Re: configuring SquirrelMail Dovecot and wforced to display end user IP; auth_policy_server_url

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 2019年04月01日 08:30, Robert Kudyba wrote:
>> squirrelmail-1.4.23-0.fc29.20180816.noarch, on Fedora 29.with dovecot-2.3.3-1.fc29.x86_64
>> 
>> I posted on the Dovecot mailing list, https://urldefense.proofpoint.com/v2/url?u=https-3A__dovecot.org_pipermail_dovecot_2019-2DMarch_115335.html&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Bv9dq-idzM46f6V7QOlrUYrahxWhTUpJl-j6iq-4Zi0&s=OzX1PznRcjkg17ckyO8YW0LrIrQ30cU2T_9Vz-7sYeA&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__dovecot.org_pipermail_dovecot_2019-2DMarch_115335.html&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Bv9dq-idzM46f6V7QOlrUYrahxWhTUpJl-j6iq-4Zi0&s=OzX1PznRcjkg17ckyO8YW0LrIrQ30cU2T_9Vz-7sYeA&e=>, and their admin suggested finding a setting in SquirrelMail.
>> 
>> I have wforce running correctly with Dovecot, see https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PowerDNS_weakforced&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Bv9dq-idzM46f6V7QOlrUYrahxWhTUpJl-j6iq-4Zi0&s=JHN4LqGbDbscmG8Wjxa-jc2ZZUXmfl-1NIWeCBNYfTQ&e=. However, the IP logged is always of the SquirrelMail server or localhost. Is there e plugin or setting that I can change to get weakforced to correctly show the end user IP?
> 
> Well, I've had code sitting around for a while that implements RFC2971
> (ID command), so I just committed it.  You can use it for this purpose
> by putting something like this into your config/config_local.php
> 
> $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');
> 
> If you don't care about Dovecot's response in SquirrelMail and want to
> save a few CPU cycles, add this too:
> 
> $do_not_parse_imap_id_command_response = TRUE;
> 
> The code will show up in our next daily snapshot for 1.4.23 or get a
> patch here:
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_squirrelmail_code_14813_&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Bv9dq-idzM46f6V7QOlrUYrahxWhTUpJl-j6iq-4Zi0&s=ETlU011LA1MyPDbshefZFbr0bKcA1NUSe4MdnxK0Btg&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__sourceforge.net_p_squirrelmail_code_14813_&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Bv9dq-idzM46f6V7QOlrUYrahxWhTUpJl-j6iq-4Zi0&s=ETlU011LA1MyPDbshefZFbr0bKcA1NUSe4MdnxK0Btg&e=>


Thanks Paul! I tried the new code. Squirrelamil is definitely slower with these options added. And still no source IP of end user but perhaps there logs may shed a light? Or what should  auth_policy_server_url be?

auth_policy_server_url = http://localhost:8084/
auth_policy_server_url = http://0.0.0.0:8084/
auth_policy_server_url = https://ourdomain.edu:8084/


