[Dovecot] Improper use of IN-USE in case of a failed authentication

Rainer Weikusat rweikusat at mssgmbh.com
Mon Mar 29 00:09:04 EEST 2010

RFC2449 defines the IN-USE extended POP3 response code as

	8.1.2.  The IN-USE response code

	This occurs on an -ERR response to an AUTH, APOP, or PASS
	command.  It indicates the authentication was successful, but
	the user's maildrop is currently in use (probably by another
	POP3 client).

In contrast to this, the POP3 login code in client_authenticate.c will
send IN-USE whenever authentication was not successful because of
some kind of internal failure[*].

	[*] Noticed during experiments with a shell SQL database
	driver which only ever returns errors as reaction to any

I happen to know of at least one (partial) client implementation (I
happen to have written which is used by an iPhone application for POP3
user credential verification) which actually interprets IN-USE as
it is defined by the RFC.

More information about the dovecot mailing list