Also it is possible, that a similar problem exists with other variables TCP UCSPI protocol (http://cr.yp.to/proto/ucspi-tcp.txt).
Hmm. I hadn't heard of UCSPI before.
Oh well, I guess I'll have to change this. The LOCAL_IP and REMOTE_IP will stay for backwards compatibility, maybe I'll remove them in Dovecot v2.0.
Thanks for answer :) There are still some problems with the use of the checkpassword-interface with vpopmail. Besides standard exit codes of checkpassword: 1 unacceptable 2 misused 111 temporary problem vchkpw (the checkpassword analogue in vpopmail) uses two additional groups of exit codes: a) When user gives wrong username/password (procedure checkpassword_request_half_finish() should call checkpassword_request_finish() with parameter PASSDB_RESULT_PASSWORD_MISMATCH): 1 pop/smtp/webmal/imap/ access denied (match with a code of classic checkpassword) 3 password fail / vpopmail user not found 12 null user name given 13 null password given 15 user has no password 20 invalid user/domain characters 21 system user not found 22 system user shadow entry not found 23 system password fail b) vpopmail's internal errors: (checkpassword_request_half_finish() call checkpassword_request_finish() with parameter PASSDB_RESULT_INTERNAL_FAILURE): 4 setgid failed 5 setuid failed 6 autocreate dir error / chdir failed 7 putenv(USER) failed 8 putenv(HOME) failed 9 putenv(SHELL) failed 10 putenv(VPOPUSER) failed 11 vchkpw is only for talking with qmail-popup and qmail-pop3d. It is not for runnning on the command line 14 dir auto create failed / failed to vauth_getpw() after dir auto create Now all these codes are processed in checkpassword_request_half_finish() by "default" section. It will be wrong for the first group of codes to return the user "-ERR Temporary authentication failure. ", because it is not an internal problem, it's a login failure (user problem). I have made some changes in passdb-checkpassword.c to separate internal vpopmail mistakes from user's mistakes (a patch is in attachment). As the exit code "1" in vchkpw corresponds to an interdiction of access to service (smtp/pop3/imap/webmail) I have changed a line for logging in "case 1 " from "Password not accepted" to "Login failed". This line (imho) acceptables both for classical checkpassword and for vchkpw. Now all user's mistakes will be processed as well as a mistake of the password in checkpassword (exit code 1), and internal mistakes will be logged by "default" section. If you do not like an idea of changing a code specially for vpopmail it will be possible to make some parameter in "passdb checkpassword {}" section in the config file, pointing at work specially with vpopmail. Depending on its presence "case" will work otherwise (my knowledge of C is insufficiently for this purpose). Also, if it is not too hard for you, can you add variable TCPLOCALPORT (described in http://cr.yp.to/proto/ucspi-tcp.txt) to environment variables for checkpassword, because vchkpw uses it for an interdiction of access to various services (SMTP/POP3/IMAP/Webmal)? diff -r -U 10 dovecot-1.0.rc12.orig/src/auth/passdb-checkpassword.c dovecot-1.0.rc12/src/auth/passdb-checkpassword.c --- dovecot-1.0.rc12.orig/src/auth/passdb-checkpassword.c 2006-11-06 15:12:23.000000000 +0300 +++ dovecot-1.0.rc12/src/auth/passdb-checkpassword.c 2006-11-09 15:41:40.000000000 +0300 @@ -94,23 +94,33 @@ i_free(request); } static void checkpassword_request_half_finish(struct chkpw_auth_request *request) { if (!request->exited || request->fd_in != -1) return; switch (request->exit_status) { - case 1: +/*vpopmail's exit codes for bad user/password */ + case 3: /*password fail / vpopmail user not found*/ + case 12: /*null user name given*/ + case 13: /*null password given*/ + case 15: /*user has no password*/ + case 20: /*invalid user/domain characters*/ + case 21: /*system user not found*/ + case 22: /*system user shadow entry not found*/ + case 23: /*system password fail*/ +/*classic checkpassword exit codes*/ + case 1: /*additionally defined in vpopmail for "pop/smtp/webmal/imap/ access denied"*/ auth_request_log_info(request->request, "checkpassword", - "Password not accepted"); + "Login failed"); checkpassword_request_finish(request, PASSDB_RESULT_PASSWORD_MISMATCH); break; case 0: if (request->input_buf != NULL) { checkpassword_request_finish(request, PASSDB_RESULT_OK); break; } /* missing input - fall through */ case 2: