Stephan Bosch schreef:
Andrey Panin schreef:
On 085, 03 26, 2007 at 06:34:21PM +0200, Stephan Bosch wrote:
Hello dovecot users,
I don't see how anonymous logins are handled. You must handle anonymous logins according to managesieve draft (see below) or don't advertise ANONYMOUS SASL mechanism at all.
Implementations MAY advertise the ANONYMOUS SASL mechanism [SASL- ANON]. This indicates that the server supports ANONYMOUS sieve script syntax verification. Only the CAPABILITY, PUTSCRIPT and LOGOUT commands are available to the anonymous user. All other commands MUST give NO responses. Furthermore the PUTSCRIPT command SHOULD NOT store any data. In this mode a positive response to the PUTSCRIPT command indicates that the given script does not have any syntax errors.
The managesieve daemon extracts the available authentication mechanisms from the dovecot authentication implementation. It does not display the ANONYMOUS mechanism by default. So, obviously you must have configured ANONYMOUS somewhere. I haven't tested the daemon's behavior with ANONYMOUS thusfar.
This is what my server currently reports:
"IMPLEMENTATION" "dovecot" "SASL" "PLAIN" "SIEVE" "FILEINTO REJECT ENVELOPE VACATION IMAPFLAGS NOTIFY SUBADDRESS RELATIONAL COMPARATOR-I;ASCII-NUMERIC" "STARTTLS" OK "Dovecot ready." Ah ok, after reading the SASL-ANONYMOUS RFC and playing around with anonymous authentication, I understand what you mean (found a bug in authenticate as well: continued responses don't work anymore at the moment until next patch version).
I'm currently looking for a means to detect whether the current user is logged-in anonymously, to fully support the draft spec.
Note: like the current IMAP implementation, the managesieve anonymous login gives full access to the anonymous client within the privileges of the user specified in the config file with 'auth_anonymous_username'. Given the draft spec and common sense this is NOT WHAT YOU WANT! Thanks Andrey for pointing this out.
Regards,
Stephan.