Aki Tuomi
2021-Jan-26 09:01 UTC
[EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
That is because you are using systemd, where the unit file, by default, has PrivateTmp=yes. You can look under /tmp for dovecot private tmp directory and create the directory there, or you can temporarily disable this security measure. systemctl edit dovecot [Service] PrivateTmp=no systemctl daemon-reload systemctl restart dovecot Aki> On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: > > > Dear Mr. Tuomi > > I have added the setting rawlog_dir = /tmp/oauth2 to /etc/dovecot/dovecot-oauth2.conf.ext > However, /tmp/oauth2 was not created. > > Best regards, > > > --------------------------------------------------------------------------------------------------------------------------------- > ?163-6017 ?????????6-8-1 ????????????? > ???? ???????? ????? ?????????? ???? > e-mail: taiki.fukuda at justsystems.com > ??: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > --------------------------------------------------------------------------------------------------------------------------------- > > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: > > Yes, however I still cannot see rawlogs. > > > > Aki > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > > /etc/dovecot/conf.d/10-logging.conf? > > > ## > > > ## Logging verbosity and debugging. > > > ## > > > > > > # Log filter is a space-separated list conditions. If any of the conditions > > > # match, the log filter matches (i.e. they're ORed together). Parenthesis > > > # are supported if multiple conditions need to be matched together. > > > # Supported conditions are: > > > # event:<name wildcard> - Match event name. '*' and '?' wildcards supported. > > > # source:<filename>[:<line number>] - Match source code filename [and line] > > > # field:<key>=<value wildcard> - Match field key to a value. Can be specified > > > # multiple times to match multiple keys. > > > # cat[egory]:<value> - Match a category. Can be specified multiple times to > > > # match multiple categories. > > > # For example: event:http_request_* (cat:error cat:storage) > > > > > > # Filter to specify what debug logging to enable. This will eventually replace > > > # mail_debug and auth_debug settings. > > > log_debug=category=oauth2 > > > > > > ------------------------------ > > > ?163-6017 ?????????6-8-1 ????????????? > > > ???? ???????? ????? ?????????? ???? > > > e-mail: taiki.fukuda at justsystems.com > > > ??: 5158 > > > TEL: 03-5324-7900 > > > mobile: 080-6198-7328 > > > ------------------------------ > > > > > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: > > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > > > > > > > /etc/dovecot/conf.d/10-logging.conf? > > > > > > > > ``` > > > > ``` > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > ???? ???????? ????? ?????????? ???? > > > > e-mail: taiki.fukuda at justsystems.com > > > > ??: 5158 > > > > TEL: 03-5324-7900 > > > > mobile: 080-6198-7328 > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com>: > > > > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > Google is responding to me as Unauthorized. > > > > > > So I need to send my credentials such as access token in the request parameter for authentication in google?s Get User API request. > > > > > > But I don?t know how to configure dovecot to achieve that. > > > > > > Could you please help me with this? > > > > > > Best regards, > > > > > > > > > > > > ------------------------------ > > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > > ???? ???????? ????? ?????????? ???? > > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > > ??: 5158 > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > Did you try the debugging things I mentioned? Your logs do not indicate that you did. > > > > > > > > > > So, > > > > > > > > > > - Try turning on rawlogs for the oauth2 requests and see what google is sending you? > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs from oauth2. > > > > > > > > > > Aki > > > > > > >
Dear Mr. Tuomi Sorry, I have added the setting PrivateTmp=no to /etc/systemd/system/dovecot.service.d/override.conf However, /tmp/oauth2 was not created. Best regards, --------------------------------------------------------------------------------------------------------------------------------- ?163-6017 ?????????6-8-1 ????????????? ???? ???????? ????? ?????????? ???? e-mail: taiki.fukuda at justsystems.com ??: 5158 TEL: 03-5324-7900 mobile: 080-6198-7328 --------------------------------------------------------------------------------------------------------------------------------- 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>:> That is because you are using systemd, where the unit file, by default, > has PrivateTmp=yes. > > You can look under /tmp for dovecot private tmp directory and create the > directory