting a bit crowded already. And that's proxy-specific thing so you should then have variables for the destination host and port as well. PGP.sig Description: This is a digitally signed message part
