[Dovecot] Trouble with proxy_maybe and auth_default_realm

Gedalya gedalya at gedalya.net
Thu Dec 29 19:23:27 EET 2011 

Hello,

I'm using proxy_maybe and auth_default_realm. It seems that when a user 
logs in without the domain name, relying on auth_default_realm, and the 
"host" field points to the local server, I get the Proxying loops to 
itself error. It does work as expected - log on to the local server 
without proxying, if the user does include the domain name in the login.

(IP's and domain name masked below)

No domain:

Dec 29 11:49:07 imap01 dovecot: pop3-login: Error: Proxying loops to 
itself: user=<jedi at ----.com>, method=PLAIN, rip=00.00.52.18, 
lip=00.00.241.140
Dec 29 11:49:27 imap01 dovecot: pop3-login: Disconnected (auth failed, 1 
attempts): user=<jedi at ----.com>, method=PLAIN, rip=00.00.52.18, 
lip=00.00.241.140

With domain:

Dec 29 11:52:13 imap01 dovecot: pop3-login: Login: user=<jedi at ---.com>, 
method=PLAIN, rip=00.00.52.18, lip=00.00.241.140, mpid=19969
Dec 29 11:52:18 imap01 dovecot: pop3(jedi at ---.com): Disconnected: Logged 
out top=0/0, retr=0/0, del=0/1, size=731

Otherwise, e.g. when the proxy host is indeed another host, 
auth_default_domain works fine, including or not including the domain 
seems to make no difference, and everything works.

I'm using mysql, and I'm able to get around this problem including the 
following in the password query:
IF(host='' or host='00.00.241.140', NULL, 'Y') as proxy_maybe

# dovecot --version
2.0.15

# dovecot -n
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.3
auth_default_realm = ----.com
auth_mechanisms = plain login cram-md5 ntlm
auth_username_format = %Lu
auth_verbose = yes
auth_verbose_passwords = plain
dict {
   quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
login_greeting = How can I help you?
mail_gid = vmail
mail_uid = vmail
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
protocols = imap pop3 lmtp
service lmtp {
   inet_listener lmtp {
     address = 0.0.0.0
     port = 7025
   }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
verbose_proctitle = yes

----- dovecot-sql.conf.ext ----
driver = mysql
connect = host=localhost dbname=email user=email
default_pass_scheme = PLAIN
password_query = SELECT password, \
   IF('%s' = 'pop3', host_pop3, host) as host, \
   IF(host='' or host='00.00.241.140', NULL, 'Y') as proxy_maybe, \
   concat(userid, '@', domain) as destuser, \
   password as pass, \
   '/stor/mail/domains/%d/%n' AS userdb_home, \
   'maildir:/stor/mail/domains/%d/%n/Maildir' as userdb_mail, \
   concat('*:storage=', quota_mb, 'M') as userdb_quota_rule, \
   'vmail' AS userdb_uid, 'vmail' AS userdb_gid \
   FROM email WHERE userid = '%n' AND domain = '%d'
user_query = SELECT '/stor/mail/domains/%d/%n' AS home, \
   'maildir:/stor/mail/domains/%d/%n/Maildir' as mail, \
   concat('*:storage=', quota_mb, 'M') as quota_rule, \
   'vmail' AS uid, 'vmail' AS gid \
   FROM email WHERE userid = '%n' AND domain = '%d'

More information about the dovecot mailing list