PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/usr/share/doc/dovecot23/wiki/
Upload File :
Current File : //usr/share/doc/dovecot23/wiki/HowTo.PopBSMTPAndDovecot.txt
Contents


 1. POP3 (IMAP) before SMTP

     1. Are you sure you want this?

         1. Problems with POP-before-SMTP

         2. Advantages of POP-before-SMTP over SMTP AUTH

 2. Pop-before-smtp.pl

 3. DRAC

 4. SQL

     1. Example for postgresql, postfix

     2. Example for MySQL, postfix

 5. relay-ctrl

POP3 (IMAP) before SMTP
=======================

/sometimes also called SMTP-after-POP3 or SMTP-after-IMAP/

Are you sure you want this?
---------------------------

POP-before-SMTP is generally considered a kludge, originally invented to make
up for the lack of authentication in the original SMTP
[http://en.wikipedia.org/wiki/Smtp] specification for clients on dynamic IP
addresses.ESMTP [http://en.wikipedia.org/wiki/Extended_SMTP] resolved that
shortcoming long ago, and all modern mail clients and servers support it by
now. You should consider implementing ESMTP AUTH
[http://en.wikipedia.org/wiki/SMTP-AUTH] in your mail transport/submission
agent, and using it in your clients, rather than using POP-before-SMTP. See
also <HowTo.PostfixAndDovecotSASL.txt> or <HowTo.EximAndDovecotSASL.txt>.

Problems with POP-before-SMTP
-----------------------------

 * *Shared IP addresses* are in widespread use. You are opening your server not
   only to your user, but to anyone else who might be sharing the same IP
   address, other users, other computers in the same NAT. If you lose the
   connection, the next one who is assigned your IP also inherits your relay
   permit. This might include virus-infected spambot machines. Or consider a
   public wireless hotspot or an Internet cafe: both types of establishments
   are known to be frequented by spammers.
 * *Not properly implemented* in all mail clients: it only works right if the
   client checks for new mail immediately before attempting to send. And it can
   be very unsafe if longer timeouts are used, such that the user has time to
   write an email.
 * Probably others. <I> [RobMcGee.txt] ( <Rob McGee> [RobMcGee.txt]) just
   thought it was wrong to have a HOWTO page here without a warning about why
   /not/ to. Know what you are doing. If you are setting up a new mail service
   from scratch, by all means, do it right!

Advantages of POP-before-SMTP over SMTP AUTH
--------------------------------------------

 * Likely to be relatively easier to implement in your mail submission agent.
   What's easier is a matter of opinion, and it varies, of course, but probably
   all MTA/MSA servers support some form of access lists without patching or
   recompiling.
 * Simple non-technical instructions for users: /"Remember to check for new
   mail before you try to send mail."/

Pop-before-smtp.pl
==================

If you want to use pop-before-smtp.pl (from http://popbsmtp.sourceforge.net/)
together with Dovecot, you can use this regular expression to match successful
POP3 and IMAP logins:

---%<-------------------------------------------------------------------------
$pat = '^(... .. ..:..:..) \S+ (?:pop3|imap)-login: Login: .+
\[(\d+\.\d+\.\d+\.\d+)\]';
---%<-------------------------------------------------------------------------

v1.0RC2 seems to need this format to work properly:

---%<-------------------------------------------------------------------------
$pat = '^dovecot: (... .. ..:..:..) \S+ (?:pop3|imap)-login: Login: \S+ \S+ \S+
lip=(\d+\.\d+\.\d+\.\d+)';
---%<-------------------------------------------------------------------------

Note: This only works with IPv4, anyone who wants to fix it for IPv6, please do
so:)

worked for me on Fedora: <drak at navel.gr>

---%<-------------------------------------------------------------------------
$pat = '(?:pop3|imap)-login: (... .. ..:..:..) Info: Login: \S+
\[(\d+\.\d+\.\d+\.\d+)\]';
---%<-------------------------------------------------------------------------

With v1.0 Alpha 4, the following pattern works:

---%<-------------------------------------------------------------------------
$pat = '^(... .. ..:..:..) \S+ (?:dovecot: )?(?:imap|pop3)-login: Login: \S+
\S+ rip=(\d+\.\d+\.\d+\.\d+)'
---%<-------------------------------------------------------------------------

This works with RHEL 4.3 (at least until IPv6 really catches):

---%<-------------------------------------------------------------------------
$pat = '(?:pop3|imap)-login: (... .. ..:..:..) Info: Login: \S+
\[::ffff:(\d+\.\d+\.\d+\.\d+)\]';
---%<-------------------------------------------------------------------------

DRAC
====

The DRAC historical plugin for Dovecot 1.x, located here
[http://mail.cc.umanitoba.ca/drac/], doesn't work with Dovecot 2.x, since it
relies on the "IP" environment variable, not set anymore by Dovecot 2.x

a more recent version of this plugin is available here: DRAC Plugin for Dovecot
2.x [http://sourceforge.jp/projects/dovecot2-drac/]. The README file explains
how to compile it. Change the path to your Dovecot 2.x source code into the
Makefile to compile it.

