[Dovecot] Post-login scripting with virtual users

Wed Aug 24 21:57:16 EEST 2011

I am running Dovecot 2.0.13 on Fedora 15.  I have migrated from a
bincimap installation using checklocalpwd.  All email is in folders
owned by a unprivileged user, popuser.  The email users are entirely
virtual and have no relationship to actual linux users.

My userdb calls return the UID and GID of popuser and all goes well
retrieving the mail via POP3 and IMAP. 

I am trying to implement a Post-login script to register the IP address
that the authentication came from.  Dovecot seems to be trying to
execute the script as the email non-user, which does not work.  I have
specified that the script should be run as popuser, but it still runs as
devnull at dhzone.com for instance.  Everything up top that point seems to
be happening happily under popuser. 

I added a "user = popuser" directive and it had no effect that I could
see.  I know that dovecot read the directive because I changed it to
"user = 555" and dovecot would not run because "555" is not a user.

I tried adding a "User = popuser" within the unix_listener but that also
had no effect.

Any ideas?  Thank you!

------------------------------
Here is my dovecot -n:
# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.40.3-0.fc15.x86_64 x86_64 Fedora release 15 (Lovelock)
auth_debug = yes
disable_plaintext_auth = no
mail_debug = yes
mbox_write_locks = fcntl
passdb {
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap pop3
service imap-postpop {
  executable = script-login /usr/local/bin/set_postpop
  unix_listener imap-postpop {
  }
  user = popuser
}
service imap {
  executable = imap imap-postpop
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}

-----------------------------------------------------
The dovecot-sql.conf.ext looks like this:
driver = mysql
connect = host=localhost dbname=webmail user=xxxx password=xxxx

password_query = SELECT id AS user, IF( clear IS NULL,
CONCAT('{CRYPT}',crypto), CONCAT('{PLAIN}',clear)) AS password \
  FROM users WHERE id = '%u'

user_query = SELECT home, uid, gid \
  FROM users WHERE id = '%u'

-------------------------------
>From the maillog:
Aug 24 13:01:57 callisto dovecot: auth: Debug: client out:
OK#0111#011user=devnull at dhzone.com
Aug 24 13:01:57 callisto dovecot: auth: Debug: master in: REQUEST...
Aug 24 13:01:57 callisto dovecot: auth: Debug:
sql(devnull at dhzone.com,75.221.209.232): SELECT home, uid, gid FROM users
WHERE id = 'devnull at dhzone.com'
Aug 24 13:01:57 callisto dovecot: auth: Debug: master out:
USER#0114007264257#011devnull at dhzone.com#011home=/var/qmail/popbox/dhzone-com/devnull#011uid=555#011gid=555
Aug 24 13:01:57 callisto dovecot: imap-login: Login:
user=<devnull at dhzone.com>, method=PLAIN, rip=75.221.209.232,
lip=76.76.59.241, mpid=667
Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login:
Error: user devnull at dhzone.com: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied
Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login:
Fatal: Internal error occurred. Refer to server log for more information.
Aug 24 13:01:57 callisto dovecot: imap(devnull at dhzone.com): Post-login
script denied access to user devnull at dhzone.com
Aug 24 13:01:57 callisto dovecot: log: Error: service(imap-postpop):
child 668 returned error 89 (Fatal failure)
Aug 24 13:02:03 callisto dovecot: master: Warning: Killed with signal 15
(by pid=1 uid=0 code=kill)

-- 
_________________
Mark Willcox
Data Helper, Inc.