Re: post-login scripting
I also wanted to ask if it's possible to add the local server name so I can use one database for all systems? I suppose there's a chance there could be issues with namespace conflicts, but this would make it much easier for me. Not sure how you are tracking your users, in my setup each user is the full email address with domain. (u...@example.com) This way when it saves the time stamp it's associated with the username/email which is unique. My dictionary looks like this... connect = host=/var/lib/mysql/mysql.sock dbname=mailservice map { pattern = shared/last-login/$user table = lastEmailCheck value_field = last value_type = uint fields { email = $user } } ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
Hi, > I'm trying to determine the last login time for my IMAP users. There is already a built in plugin that does this without needing to use scripting. You can use it to save a timestamp to a database. https://doc.dovecot.org/settings/plugin/last-login- plugin/ https://doc.dovecot.org/configuration_manual/ lastlogin_plugin/ That's very helpful, thanks. The only trouble I had was that my password had a pound sign in it and apparently it was parsed as a comment: Jan 18 18:53:28 xavier dovecot[3549186]: dict(3552926): Warning: Configuration file /etc/dovecot/dovecot-dict-sql.conf.ext line 1: Ambiguous '#' character in line, treating it as comment. Add a space before it to remove this warning. I also wanted to ask if it's possible to add the local server name so I can use one database for all systems? I suppose there's a chance there could be issues with namespace conflicts, but this would make it much easier for me. Thanks so much. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
Hi, When I put the following in my dovecot.conf instead of conf.d/ 10- auth.conf, it core dumps. I thought local changes should be made in dovecot.conf? service imap-login { executable = imap imap-postlogin inet_listener imap { port = 0 } inet_listener imaps { port = 993 } process_min_avail = 6 service_count = 0 vsz_limit = 512 M } service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh user = $default_internal_user } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 } } Hi Alex I notice you didn't define the listner socket. You're missing this inside your imap-postlogin service definition: unix_listener imap-postlogin { } Okay, thanks. Although I have it working with the last_login plugin now, I'm still interested in figuring out what went wrong with postlogin and how I can use it for other things as well. It no longer core dumps, but it also doesn't touch the ~/.last_login file in the user's home directory either. How can I troubleshoot this further? I thought I would see a postlogin socket after adding the listener line, but I don't see anything with lsof. Other ideas greatly appreciated. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
> I'm trying to determine the last login time for my IMAP users. There is already a built in plugin that does this without needing to use scripting. You can use it to save a timestamp to a database. https://doc.dovecot.org/settings/plugin/last-login-plugin/ https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ That's very helpful, thanks. The only trouble I had was that my password had a pound sign in it and apparently it was parsed as a comment: Jan 18 18:53:28 xavier dovecot[3549186]: dict(3552926): Warning: Configuration file /etc/dovecot/dovecot-dict-sql.conf.ext line 1: Ambiguous '#' character in line, treating it as comment. Add a space before it to remove this warning. Thanks so much. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
On 18/01/2024 02:31, Alex wrote: Hi, I'm trying to determine the last login time for my IMAP users. Some systems use mbox while others are Maildir, but not sure that matters. I'd just like to touch a file similar to how it's done in this article, but it doesn't work for me. https://doc.dovecot.org/admin_manual/post_login_scripting/ I've followed the instructions explicitly - made the required changes to 10- master.conf and created a shell script in /usr/local/bin that touches a file in the user's home directory. However, the file doesn't get created/ touched. I've enabled debugging and don't see any errors that might lead to what I'm doing wrong. It doesn't say explicitly in the article that the last- login script referenced in the article is actually the contents of the postlogin.sh script, but I'm assuming it is? When I put the following in my dovecot.conf instead of conf.d/10- auth.conf, it core dumps. I thought local changes should be made in dovecot.conf? service imap-login { executable = imap imap-postlogin inet_listener imap { port = 0 } inet_listener imaps { port = 993 } process_min_avail = 6 service_count = 0 vsz_limit = 512 M } service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh user = $default_internal_user } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 } } Hi Alex I notice you didn't define the listner socket. You're missing this inside your imap-postlogin service definition: unix_listener imap-postlogin { } John ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