there, or you can temporarily disable this security measure. > > systemctl edit dovecot > > [Service] > PrivateTmp=no > > systemctl daemon-reload > systemctl restart dovecot > > Aki > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > Dear Mr. Tuomi > > > > I have added the setting rawlog_dir = /tmp/oauth2 to > /etc/dovecot/dovecot-oauth2.conf.ext > > However, /tmp/oauth2 was not created. > > > > Best regards, > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > ?163-6017 ?????????6-8-1 ????????????? > > ???? ???????? ????? ?????????? ???? > > e-mail: taiki.fukuda at justsystems.com > > ??: 5158 > > TEL: 03-5324-7900 > > mobile: 080-6198-7328 > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: > > > Yes, however I still cannot see rawlogs. > > > > > > Aki > > > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > > > > Yes. In my last email, I sent you the log of the result of running > with oauth debug logging enabled. > > > > /etc/dovecot/conf.d/10-logging.conf? > > > > ## > > > > ## Logging verbosity and debugging. > > > > ## > > > > > > > > # Log filter is a space-separated list conditions. If any of the > conditions > > > > # match, the log filter matches (i.e. they're ORed together). > Parenthesis > > > > # are supported if multiple conditions need to be matched together. > > > > # Supported conditions are: > > > > # event:<name wildcard> - Match event name. '*' and '?' wildcards > supported. > > > > # source:<filename>[:<line number>] - Match source code filename > [and line] > > > > # field:<key>=<value wildcard> - Match field key to a value. Can be > specified > > > > # multiple times to match multiple keys. > > > > # cat[egory]:<value> - Match a category. Can be specified multiple > times to > > > > # match multiple categories. > > > > # For example: event:http_request_* (cat:error cat:storage) > > > > > > > > # Filter to specify what debug logging to enable. This will > eventually replace > > > > # mail_debug and auth_debug settings. > > > > log_debug=category=oauth2 > > > > > > > > ------------------------------ > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > ???? ???????? ????? ?????????? ???? > > > > e-mail: taiki.fukuda at justsystems.com > > > > ??: 5158 > > > > TEL: 03-5324-7900 > > > > mobile: 080-6198-7328 > > > > ------------------------------ > > > > > > > > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: > > > > > Yes. In my last email, I sent you the log of the result of > running with oauth debug logging enabled. > > > > > > > > > > /etc/dovecot/conf.d/10-logging.conf? > > > > > > > > > > ``` > > > > > ``` > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > ???? ???????? ????? ?????????? ???? > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > ??: 5158 > > > > > TEL: 03-5324-7900 > > > > > mobile: 080-6198-7328 > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com>: > > > > > > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> > wrote: > > > > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > Google is responding to me as Unauthorized. > > > > > > > So I need to send my credentials such as access token in the > request parameter for authentication in google?s Get User API request. > > > > > > > But I don?t know how to configure dovecot to achieve that. > > > > > > > Could you please help me with this? > > > > > > > Best regards, > > > > > > > > > > > > > > ------------------------------ > > > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > > > ???? ???????? ????? ?????????? ???? > > > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > > > ??: 5158 > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > > > > Did you try the debugging things I mentioned? Your logs do not > indicate that you did. > > > > > > > > > > > > So, > > > > > > > > > > > > - Try turning on rawlogs for the oauth2 requests and see what > google is sending you? > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to get > more debug logs from oauth2. > > > > > > > > > > > > Aki > > > > > > > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210126/7644ccf9/attachment-0001.html>
Aki Tuomi
2021-Jan-26 09:35 UTC
[EXT] Re: Reminder Re: Dovecot Gmail OAuth2.0 Setting Question
