Software: Apache/2.2.22 (Debian). PHP/5.6.36 

uname -a: Linux h05.hvosting.ua 4.9.110-amd64 #3 SMP Sun Nov 4 16:27:09 UTC 2018 x86_64 

uid=1389(h33678) gid=1099(h33678) groups=1099(h33678),502(mgrsecure) 

Safe-mode: OFF (not secure)

/usr/share/doc/dovecot-core/wiki/   drwxr-xr-x
Free 1.48 GB of 7.22 GB (20.44%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     Debugging.Rawlog.txt (3.15 KB)      -rw-r--r--

Rawlog
======

Dovecot supports logging post-login IMAP/POP3 traffic (also TLS/SSL encrypted)
using 'rawlog' binary. It works by checking if 'dovecot.rawlog/' directory
exists in the logged in user's home directory, and writing the traffic to
'yyyymmdd-HHMMSS-pid.in' and '.out' files. Each connection gets their own
in/out files. Rawlog will simply skip users who don't have the
'dovecot.rawlog/' directory and the performance impact for those users is
minimal.

Home directory
--------------

Note that for rawlog to work, your <userdb> [UserDatabase.txt] must have
returned a home directory for the user. If you can't get rawlog to work, you
should verify that the home directory really is where you expected it to be by
setting 'mail_debug=yes' and checking the logs. You should see a line such as:

---%<-------------------------------------------------------------------------
Effective uid=1000, gid=1000, home=/home/user
---%<-------------------------------------------------------------------------

In above configuration rawlog would expect to find '/home/user/dovecot.rawlog/'
directory writable by uid 1000.

If your userdb doesn't have a home directory, with v2.1+ you can add:

---%<-------------------------------------------------------------------------
userdb {
  # ...
  default_fields = home=/home/%u
  # or temporarily even e.g. default_fields = home=/tmp/temp-home
}
---%<-------------------------------------------------------------------------

Configuration
-------------

To enable rawlog, you must use rawlog as a <post-login script>
[PostLoginScripting.txt]:

---%<-------------------------------------------------------------------------
service imap {
  executable = imap postlogin
}
service pop3 {
  executable = pop3 postlogin
}

service postlogin {
  executable = script-login -d rawlog
  unix_listener postlogin {
  }
}
---%<-------------------------------------------------------------------------

You can also give parameters to rawlog:

 * -b: Write IP packet boundaries (or whatever read() sees anyway) to the log
   files. The packet is written between<<< and >>>.
 * -t: Log a microsecond resolution timestamp at the beginning of each line.
 * v2.1 and newer:
    * -f in: Log only to *.in files
    * -f out: Log only to *.out files
 * v2.0 and older:
    * -i: Log only to *.in files
    * -o: Log only to *.out files

Pre-login rawlog (v2.1+)
------------------------

You can enable pre-login rawlog for all users by telling the login processes to
log to a rawlog directory, for example:

---%<-------------------------------------------------------------------------
service imap-login {
  executable = imap-login -R rawlogs
}
---%<-------------------------------------------------------------------------

This tries to write the rawlogs under $base_dir/rawlogs directory. You need to
create it first with enough write permissions, e.g.:

---%<-------------------------------------------------------------------------
mkdir /var/run/dovecot/login/rawlogs
chown dovenull /var/run/dovecot/login/rawlogs
chmod 0700 /var/run/dovecot/login/rawlogs
---%<-------------------------------------------------------------------------

(This file was created from the wiki on 2013-11-24 04:42)