Hi,
In my journey to enable SAML auth for our webmail (sogo.nu) I have created a password-less dovecot imap listener on 127.0.0.1/32, so that once a user is SAML authenticated for the SOGo webmail, SOGo can connect to dovecot on 127.0.0.1:143 with something like "01 LOGIN username randompassword".
Watching this (tcpflow) as it happens,i can see the following auth attempt coming from sogo:
1 login "username" "eF7VVm1vmzAQ/iuI77wY8kJQEy1t2inSukpJVU37UhlzJN7AjmyzZPv1Owfgkdjfkgkfldlkfjg9jQNMvaNZMm7RvifC/Pc/ecfaFpkcdTrUEZLoW1K3Kh4+rn2C6ViCXVXMeCFqBjw+Ll9PZDHLh+TFsPu3ERmozttTGb2PO22627DV2pVl7g+8T7dPthydZQUIcLbahgYFsPoDQmHNsYzbbms7E9nz32B8kIEuY7oxFETi8bpE6U9MAZjiiLUiABzdB1rnUJ8zqSQX+fDBwSOH54T6I49GPiu2Q4+GxPLmps9Wk1qUrTWBtP3QIUN24pShfS0qOlWXsKaF5or7ZceId++yDLMvkCzDQhPyId85l1I1VBsYLf8URcUjPHUyerj8al0BtgPOOQ2pM1lBsuvjbp9jGbBE26KykyXjlWnbkFs5bpy11hRZwAVaBa8CcCzaih1kdp7sSdmmYG1C8U9mM/2lNoLbDaDYeK55ZALVcyPOJwefde1qwFjuYrIYWzkdpgp8QC9EYKDfdybD/eDC9JQAbX08tr0huSYBDOZv3+VUD6/evQJ4HtTRo2TtR9ZGqYQopSXvGjK0yXgETDiZnoAL0InHTAm+jTMkXwDBCFUZxVeY4s9VzhWL3CSgGGpkh8A6+N22I6mWc/hk8Au8xmLZaGGiiwL9YUx1e8LgZrCbrS21yksBvbgzDssWGUOQFLe04vooDwoscmtAwGpIBBEHYzlCdAcswsGsFcPjrKsddsIBs8uK6YDGrzuEWOdBAx8ZTgi7aCdsTW4cMtLQY7FBSGuioOTZYlcRQPzy16X5FuvOYxaSbgTsOK2daNwKNL8+z4edokyJkthqoMdaW05DzQvwcLtGJvvGzy+w+"
Note, the actual 'password' is even longer.
This connection attempt is causing dovecot to throw the following error:
Dec 02 22:34:33 imap-login: Info: Disconnected: Input buffer full (no auth attempts in 0 secs): user=<>, rip=x.y.z.32, lip=x.y.z.68, session=
and BYE Input buffer full, aborting
So this doesn't work. :-(
The question: is there a way to make this work? (make the input buffer larger, for example..?)
Or any other ideas to make this work?
Thanks in advance,
MJ