No, the directory must exist. I'm sorry I wasn't clear enough when I replied last time, but dovecot will not create the directory. You need to create it and make it writable. Aki> On 26/01/2021 11:09 ???? <taiki.fukuda at justsystems.com> wrote: > > > Dear Mr. Tuomi > > Sorry, I have added the setting PrivateTmp=no to /etc/systemd/system/dovecot.service.d/override.conf > However, /tmp/oauth2 was not created. > > Best regards, > > --------------------------------------------------------------------------------------------------------------------------------- > ?163-6017 ?????????6-8-1 ????????????? > ???? ???????? ????? ?????????? ???? > e-mail: taiki.fukuda at justsystems.com > ??: 5158 > TEL: 03-5324-7900 > mobile: 080-6198-7328 > --------------------------------------------------------------------------------------------------------------------------------- > > > > 2021?1?26?(?) 18:01 Aki Tuomi <aki.tuomi at open-xchange.com>: > > That is because you are using systemd, where the unit file, by default, has PrivateTmp=yes. > > > > You can look under /tmp for dovecot private tmp directory and create the directory there, or you can temporarily disable this security measure. > > > > systemctl edit dovecot > > > > [Service] > > PrivateTmp=no > > > > systemctl daemon-reload > > systemctl restart dovecot > > > > Aki > > > > > On 26/01/2021 10:57 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > Dear Mr. Tuomi > > > > > > I have added the setting rawlog_dir = /tmp/oauth2 to /etc/dovecot/dovecot-oauth2.conf.ext > > > However, /tmp/oauth2 was not created. > > > > > > Best regards, > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > ?163-6017 ?????????6-8-1 ????????????? > > > ???? ???????? ????? ?????????? ???? > > > e-mail: taiki.fukuda at justsystems.com > > > ??: 5158 > > > TEL: 03-5324-7900 > > > mobile: 080-6198-7328 > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > 2021?1?26?(?) 15:45 Aki Tuomi <aki.tuomi at open-xchange.com>: > > > > Yes, however I still cannot see rawlogs. > > > > > > > > Aki > > > > > > > > > On 25/01/2021 10:25 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > > > > > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > > > > /etc/dovecot/conf.d/10-logging.conf? > > > > > ## > > > > > ## Logging verbosity and debugging. > > > > > ## > > > > > > > > > > # Log filter is a space-separated list conditions. If any of the conditions > > > > > # match, the log filter matches (i.e. they're ORed together). Parenthesis > > > > > # are supported if multiple conditions need to be matched together. > > > > > # Supported conditions are: > > > > > # event:<name wildcard> - Match event name. '*' and '?' wildcards supported. > > > > > # source:<filename>[:<line number>] - Match source code filename [and line] > > > > > # field:<key>=<value wildcard> - Match field key to a value. Can be specified > > > > > # multiple times to match multiple keys. > > > > > # cat[egory]:<value> - Match a category. Can be specified multiple times to > > > > > # match multiple categories. > > > > > # For example: event:http_request_* (cat:error cat:storage) > > > > > > > > > > # Filter to specify what debug logging to enable. This will eventually replace > > > > > # mail_debug and auth_debug settings. > > > > > log_debug=category=oauth2 > > > > > > > > > > ------------------------------ > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > ???? ???????? ????? ?????????? ???? > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > ??: 5158 > > > > > TEL: 03-5324-7900 > > > > > mobile: 080-6198-7328 > > > > > ------------------------------ > > > > > > > > > > > > > > > 2021?1?25?(?) 17:24 ???? <taiki.fukuda at justsystems.com>: > > > > > > Yes. In my last email, I sent you the log of the result of running with oauth debug logging enabled. > > > > > > > > > > > > /etc/dovecot/conf.d/10-logging.conf? > > > > > > > > > > > > ``` > > > > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > > ???? ???????? ????? ?????????? ???? > > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > > ??: 5158 > > > > > > TEL: 03-5324-7900 > > > > > > mobile: 080-6198-7328 > > > > > > --------------------------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > 2021?1?25?(?) 17:16 Aki Tuomi <aki.tuomi at open-xchange.com>: > > > > > > > > > > > > > > > On 25/01/2021 10:12 ???? <taiki.fukuda at justsystems.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > Dear Mr. Tuomi > > > > > > > > Google is responding to me as Unauthorized. > > > > > > > > So I need to send my credentials such as access token in the request parameter for authentication in google?s Get User API request. > > > > > > > > But I don?t know how to configure dovecot to achieve that. > > > > > > > > Could you please help me with this? > > > > > > > > Best regards, > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > ?163-6017 ?????????6-8-1 ????????????? > > > > > > > > ???? ???????? ????? ?????????? ???? > > > > > > > > e-mail: taiki.fukuda at justsystems.com > > > > > > > > ??: 5158 > > > > > > > > TEL: 03-5324-7900 > > > > > > > > > > > > > > > > mobile: 080-6198-7328 > > > > > > > > > > > > > > > > > > > > > Did you try the debugging things I mentioned? Your logs do not indicate that you did. > > > > > > > > > > > > > > So, > > > > > > > > > > > > > > - Try turning on rawlogs for the oauth2 requests and see what google is sending you? > > > > > > > - You can also try log_debug=category=oauth2 (2.3.13) to get more debug logs from oauth2. > > > > > > > > > > > > > > Aki > > > > > > > > > > > > >