I don't know if it's same syntax for 2.x versions of Dovecot (I have some notes about requiring "script" simple word preceding path): https://doc.dovecot.org/3.0/admin_manual/post_login_scripting/ El 18/1/24 a les 2:31, Alex ha escrit: Hi, I'm trying to determine the last login time for my IMAP users. Some systems use mbox while others are Maildir, but not sure that matters. I'd just like to touch a file similar to how it's done in this article, but it doesn't work for me. https://doc.dovecot.org/admin_manual/post_login_scripting/ I've followed the instructions explicitly - made the required changes to 10- master.conf and created a shell script in /usr/local/bin that touches a file in the user's home directory. However, the file doesn't get created/touched. I've enabled debugging and don't see any errors that might lead to what I'm doing wrong. It doesn't say explicitly in the article that the last-login script referenced in the article is actually the contents of the postlogin.sh script, but I'm assuming it is? When I put the following in my dovecot.conf instead of conf.d/10-auth.conf, it core dumps. I thought local changes should be made in dovecot.conf? service imap-login { executable = imap imap-postlogin inet_listener imap { port = 0 } inet_listener imaps { port = 993 } process_min_avail = 6 service_count = 0 vsz_limit = 512 M } service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh user = $default_internal_user } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 } } ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org -- Narcis Garcia __ I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should remove and omit any @, dot and mailto combinations against automated addresses collectors. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: post-login scripting
I'm trying to determine the last login time for my IMAP users. There is already a built in plugin that does this without needing to use scripting. You can use it to save a timestamp to a database. https://doc.dovecot.org/settings/plugin/last-login-plugin/ https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Post-login scripting
In data sabato 21 ottobre 2017 15:44:52 CEST, Gedalya ha scritto: > Aha. Looks pretty cool, and it's really nice that it supports HTTP. > On the other hand if I'm rate limiting the number of messages sent = number > of times a client said RCPT TO, I guess it still has to be a postfix policy > server? Anyway, thanks for pointing this out, I'm sure I'll use it :-) > Very interesting indeed; now I'm using a post-login script to track the IP of the clients, but I'll evalutate the policy as it seems cleaner. For a simple policy server to use with postfix, you can check out my simple daemon: https://github.com/SimoneLazzaris/polka It's written in go, very simple, efficient but effective. We're using in production with zero issues. *Simone Lazzaris* *Qcom S.p.A.* simone.lazza...@qcom.it[1] | www.qcom.it[2] * LinkedIn[3]* | *Facebook[4]* [5] [1] mailto:simone.lazza...@qcom.it [2] https://www.qcom.it [3] https://www.linkedin.com/company/qcom-spa [4] http://www.facebook.com/qcomspa [5] https://www.qcom.it/includes/email-banner.gif
Re: Post-login scripting
Thx for every suggestions. Regards Jack Sent from my mobile device please excuse. 