Apr 08 10:05:04 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Making new connection 1 of 1 (0 connections exist, 0 pending)
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: (ex.te.rnal.ip:8084): Connecting
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: (ex.te.rnal.ip:8084): Waiting for connect (fd=20) to finish for max 0 msecs
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: HTTPS connection created (1 parallel connections exist)
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: (ex.te.rnal.ip:8084): Client connection failed (fd=20)
Apr 08 10:05:04 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Connection failed (1 connections exist, 0 pending)
Apr 08 10:05:04 auth: Debug: http-client: peer ex.te.rnal.ip:8084: Failed to make connection (1 connections exist, 0 pending)
Apr 08 10:05:04 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Failed to establish any connection within our peer pool: connect(ex.te.rnal.ip:8084) failed: Connection refused (1 connections exist, 0 pending)
Apr 08 10:05:04 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Failed to set up connection to ex.te.rnal.ip:8084 (SSL=our.squirrelmail.edu): connect(ex.te.rnal.ip:8084) failed: Connection refused (1 peers pending, 1 requests pending)
Apr 08 10:05:04 auth: Debug: http-client: peer ex.te.rnal.ip:8084 (shared): Peer reused
Apr 08 10:05:04 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Setting up connection to ex.te.rnal.ip:8084 (SSL=our.squirrelmail.edu) (1 requests pending)
Apr 08 10:05:04 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Started new connection to ex.te.rnal.ip:8084 (SSL=our.squirrelmail.edu)
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: Connection close
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: Connection disconnect
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: (ex.te.rnal.ip:8084): Disconnected: connect() failed: Connection refused (fd=20)
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: Detached peer
Apr 08 10:05:04 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [6]: Connection destroy
Apr 08 10:05:04 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0)
Apr 08 10:05:04 auth: Debug: http-client: peer ex.te.rnal.ip:8084 (shared): Starting backoff timer for 6400 msecs
Apr 08 10:05:05 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Timeout (now: 2019-04-08 10:05:05.524)
Apr 08 10:05:05 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Absolute timeout expired for request [Req8: POST https://our.squirrelmail.edu:8084/?command=allow] (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:05 auth: Debug: http-client[1]: request [Req8: POST https://our.squirrelmail.edu:8084/?command=allow]: Error: 9008 Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:05 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Dropping request [Req8: POST https://our.squirrelmail.edu:8084/?command=allow]
Apr 08 10:05:05 auth: Error: policy(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:05 auth: Debug: policy(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): Policy check action is continue
Apr 08 10:05:05 auth: Debug: policy(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): Policy request https://our.squirrelmail.edu:8084/?command=report
Apr 08 10:05:05 auth: Debug: policy(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): Policy server request JSON: {"device_id":"","login":"unclroot","protocol":"imap","pwhash":"68","remote":"127.0.0.1","success":true,"policy_reject":false,"tls":false}
Apr 08 10:05:05 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Set request timeout to 2019-04-08 10:05:07.524 (now: 2019-04-08 10:05:05.524)
Apr 08 10:05:05 auth: Debug: http-client: peer ex.te.rnal.ip:8084 (shared): Peer reused
Apr 08 10:05:05 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Setting up connection to ex.te.rnal.ip:8084 (SSL=our.squirrelmail.edu) (1 requests pending)
Apr 08 10:05:05 auth: Debug: http-client[1]: request [Req9: POST https://our.squirrelmail.edu:8084/?command=report]: Submitted (requests left=2)
Apr 08 10:05:05 auth: Debug: client passdb out: OK	1	user=unclroot	
Apr 08 10:05:05 auth: Debug: http-client[1]: request [Req8: POST https://our.squirrelmail.edu:8084/?command=allow]: Destroy (requests left=2)
Apr 08 10:05:05 auth: Debug: http-client[1]: request [Req8: POST https://our.squirrelmail.edu:8084/?command=allow]: Free (requests left=1)
Apr 08 10:05:05 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0)
Apr 08 10:05:05 auth: Debug: master in: REQUEST	4244766721	26041	1	e507a5089bb2db443c1ced790656ad44	session_pid=26113	request_auth_token
Apr 08 10:05:05 auth-worker(26000): Debug: passwd(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): lookup
Apr 08 10:05:05 auth: Debug: master userdb out: USER	4244766721	unclroot	system_groups_user=unclroot	uid=5842	gid=150	home=/u/dsm/unclroot	auth_token=102274c1f3f40d3527e2603688200cf0edbeea9f
Apr 08 10:05:05 imap-login: Info: Login: user=<unclroot>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=26113, secured, session=<xCiNUgWG8Ip/AAAB>
Apr 08 10:05:05 imap(unclroot)<26113><xCiNUgWG8Ip/AAAB>: Info: Logged out in=203 out=1777 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Apr 08 10:05:07 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Timeout (now: 2019-04-08 10:05:07.525)
Apr 08 10:05:07 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Absolute timeout expired for request [Req9: POST https://our.squirrelmail.edu:8084/?command=report] (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:07 auth: Debug: http-client[1]: request [Req9: POST https://our.squirrelmail.edu:8084/?command=report]: Error: 9008 Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:07 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Dropping request [Req9: POST https://our.squirrelmail.edu:8084/?command=report]
Apr 08 10:05:07 auth: Error: policy(unclroot,127.0.0.1,<xCiNUgWG8Ip/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops)
Apr 08 10:05:07 auth: Debug: http-client[1]: request [Req9: POST https://our.squirrelmail.edu:8084/?command=report]: Destroy (requests left=1)
Apr 08 10:05:07 auth: Debug: http-client[1]: request [Req9: POST https://our.squirrelmail.edu:8084/?command=report]: Free (requests left=0)


Apr 08 10:05:11 auth: Debug: http-client: peer ex.te.rnal.ip:8084 (shared): Backoff timer expired
Apr 08 10:05:11 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Making new connection 1 of 1 (0 connections exist, 0 pending)
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: (ex.te.rnal.ip:8084): Connecting
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: (ex.te.rnal.ip:8084): Waiting for connect (fd=19) to finish for max 0 msecs
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: HTTPS connection created (1 parallel connections exist)
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: (ex.te.rnal.ip:8084): Client connection failed (fd=19)
Apr 08 10:05:11 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Connection failed (1 connections exist, 0 pending)
Apr 08 10:05:11 auth: Debug: http-client: peer ex.te.rnal.ip:8084: Failed to make connection (1 connections exist, 0 pending)
Apr 08 10:05:11 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Failed to establish any connection within our peer pool: connect(ex.te.rnal.ip:8084) failed: Connection refused (1 connections exist, 0 pending)
Apr 08 10:05:11 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Failed to set up connection to ex.te.rnal.ip:8084 (SSL=our.squirrelmail.edu): connect(ex.te.rnal.ip:8084) failed: Connection refused (1 peers pending, 0 requests pending)
Apr 08 10:05:11 auth: Debug: http-client[1]: queue https://our.squirrelmail.edu:8084: Failed to set up any connection; failing all queued requests
Apr 08 10:05:11 auth: Debug: http-client[1]: peer ex.te.rnal.ip:8084: Unlinked queue https://our.squirrelmail.edu:8084 (0 queues linked)
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: Connection close
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: Connection disconnect
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: (ex.te.rnal.ip:8084): Disconnected: connect() failed: Connection refused (fd=19)
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: Detached peer
Apr 08 10:05:11 auth: Debug: http-client[1]: conn ex.te.rnal.ip:8084 [7]: Connection destroy


-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users




[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux