主题: 使用者登錄時間紀錄

==== 提供基本信息便于分析问题并得到快速回复 ====
- iRedMail 版本:iRedAdmin v0.1.8 (LDAP)
- 使用的 Linux/BSD 发行版名称及版本号:CentOs6.2 X64
- 与您的问题相关的日志信息:
====

Hi  張大.

按照網上說明文件,作 ”使用者登錄時間紀錄”,無法成功,請幫忙分析 。

(因公司人員未超過100人,其loading應該還可以承擔; 雖然本公司已經有購買iRedAdmin-Pro LDAP 版本,但我想了解假如兩種版本皆可設定的話,要如何設定. 謝謝 !  )

[FAQ] How to track user last login data (ip, date, mail protocol).
http://www.iredmail.org/forum/topic379- … tocol.html

實作內容:
1). trackLastLogin.sh屬性
-rwxr-xr-x 1 root root 2738 2012-06-05 16:19 trackLastLogin.sh

2).vi /usr/bin/trackLastLogin.sh內容
LDAP_URI= 'ldap://127.0.0.1:389'
LDAP_BASEDN= 'o=domains,dc=aaaa,dc=com'
BIND_DN= 'cn=vmail,dc=aaaa,dc=com' #vmailadmin或vmail皆試過
BIND_PW='xxxxxxxxxxxxxxxxxx'
if [ X"${USER}" != X"dump-capability" ]; then
    ldapmodify -c -x \
        -H "${LDAP_URI}" \
        -D "${BIND_DN}" \
        -w "${BIND_PW}" >/dev/null 2>&1 <<EOF
dn: mail=${USER},ou=Users,domainName=$(echo ${USER} | awk -F'@' '{print $2}'),${LDAP_BASEDN}
changetype: modify
replace: lastLoginDate
lastLoginDate: $(date +%Y%m%d%H%M%SZ)

3).vi /etc/dovecot/dovecot.conf
protocol imap {
    mail_drop_priv_before_exec=yes
    mail_executable = /usr/bin/trackLastLogin.sh imp
   
}
protocol pop3 {
    mail_drop_priv_before_exec=yes
    mail_executable = /usr/bin/trackLastLogin.sh pop3
   
}

4). touch  pop3及imap兩檔
ll /var/run/dovecot/imap
-rwxrwxrwx 1 dovecot root 0 2012-06-15 13:56 /var/run/dovecot/imap
ll /var/run/dovecot/pop3
-rwxrwxrwx 1 dovecot root 0 2012-06-15 13:56 /var/run/dovecot/pop3


5).重新啟動Dovecot ,出現如下訊息

正在停止 Dovecot Imap:                                    [  確定  ]
正在啟動 Dovecot Imap:doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:178: mail_drop_priv_before_exec has been replaced by service { drop_priv_before_exec }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:179: mail_executable has been replaced by service { executable }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:184: mail_drop_priv_before_exec has been replaced by service { drop_priv_before_exec }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:185: mail_executable has been replaced by service { executable }
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:178: mail_drop_priv_before_exec has been replaced by service { drop_priv_before_exec }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:179: mail_executable has been replaced by service { executable }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:184: mail_drop_priv_before_exec has been replaced by service { drop_priv_before_exec }
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:185: mail_executable has been replaced by service { executable }
                                                           [  確定  ]

6).webmail登入時出現 ”登入失敗”  , pop3登入  出現重新打密碼
dovecot.log如下:

