auth_policy_server vs client_id and x-originating-ip
Sami Ketola
sami.ketola at dovecot.fi
Mon Jun 1 10:41:41 EEST 2020
> On 31. May 2020, at 15.47, Zdeněk Zámečník <diego at dixy.cz> wrote:
>
> I run into troubles when trying to set up auth_policy_server in Dovecot 2.3.10.1. It works almost as expected but I cannot get client ID in this process.
>
> By setting up "imap_id_log=*" I see in log that Dovecot gets details about mail client like name and version:
>
> May 31 14:20:58 mail dovecot: imap(xxx at example.xxx)<24796><ft7ytfCmjdZWMSZQ>: ID sent: name=Thunderbird, version=68.8.1
>
>
> But the auth_policy_server is getting all details except this ID, it's empty:
>
> May 31 14:20:58 mail auth-policy[10357]: {
> May 31 14:20:58 mail auth-policy[10357]: device_id: '',
> May 31 14:20:58 mail auth-policy[10357]: login: 'xxx at example.xxx',
> May 31 14:20:58 mail auth-policy[10357]: protocol: 'imap',
> May 31 14:20:58 mail auth-policy[10357]: pwhash: '097a',
> May 31 14:20:58 mail auth-policy[10357]: remote: '1.2.3.4',
> May 31 14:20:58 mail auth-policy[10357]: tls: true
> May 31 14:20:58 mail auth-policy[10357]: }
>
>
> However in some cases I see that client_id is passed to auth_policy_server:
>
> May 31 14:27:41 mail auth-policy[10357]: {
> May 31 14:27:41 mail auth-policy[10357]: device_id: '"name" "Outlook-iOS-Android" "version" "2.0"',
> May 31 14:27:41 mail auth-policy[10357]: login: 'yyy at example.xxx',
> May 31 14:27:41 mail auth-policy[10357]: protocol: 'imap',
> May 31 14:27:41 mail auth-policy[10357]: pwhash: '0b63',
> May 31 14:27:41 mail auth-policy[10357]: remote: '3.4.5.6',
> May 31 14:27:41 mail auth-policy[10357]: tls: true
> May 31 14:27:41 mail auth-policy[10357]: }
>
This completely depends on the imap client. Some clients send IMAP ID pre-login and in that case it can be relayed to auth policy server.
Some clients send IMAP ID post-login and then auth policy stuff is already completed without the information.
Sami
More information about the dovecot
mailing list