DRAC runs as a separate daemon, maintaining a BerkeleyDB database of IPs that
have successfully authenticated via POP3 or IMAP, expiring them after 30
minutes. Installing it therefore requires that both your POP3/IMAP server and
your SMTP daemon (Postfix/Sendmail/qmail) be set up to support it.
DRAC-PLUGIN.c is a small C program, and accessing BerkeleyDB databases is
efficient so it works pretty well.

By following the instructions you will install a file drac_plugin.so in your
dovecot 'lib/' directories for IMAP and/or POP3 loadable modules.

To turn on the new DRAC plugin in dovecot, you must set up these lines in your
dovecot.conf. There is a separate section for ''protocol imap'' and another
under ''protocol pop3''; make sure you enable both.

---%<-------------------------------------------------------------------------
  # Support for dynamically loadable modules
  mail_plugin_dir = /usr/lib/dovecot/imap # not mandatory
  mail_plugins = drac                            # provide a list of all
plugins you want to load here
---%<-------------------------------------------------------------------------

Permissions note: the directory containing the drac_plugin.so file has to be
readable by ordinary users. Check your Dovecot error log for help.

To get DRAC working on your machine, download the main DRAC
[http://mail.cc.umanitoba.ca/drac/] daemon, edit the makefile as directed in
the instructions, and make and install it.  You will also want to ensure that
you register the rpcs by executing rpcgen.  See the Makefile for more details.

SQL
===

Advantage: you do not have a multi-megabyte Perl daemon reading your logs

Disadvantage: for each login you need the time and space to execute this script

 1. tell your MTA to look up IPs authorized to relay in an SQL table
 2. delete old IPs from the table regularly (cron job for example, or a
    modification to the script below)
 3. tell dovecot to update the SQL table upon successful login

Dovecot 1.0 (and probably 0.99) can update a SQL table with the script below.

/!\ *Note* that *you* must set up a script that deletes old IPs separately, and
*you* also must configure your MTA properly. The script *only* performs the
'update on successful login' step, which alone is insecure without expiring
older IPs!/Add your working examples to this section. This Wiki depends on your
help!/

---%<-------------------------------------------------------------------------
#!/bin/sh
# This script created 2005-08-21 by Lorens Kockum
# Released into the Public Domain
# Changes:
# 2006-06-06 Matthias Andree
#  - changed $* to "$@" for more robust argument quoting
# Action: when called by dovecot 1.0 as described below, updates an SQL table
# with logged-in IP and current time, and then executes the relevant process.
# Output: normally nothing
# dovecot.conf should be modified with these lines (where
# /usr/lib/dovecot/popbsmtp.sh represents this script):
# protocol pop3 {
#   mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/pop3
# }
# protocol imap {
#   mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/imap
# }
# The HOME= lines are necessary to find $HOME/.my.cnf containing login info,
# because mail_executable is executed as root, but without a home directory.
# Of course this script must not be writable by anyone else than root.
(
    # drop out IPs from local networks that can relay anyway
    IP=`echo $IP | grep -v '^192\.168\.'`
    if [ -n "$IP" ]
    then
        export HOME=/root/
        echo "replace into popbsmtp VALUES('$IP',now());" | mysql mail
        export HOME=/
    fi
) >> /var/log/dovecot3 2>&1
exec "$@"
---%<-------------------------------------------------------------------------

Example for postgresql, postfix
-------------------------------

/usr/lib/dovecot/popbsmtp.sh

---%<-------------------------------------------------------------------------
#!/bin/sh
(
    if [ -n "$IP" ]
    then
        /usr/bin/psql -U popbsmtp -d popbsmtp -c "begin;update auth set
accessed=now() where host=substring('$IP' from 8);commit;insert into auth(host,
accessed) values(substring('$IP' from 8),now());"
    fi

) >> /var/log/dovecot3 2>&1
exec "$@"
---%<-------------------------------------------------------------------------

The substring call was necessary because $IP has '::ffff:' or something like
that in front of the IP address on my system. The update followed by an insert,
with the update in a transaction is necessary to replicate mysql's REPLACE INTO
functionality. The INSERT will produce an error if the IP already exists but it
doesn't matter as the UPDATE will have committed by then.