Jun 15 14:07:14 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Jun 15 14:07:14 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Jun 15 14:07:14 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
Jun 15 14:07:14 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so
Jun 15 14:07:14 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Jun 15 14:07:14 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Jun 15 14:07:14 auth: Debug: auth client connected (pid=2702)
Jun 15 14:07:16 auth: Debug: client in: AUTH    1       PLAIN   service=pop3    secured lip=10.xxx.xxx.xxx rip=203.xxx.xxx.xxx lport=110  rport=58138
Jun 15 14:07:16 auth: Debug: client out: CONT   1
Jun 15 14:07:16 auth: Debug: client in: CONT<hidden>
Jun 15 14:07:16 auth: Debug: ldap(test@aaaa.com,203.xxx.xxx.xxx): bind search: base=o=domains,dc=aaaa,dc=com filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=pop3secured)(|(mail=test@aaaa.com)(&(enabledService=shadowaddress)(shadowAddress=test@aaaa.com))))
Jun 15 14:07:17 auth: Debug: ldap(test@aaaa.com,203.xxx.xxx.xxx): result: mail(user)=test@aaaa.com
Jun 15 14:07:17 auth: Debug: client out: OK     1       user=test@aaaa.com
Jun 15 14:07:17 auth: Debug: master in: REQUEST 2422603777      2702    1       d6e4f9f7213e3e85d9421dd9bbd0b030
Jun 15 14:07:17 auth: Debug: ldap(test@aaaa.com,203.xxx.xxx.xxx): user search: base=o=domains,dc=aaaa,dc=com scope=subtree filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=pop3secured)(|(mail=test@aaaa.com)(&(enabledService=shadowaddress)(shadowAddress=test@aaaa.com)))) fields=mail,homeDirectory,mailQuota
Jun 15 14:07:17 auth: Debug: ldap(test@aaaa.com,203.xxx.xxx.xxx): result: mail(user)=test@aaaa.com homeDirectory(home)=/var/vmail/vmail1/aaaa.com/t/e/s/test-2012.06.11.00.19.18/ mailQuota(quota_rule=*:bytes=%$)=104857600000
Jun 15 14:07:17 auth: Debug: master out: USER   2422603777      test@aaaa.com       home=/var/vmail/vmail1/aaaa.com/t/e/s/test-2012.06.11.00.19.18/        quota_rule=*:bytes=104857600000 mail=maildir:~/Maildir/
Jun 15 14:07:17 pop3-login: Info: Login: user=<test@aaaa.com>, method=PLAIN, rip=203.xxx.xxx.xxx, lip=10.xxx.xxx.xxx, mpid=2705, TLS
Jun 15 14:07:18 pop3(test@aaaa.com): Error: net_connect_unix(/var/run/dovecot/pop3) failed: Connection refused
Jun 15 14:07:26 auth: Debug: auth client connected (pid=2711)
Jun 15 14:07:26 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured lip=127.0.0.1   rip=127.0.0.1   lport=143  rport=58195     resp=<hidden>
Jun 15 14:07:26 auth: Debug: ldap(zz@aaaa.com,127.0.0.1): bind search: base=o=domains,dc=aaaa,dc=com filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=zz@aaaa.com)(&(enabledService=shadowaddress)(shadowAddress=zz@aaaa.com))))
Jun 15 14:07:26 auth: Debug: ldap(zz@aaaa.com,127.0.0.1): result: mail(user)=zz@aaaa.com
Jun 15 14:07:26 auth: Debug: client out: OK     1       user=zz@aaaa.com
Jun 15 14:07:26 auth: Debug: master in: REQUEST 2516713473      2711    1       bcb3595ac816082e3edf2791e4b834d7
Jun 15 14:07:26 auth: Debug: ldap(zz@aaaa.com,127.0.0.1): user search: base=o=domains,dc=aaaa,dc=com scope=subtree filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|(mail=zz@aaaa.com)(&(enabledService=shadowaddress)(shadowAddress=zz@aaaa.com)))) fields=mail,homeDirectory,mailQuota
Jun 15 14:07:26 auth: Debug: ldap(zz@aaaa.com,127.0.0.1): result: mail(user)=zz@aaaa.com homeDirectory(home)=/var/vmail/vmail1/aaaa.com/z/z/z/zz-2012.06.11.01.49.51/ mailQuota(quota_rule=*:bytes=%$)=5242880000
Jun 15 14:07:26 auth: Debug: master out: USER   2516713473      zz@aaaa.com home=/var/vmail/vmail1/aaaa.com/z/z/z/zz-2012.06.11.01.49.51/  quota_rule=*:bytes=5242880000   mail=maildir:~/Maildir/
Jun 15 14:07:26 imap-login: Info: Login: user=<zz@aaaa.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2712, secured
Jun 15 14:07:27 imap(zz@aaaa.com): Error: net_connect_unix(/var/run/dovecot/imap) failed: Connection refused

回复: 使用者登錄時間紀錄

您的 Dovecot 是 2.x 的版本,但参考的文档是 for Dovecot-1.x 的,请另行参考 for Dovecot-2.x 的官方文档:
http://wiki2.dovecot.org/PostLoginScripting

主要是 Dovecot 的配置有所调整,所以你需要修改一下 dovecot.conf 里的内容。shell 脚本的部分应该不需要调整。

另外一种可能的记录 last login date 的方法是:通过 Fail2ban 的 log scanning 功能,扫描 /var/log/dovecot.log,将得到的时间和 IP 记录下来。但我没有实际实验过,理论上和技术上都是可行的。:)