21.10.2017 3:45 PM "Gedalya" napisał(a): > Aha. Looks pretty cool, and it's really nice that it supports HTTP. > On the other hand if I'm rate limiting the number of messages sent = > number of times a client said RCPT TO, I guess it still has to be a postfix > policy server? > Anyway, thanks for pointing this out, I'm sure I'll use it :-) > > > On 10/21/2017 02:16 PM, Aki Tuomi wrote: > > Dovecot auth supports auth_policy_server (v2.2.27+, > https://wiki.dovecot.org/Authentication/Policy), which you could use for > this. There is also https://github.com/PowerDNS/weakforced you can use as > policy server, which can also do ratelimiting and such. It also integrates > with postfix. > > > > Aki > > > >> On October 20, 2017 at 6:12 PM Gedalya wrote: > >> > >> > >> No, it's entirely my own. > >> If all you want to do is write client IP addresses to a database then > your script will probably fit in 20 lines of code or so. > >> > >> > >> On 10/20/2017 05:04 PM, j.emerlik wrote: > >>> Which one policy server are you using ? > >>> Someone from that list : http://www.postfix.org/addon.html > >>> > >>> 2017-10-20 16:53 GMT+02:00 Gedalya : > >>> > On 10/20/2017 04:50 PM, j.emerlik wrote: > > I understand that Dovecot SASL does not support the Post-Login > scripts. > Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper > for > the executable launched to perform the actual service, and there is > no such > service when dovecot is only a SASL auth server for an external > program. > > On the other hand a postfix policy server can let you record a lot of > detail about SMTP activity: messages sent, sender/recipient > addresses, and > client addresses of course. > > I might be able to help with putting such a script together, time > permitting :-) > >
Re: Post-login scripting
Aha. Looks pretty cool, and it's really nice that it supports HTTP. On the other hand if I'm rate limiting the number of messages sent = number of times a client said RCPT TO, I guess it still has to be a postfix policy server? Anyway, thanks for pointing this out, I'm sure I'll use it :-) On 10/21/2017 02:16 PM, Aki Tuomi wrote: > Dovecot auth supports auth_policy_server (v2.2.27+, > https://wiki.dovecot.org/Authentication/Policy), which you could use for > this. There is also https://github.com/PowerDNS/weakforced you can use as > policy server, which can also do ratelimiting and such. It also integrates > with postfix. > > Aki > >> On October 20, 2017 at 6:12 PM Gedalya wrote: >> >> >> No, it's entirely my own. >> If all you want to do is write client IP addresses to a database then your >> script will probably fit in 20 lines of code or so. >> >> >> On 10/20/2017 05:04 PM, j.emerlik wrote: >>> Which one policy server are you using ? >>> Someone from that list : http://www.postfix.org/addon.html >>> >>> 2017-10-20 16:53 GMT+02:00 Gedalya : >>> On 10/20/2017 04:50 PM, j.emerlik wrote: I understand that Dovecot SASL does not support the Post-Login scripts. Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for the executable launched to perform the actual service, and there is no such service when dovecot is only a SASL auth server for an external program. On the other hand a postfix policy server can let you record a lot of detail about SMTP activity: messages sent, sender/recipient addresses, and client addresses of course. I might be able to help with putting such a script together, time permitting :-)
Re: Post-login scripting
Dovecot auth supports auth_policy_server (v2.2.27+, https://wiki.dovecot.org/Authentication/Policy), which you could use for this. There is also https://github.com/PowerDNS/weakforced you can use as policy server, which can also do ratelimiting and such. It also integrates with postfix. Aki > On October 20, 2017 at 6:12 PM Gedalya wrote: > > > No, it's entirely my own. > If all you want to do is write client IP addresses to a database then your > script will probably fit in 20 lines of code or so. > > > On 10/20/2017 05:04 PM, j.emerlik wrote: > > Which one policy server are you using ? > > Someone from that list : http://www.postfix.org/addon.html > > > > 2017-10-20 16:53 GMT+02:00 Gedalya : > > > >> On 10/20/2017 04:50 PM, j.emerlik wrote: > >> > >> I understand that Dovecot SASL does not support the Post-Login scripts. > >> Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for > >> the executable launched to perform the actual service, and there is no such > >> service when dovecot is only a SASL auth server for an external program. > >> > >> On the other hand a postfix policy server can let you record a lot of > >> detail about SMTP activity: messages sent, sender/recipient addresses, and > >> client addresses of course. > >> > >> I might be able to help with putting such a script together, time > >> permitting :-) > >>
Re: Post-login scripting
