Since 2.2.27 we've had auth policy server support which can do this
properly.
Aki
On 24.01.2017 00:06, rej ex wrote:> Hi everyone,
>
> We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot
SASL for SMTP authentication.
>
> Because we are building some monitoring application, we will need to record
all failed and successful login attempts. We need to record remote IP, entered
password in plain text, and if possible whether auth request is for SMTP or IMAP
session.
>
> I checked http://wiki.dovecot.org/PostLoginScripting and noticed that
post-login scripts are executed only after result_success, but not after
result_failure (password mismatch).
>
> Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since
version 2.2.10 it is possible to control what happens after passdb check, but
allowed result values don't include executing custom script.
>
> Does anyone know a way to call external binary / script, or at least save a
record in the database after login attempt without reading the log files?
>
> P.S. there is also a special case. When someone logs in from webmail,
remote IP is set to webmail's server. In this case, we will log the attempt
from the webmail itself, because it has the correct remote IP.
>
> Robin Wood