On Mon, September 12, 2016 4:23 pm, Paul Lesniewski wrote:
>
>
> On Sun, September 4, 2016 9:03 am, Jean-Luc Wasmer wrote:
>> Hi,
>>
>> I use Imapproxy 1.2.7 between Roundcube & Dovecot. I installed a
>> Roundcube plugging that sends the web client's IP address to the IMAP
>> server using the ID command. This way log files contain the real IP of
>> the user instead of the web server IP address.
>>
>> Unfortunately, Imapproxy doesn't like that:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ LOGIN-REFERRALS ID ENABLE
>> XIMAPPROXY] Dovecot ready.
>> A0001 ID ("x-originating-ip" "24.212.235.245")
>> A0001 BAD Please login first
>> A0002 LOGIN user1 "password"
>>
>>
>> When I by-pass Imapproxy:
>>
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
>> A0001 ID ("x-originating-ip" "24.212.235.245")
>> * ID ("name" "Dovecot")
>> A0001 OK ID completed.
>> A0002 AUTHENTICATE PLAIN AAAABBBBBCCCCDDD==
>>
>>
>>
>> This seems like a rather simple command to support, would it be possible
>> to add it?
>
> It's not simple at all. Because it's a pre-auth command, the proxy server
> doesn't know what to do with it. The proxy server needs the client to
> authenticate/log in before it knows whether it already holds an
> established server connection or has to create a new one. The best it
> could do is hold a queue of pre-auth commands (offering what amount to
> fake "OK" responses to each) that would be dumped into the server
> connection once a auth/login command is received. That's ugly, might be
> consumptive of memory, and probably wouldn't sit well with clients who
> expect real responses to each command.
>
> You could change the webmail plugin you are using to send the ID command
> after the user is logged in and everything should work as-is, with only
> the login command not having the remote IP address associated with it in
> your logs.
>
> You could use a plugin that logs separate data straight from the webmail
> software that documents the IP address where the user logged in from (in
> SquirrelMail, this is supported by the squirrel_logger plugin).
>
> I might add a limited implementation of the preauth command queue (per
> above), where it only holds one ID command. I'll reply again if I get
> around to it.
The latter has been added. Please pull from SVN or wait a day to get a
snapshot from our downloads page.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy
