On 31. May 2020, at 15.47, Zdeněk Zámečník <diego@dixy.cz> wrote:
I run into troubles when trying to set up auth_policy_server in Dovecot 2.3.10.1. It works almost as expected but I cannot get client ID in this process.
By setting up "imap_id_log=*" I see in log that Dovecot gets details about mail client like name and version:
May 31 14:20:58 mail dovecot: imap(xxx@example.xxx)<24796><ft7ytfCmjdZWMSZQ>: ID sent: name=Thunderbird, version=68.8.1
But the auth_policy_server is getting all details except this ID, it's empty:
May 31 14:20:58 mail auth-policy[10357]: { May 31 14:20:58 mail auth-policy[10357]: device_id: '', May 31 14:20:58 mail auth-policy[10357]: login: 'xxx@example.xxx', May 31 14:20:58 mail auth-policy[10357]: protocol: 'imap', May 31 14:20:58 mail auth-policy[10357]: pwhash: '097a', May 31 14:20:58 mail auth-policy[10357]: remote: '1.2.3.4', May 31 14:20:58 mail auth-policy[10357]: tls: true May 31 14:20:58 mail auth-policy[10357]: }
However in some cases I see that client_id is passed to auth_policy_server:
May 31 14:27:41 mail auth-policy[10357]: { May 31 14:27:41 mail auth-policy[10357]: device_id: '"name" "Outlook-iOS-Android" "version" "2.0"', May 31 14:27:41 mail auth-policy[10357]: login: 'yyy@example.xxx', May 31 14:27:41 mail auth-policy[10357]: protocol: 'imap', May 31 14:27:41 mail auth-policy[10357]: pwhash: '0b63', May 31 14:27:41 mail auth-policy[10357]: remote: '3.4.5.6', May 31 14:27:41 mail auth-policy[10357]: tls: true May 31 14:27:41 mail auth-policy[10357]: }
This completely depends on the imap client. Some clients send IMAP ID pre-login and in that case it can be relayed to auth policy server. Some clients send IMAP ID post-login and then auth policy stuff is already completed without the information.
Sami