On 12/3/15 2:49 PM, Timo Sirainen wrote:
There is no code that can be disabled on Dovecot side. I think you need to read how LOGIN-REFERRALs actually work.
This is an excerpt from the RFC:
A home server referral may be returned in response to an AUTHENTICATE or LOGIN command, or it may appear in the connection startup banner. If a server returns a home server referral in a tagged NO response, that server does not contain any mailboxes that are accessible to the user. If a server returns a home server referral in a tagged OK response, it indicates that the user's personal mailboxes are elsewhere, but the server contains public mailboxes which are readable by the user. After receiving a home server referral, the client can not make any assumptions as to whether this was a permanent or temporary move of the user. The client and the server exchange relevant messages. If dovecot cannot disable the relevant code then either dovecot does not implement the RFC or it does it so well that it cannot be disabled without rewriting dovecot's code. In either case, we want to disable LOGIN-REFERRAL, and have evidence that it has been disabled. Removing the keyword from the banner is not sufficient, and the documentation PasswordDatabase.ExtraFields.Host.txt is far from useful.