/etc/postfix/main.cf

---%<-------------------------------------------------------------------------
smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  permit_tls_clientcerts
  check_client_access pgsql:/etc/postfix/popbsmtp.cf
  reject_unauth_destination
  check_policy_service unix:private/policy
---%<-------------------------------------------------------------------------

/etc/postfix/popbsmtp.cf

---%<-------------------------------------------------------------------------
hosts = localhost
user = username
password = secret
dbname = popbsmtp
query = SELECT 'OK' as result FROM auth WHERE host = '%s'
---%<-------------------------------------------------------------------------

/etc/cron.hourly/popbsmtp_purge

---%<-------------------------------------------------------------------------
#!/bin/bash
/usr/bin/psql -U popbsmtp -d popbsmtp -c "DELETE FROM auth WHERE (now() -
accessed)  > '30 minutes'::interval"
---%<-------------------------------------------------------------------------

Example for MySQL, postfix
--------------------------

Note that you can use this even if pop/imap and smtp are not on the same host
as it is the case in my setup.

First you have to create a table (in this example named "popbsmtp") with 2
fields:

 * address (varchar 39, primary)
 * last_seen (datetime)

varchar size 39 is for IPv6 addresses.You should definitely consider adding
IPv6 support to your popbsmtp solution because postfix and dovecot do well with
IPv6.

/!\ *address field* must be *primary* for "REPLACE into" to work.

/opt/dovecot-popbsmtp.sh

---%<-------------------------------------------------------------------------
#!/bin/sh
(
        if [ -n "$IP" ]
        then
                echo "REPLACE INTO virtual_mail.popbsmtp (address,last_seen)
VALUES ('$IP', NOW( ))" \
                | mysql -u user -p secret -h host > /dev/null 2>&1
        fi
)
exec "$@"
---%<-------------------------------------------------------------------------

mail_executable in dovecot.conf looks something like this:

---%<-------------------------------------------------------------------------
mail_executable = /opt/dovecot-popbsmtp.sh /usr/libexec/dovecot/imap
---%<-------------------------------------------------------------------------

postfix map (/etc/postfix/mysql_popbsmtp_access_maps.cf):

---%<-------------------------------------------------------------------------
hosts = mysqlhost
user = user
password = secret
dbname = virtual_mail
query = SELECT 'OK' FROM popbsmtp WHERE last_seen >= DATE_SUB(NOW(),INTERVAL 30
MINUTE) AND address = '%s'
---%<-------------------------------------------------------------------------

In postfix main.cf add the following access map to your recipient restrictions
(/!\  *before* "reject_unauth_destination"):

---%<-------------------------------------------------------------------------
check_client_access mysql:$config_directory/mysql_popbsmtp_access_maps.cf
---%<-------------------------------------------------------------------------

The 30 minute relay access period is handled by the INTERVAL in DATE_SUB. So
it's safe anyway, but you should definitely run a cron job daily that deletes
older records. That's to keep the table clean and speed up lookups. You might
also need to run "OPTIMIZE TABLE" via the cron job to free up allocated space.

relay-ctrl
==========

relay-ctrl [http://untroubled.org/relay-ctrl/] consists of a few small programs
designed to fit in qmail-like command chains. The most important:

 * 'relay-ctrl-allow' runs after a successful POP/IMAP login, recording the
   client IP and timestamp
 * 'relay-ctrl-check' runs before the SMTP server, enabling relaying if the
   client IP has authenticated recently

'relay-ctrl-allow' expects to find the client IP in the environment as
'$TCPREMOTEIP'. Dovecot provides it as '$IP', so you'll need this tiny
'dovecot-settcpremoteip' wrapper script:

---%<-------------------------------------------------------------------------
#!/bin/sh
#
# Wrapper for relay-ctrl-allow that sets TCPREMOTEIP.
TCPREMOTEIP="${IP}"; export TCPREMOTEIP
exec "$@"
---%<-------------------------------------------------------------------------

Edit 'dovecot.conf' and set 'mail_executable' appropriately, e.g., for IMAP
(this is one long line):

---%<-------------------------------------------------------------------------
mail_executable = /usr/local/bin/envdir /etc/relay-ctrl
/usr/local/bin/relay-ctrl-chdir /usr/local/bin/dovecot-settcpremoteip
/usr/local/bin/relay-ctrl-allow /usr/local/libexec/dovecot/imap
Dove
---%<-------------------------------------------------------------------------

Restart Dovecot. Verify that your IMAP client still works. Verify that
relay-ctrl has recorded your client IP. Hook 'relay-ctrl-check' into your SMTP
service, as documented in the relay-ctrl README, and you're done.

(This file was created from the wiki on 2019-06-19 12:42)