No, it's entirely my own. If all you want to do is write client IP addresses to a database then your script will probably fit in 20 lines of code or so. On 10/20/2017 05:04 PM, j.emerlik wrote: > Which one policy server are you using ? > Someone from that list : http://www.postfix.org/addon.html > > 2017-10-20 16:53 GMT+02:00 Gedalya : > >> On 10/20/2017 04:50 PM, j.emerlik wrote: >> >> I understand that Dovecot SASL does not support the Post-Login scripts. >> Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for >> the executable launched to perform the actual service, and there is no such >> service when dovecot is only a SASL auth server for an external program. >> >> On the other hand a postfix policy server can let you record a lot of >> detail about SMTP activity: messages sent, sender/recipient addresses, and >> client addresses of course. >> >> I might be able to help with putting such a script together, time >> permitting :-) >>
Re: Post-login scripting
Which one policy server are you using ? Someone from that list : http://www.postfix.org/addon.html 2017-10-20 16:53 GMT+02:00 Gedalya : > On 10/20/2017 04:50 PM, j.emerlik wrote: > > I understand that Dovecot SASL does not support the Post-Login scripts. >> > Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for > the executable launched to perform the actual service, and there is no such > service when dovecot is only a SASL auth server for an external program. > > On the other hand a postfix policy server can let you record a lot of > detail about SMTP activity: messages sent, sender/recipient addresses, and > client addresses of course. > > I might be able to help with putting such a script together, time > permitting :-) >
Re: Post-login scripting
On 10/20/2017 04:50 PM, j.emerlik wrote: I understand that Dovecot SASL does not support the Post-Login scripts. Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for the executable launched to perform the actual service, and there is no such service when dovecot is only a SASL auth server for an external program. On the other hand a postfix policy server can let you record a lot of detail about SMTP activity: messages sent, sender/recipient addresses, and client addresses of course. I might be able to help with putting such a script together, time permitting :-)
Re: Post-login scripting
Thx, seems to be a good idea. I understand that Dovecot SASL does not support the Post-Login scripts. 2017-10-20 16:36 GMT+02:00 Gedalya : > I use an access policy server which mostly does rate-limiting and also > writes to a database. > It's written in perl. > If all you want to do is to write some records for every connection then > the script would be rather simple. > You just need to put "check_policy_service unix:" in the right place, > presumably in smtpd_client_restrictions, I guess if you put it before > permit_sasl_authenticated it would still have the auth details, due to > delayed evaluation. >
Re: Post-login scripting
Op 20-10-2017 om 15:46 schreef j.emerlik: > Hi , > I would like to save every authentication IP addresses to database, for > IMAP and POP3 everything working correct but I don't know how to configure > Post-login script for SMTP AUTH. > > Can you help me ? > > Regards, > Jack > This is how I log te last time someone logged in: service imap { . . . executable = imap imap-postlogin } service imap-postlogin { executable = script-login /usr/local/bin/imap-wrapper.sh user = vmail unix_listener imap-postlogin { } } And for pop3 users: service pop3 { . . . executable = pop3 pop3-postlogin } service pop3-postlogin { executable = script-login /usr/local/bin/pop3-wrapper.sh user = vmail unix_listener pop3-postlogin { } } Where imap_wrapper.sh is: #! /bin/sh touch /disk/mail/login/imap/$USER touch /disk/mail/login/$USER exec "$@" And for pop3_wrapper.sh: #! /bin/sh touch /disk/mail/login/pop3/$USER touch /disk/mail/login/$USER exec "$@" This gives me empty files in /login, /login/imap and /login/pop3 with the username as filename. The timestamp of the filwe is the lat login time. HTH Egbert Jan, NL
Re: Post-login scripting
I use an access policy server which mostly does rate-limiting and also writes to a database. It's written in perl. If all you want to do is to write some records for every connection then the script would be rather simple. You just need to put "check_policy_service unix:" in the right place, presumably in smtpd_client_restrictions, I guess if you put it before permit_sasl_authenticated it would still have the auth details, due to delayed evaluation.
Re: Post-login scripting
On 10/20/2017 03:46 PM, j.emerlik wrote: > Hi , > I would like to save every authentication IP addresses to database, for > IMAP and POP3 everything working correct but I don't know how to configure > Post-login script for SMTP AUTH. > > Can you help me ? > > Regards, > Jack It would probably be possible to do this at the MTA. I do it in postfix + mysql. What is your setup like?