Hello I use dovecot2 on vpopmail,qmail. i want to use login-intranet-imap.sh in order to restrict by emailaddress and ip address. i read it at http://wiki2.dovecot.org/PostLoginScripting. But there is an expression "mail_executable" in conf. but there is no such thing in dovecot2. what is equivalent of it for dovecot2 ? -- View this message in context: http://old.nabble.com/about-postlogin-in-dovecot2-tp34275123p34275123.html Sent from the Dovecot mailing list archive at Nabble.com.
Bulend Mali wrote:> i want to use login-intranet-imap.sh in order to restrict by emailaddress and ip address. > i read it at http://wiki2.dovecot.org/PostLoginScripting. > But there is an expression "mail_executable" in [dovecot1] conf. > but there is no such thing in dovecot2. > What is equivalent of it for dovecot2 ?service imap { executable = imap imap-postlogin } or service pop3 { executable = pop3 pop3-postlogin } I assume the exec "$@" in your login-intranet-imap.sh is there to execute the imap binary (or call it "mail executable") which handles the protocol traffic after your post-login script has done its work and granted access to the user. If you would like to deny access, you should not execute the protocol handler, but simply exit 0, see "Denying connection from some IP/User" at http://wiki2.dovecot.org/PostLoginScripting Regards Daniel -- https://plus.google.com/103021802792276734820
my 10-master.conf;
service pop3-login {
inet_listener pop3 {
}
service pop3 {
executable = pop3 pop3-postlogin
}
service pop3-postlogin {
executable = script-login /usr/local/bin/postlogin_pop3.sh
user = root
unix_listener pop3-postlogin {
}
}
when i restart dovecot service. i get an error;
Aug 11 00:48:27 pop3y dovecot: pop3-postlogin: Error: read: Illegal option
-d
Aug 11 00:39:56 pop3y dovecot: pop3-login: Login: user=<test at test.com>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=99386, secured,
session=<dQhpL/DGawB/AAAB>
Aug 11 00:39:56 pop3y dovecot: pop3(test at test.com): Post-login script denied
access to user test at test.com
Aug 11 00:39:56 pop3y dovecot: pop3-postlogin: Fatal: master:
service(pop3-postlogin): child 99387 returned error 10
pop3y# ll /usr/local/bin/postlogin_pop3.sh
-rwxr-xr-x 1 root wheel 5449 Aug 11 00:46
/usr/local/bin/postlogin_pop3.sh
i use freebsd8.2
--
View this message in context:
http://old.nabble.com/about-postlogin-in-dovecot2-tp34275123p34284058.html
Sent from the Dovecot mailing list archive at Nabble.com.
Bulend Mali wrote:> service pop3-postlogin { > executable = script-login /usr/local/bin/postlogin_pop3.sh > } > > when i restart dovecot service. i get an error; > Aug 11 00:48:27 pop3y dovecot: pop3-postlogin: Error: read: Illegal option -dSeems like you are calling a command with argument -d in your script while the command does not recognize any argument -d. Can you post your script "postlogin_pop3.sh" for review please? Regards Daniel -- https://plus.google.com/103021802792276734820
<bmalik at ihlas.net.tr> writes:> where do i have to locate the passwd-file in dovecot2For what purpose? Master user? Password/user lookup? passdb { driver = passwd-file master = yes args = /anywhere/you/want/master-users pass = yes } passdb { driver = passwd-file args = /anywhere/you/want/passwd } userdb { driver = passwd-file args = /anywhere/you/want/passwd } Joseph Tam <jtam.home at gmail.com>
bmalik wrote:> when i login to the server using pop3s, i see in the dovecot log; > > @4000000050457dd9179c653c pop3-login: Info: Login: user=<test at byserver.net>, > method=DIGEST-MD5, rip=192.168.12.220, lip=192.168.12.115, mpid=87395, TLS, > session=<w8H1WtjISwDV7pbc> > > if i add my mail address into the users-with-forced-encryption file, > i would not reach my account. > > i get an error; > @4000000050457dd9183f542c pop3(test at byserver.net): Info: Post-login script > denied access to user test at byserver.net > whereas i connect to the account via pop3s > if i remove my mail address from the users-with-forced-encryption > there is no problem. > > my postlogin_pop3.sh; > #!/usr/local/bin/bash > if [ "$SECURED" == "secure" ] > then > :# handle secure connections here > else > :# handle insecure connections here > if grep -q "$USER" in /usr/local/etc/dovecot/users-with-forced-encryption > then > printf "* NO [ALERT] You are not allowed to connect without > encryption\r\n" > exit 0 > fi > fi > exec "$@" > ########### > there is also no problem related to SSL certificate > what can be the issue ?Can you log the value of "$SECURED" to a logfile (using "logger" tool), and log a message in each of the conditional branches of your script, so we can see which branch gets called? Which error message do you get when you manually try to log into POP3S? openssl s_client -connect ip:port USER username PASS password QUIT Regards Daniel -- https://plus.google.com/103021802792276734820