[Dovecot] Improper use of IN-USE in case of a failed authentication
Rainer Weikusat
rweikusat at mssgmbh.com
Mon Mar 29 00:09:04 EEST 2010
RFC2449 defines the IN-USE extended POP3 response code as
8.1.2. The IN-USE response code
This occurs on an -ERR response to an AUTH, APOP, or PASS
command. It indicates the authentication was successful, but
the user's maildrop is currently in use (probably by another
POP3 client).
http://www.faqs.org/rfcs/rfc2449.html
In contrast to this, the POP3 login code in client_authenticate.c will
send IN-USE whenever authentication was not successful because of
some kind of internal failure[*].
[*] Noticed during experiments with a shell SQL database
driver which only ever returns errors as reaction to any
query.
I happen to know of at least one (partial) client implementation (I
happen to have written which is used by an iPhone application for POP3
user credential verification) which actually interprets IN-USE as
it is defined by the RFC.
More information about the dovecot
mailing list