Hello,
I'm running dovecot 1.2.15 and I'm having a problem proxying a user to another host, when this user is logged in with a masteruser. I have two dovecot servers configured to serve half of the users locally and to proxy the other half to the other host. Proxying is done using the masteruser feature (username*proxy) and it works as expected as the following test shows:
# nc localhost 143
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Dovecot ready. 01 LOGIN ist90001 password_for_ist90001 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in ^C
And the corresponding log entry:
Jul 6 13:10:06 mail1 dovecot: imap-login: proxy(ist90001): started proxying to X.Y.Z.W:143/ist90001*proxy: user=<ist90001>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Jul 6 13:10:09 mail1 dovecot: imap-login: proxy(ist90001): disconnecting 127.0.0.1
The ist90001 is proxied to the other host as expected and as configured.
The problem occurs when I try to use another masteruser to log into the server:
# nc localhost 143
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Dovecot ready. 01 LOGIN ist90001*super password_for_super_masteruser 01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in ^C
But this time the user isn't proxied to the other host. Instead he is logged in this host:
Jul 6 13:11:14 mail1 dovecot: imap-login: Login: user=<ist90001>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Jul 6 13:11:16 mail1 dovecot: IMAP(ist90001): Connection closed bytes=0/292
Is this the intended behavior or a bug? I was expecting the user to be logged in with the password of the super masteruser, and then be proxied to the other host as it happens when the user is logged in with it's own password.
I can provide any configuration details if needed.
Best Regards Miguel Cabeça