Re: [Dovecot] [ #14832]: Capital letters in POP3 logins
I just tested and IMAP doesn't ignore case either.
Remove the UPPER CASE maildir created by your POP3 login then do the same thing with an IMAP client. Set up the IMAP client to use an UPPER CASE username and when you log-in/refresh folders it creates the new UPPERCASE empty Maildir all over again.
Crap, between this and the missing QUOTA feature I guess I'm gonna have to rip out Dovecot and use Courier. I really wanted to use Dovecot for it's speed with the indexing.
What I don't understand is -- all usernames in my test database are stored in lower case -- shouldn't it simply fail to match and cause the login to fail? Can anyone point out how to force the match to be case sensitive? I'll investigate and get back to the list. It would be "nicer" though if Dovecot converted all username input to lower case before authenticating to maintain uniqueness of email addresses.
Gerald
On Wed, 30 Mar 2005 21:16:12 +0400 "support@majordomo.ru" <support@majordomo.ru> wrote:
Using dovecot (version 1.0-test59, with mysql-auth) I saw strange problem: after authentication by POP3 in case that username given has capital letters, for example SupportTeam@majordomo.ru, dovecot creates new maildir 'SupportTeam' for this username instead reading mails from existing maildir 'supportteam'. Then dovecot scans created maildir 'SupportTeam' and returns 0 messages (sure:). IMAP4 works fine in the same time.
Can I solve this problem or it is virtually "bug" of dovecot?
On Wed, 30 Mar 2005 12:38:12 -0600 (Central Standard Time) "Gerald V. Livingston II" <gerald.dovecot@sysmatrix.net> wrote:
: It would be "nicer" though if : Dovecot converted all username input to lower case before authenticating to : maintain uniqueness of email addresses.
The RFCs state that the username portion must be case sensitive, however I would like a flag so I can toggle your sugguestion.
Peter Hessler wrote:
The RFCs state that the username portion must be case sensitive, however I would like a flag so I can toggle your sugguestion.
Well, no, not exactly. The RFC's state that the user portion must be maintained as is by all intervening MTA (by quoting rules if required). It also states that the destination server is free to define its own rules for maintaining or ignoring capitalization for delivery purposes.
It would be best if Dovecot could be configured to match the local server rules.
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748
Gerald V. Livingston II wrote:
What I don't understand is -- all usernames in my test database are stored in lower case -- shouldn't it simply fail to match and cause the login to fail? Can anyone point out how to force the match to be case sensitive?
If you are using MySQL, all string comparisons are case insensitive by default.
It would be "nicer" though if Dovecot converted all username input to lower case before authenticating to maintain uniqueness of email addresses.
No, it should be a configurable option, since some sites would want that and others wouldn't...
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748
On Wed, 30 Mar 2005 14:03:49 -0500 John Peacock <jpeacock@rowman.com> wrote:
Gerald V. Livingston II wrote:
What I don't understand is -- all usernames in my test database are stored in lower case -- shouldn't it simply fail to match and cause the login to fail? Can anyone point out how to force the match to be case sensitive?
If you are using MySQL, all string comparisons are case insensitive by default.
To make username case sensitive at login so it fails if it doesn't match what's in your database change this in your dovecot-mysql.conf:
password_query = SELECT password FROM mailbox WHERE username = BINARY '%u'
NOTE: this means that you have to make sure ALL database entries are in the case you want used. This just makes login FAIL if the username does not match EXACTLY what is stored in the database.
Now, it would be nice to be able to CONVERT username case to lower-case before checking against the database and remove the exact match criteria. this would avoid my having to explain to customers that they have to log in using all lower case but can, in fact, put mixed case in the "email address" and "reply to" field of their email clients. It would also avoid the occasional problem I know I'll have with techs entering new customer email addresses exactly as they request them, case and all. PostFix uses lower case on delivery (or else it delivers to the "closest match" -- haven't done full testing yet -- my install of postfix.admin seems to convert to lower before writing new info to the database so I'll have to create an uppercase user by hand).
It would be "nicer" though if Dovecot converted all username input to lower case before authenticating to maintain uniqueness of email addresses.
No, it should be a configurable option, since some sites would want that and others wouldn't...
You are correct of course. It's just that with the introduction of M$ clients to the internet case sensitive "usernames" got FUBARd many years ago. My first linux machines had several logins that I used for different purposes. Gerald, geralD, GERALD, etc. They each had different 'sudo' rights for certain system maintenance rights. When I got "net-connected" with Liux I got out of that habit.
Gerald
I wrote this patch a while ago when I ran into this problem trying to authenticate off of MS SFU. It works for 0.99.10.4 - not sure about any other version.
Jeff Graves, MCSA Customer Support Engineer Image Source, Inc. 10 Mill Street Bellingham, MA 02019
508.966.5200 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Gerald V. Livingston II Sent: Wednesday, March 30, 2005 1:38 PM To: dovecot@dovecot.org Subject: Re: [Dovecot] [ #14832]: Capital letters in POP3 logins
I just tested and IMAP doesn't ignore case either.
Remove the UPPER CASE maildir created by your POP3 login then do the same thing with an IMAP client. Set up the IMAP client to use an UPPER CASE username and when you log-in/refresh folders it creates the new UPPERCASE empty Maildir all over again.
Crap, between this and the missing QUOTA feature I guess I'm gonna have to rip out Dovecot and use Courier. I really wanted to use Dovecot for it's speed with the indexing.
What I don't understand is -- all usernames in my test database are stored in lower case -- shouldn't it simply fail to match and cause the login to fail? Can anyone point out how to force the match to be case sensitive? I'll investigate and get back to the list. It would be "nicer" though if Dovecot converted all username input to lower case before authenticating to maintain uniqueness of email addresses.
Gerald
On Wed, 30 Mar 2005 21:16:12 +0400 "support@majordomo.ru" <support@majordomo.ru> wrote:
Using dovecot (version 1.0-test59, with mysql-auth) I saw strange problem: after authentication by POP3 in case that username given has capital letters, for example SupportTeam@majordomo.ru, dovecot creates new maildir 'SupportTeam' for this username instead reading mails from existing maildir 'supportteam'. Then dovecot scans created maildir 'SupportTeam' and returns 0 messages (sure:). IMAP4 works fine in the same time.
Can I solve this problem or it is virtually "bug" of dovecot?
participants (4)
-
Gerald V. Livingston II
-
Jeff Graves
-
John Peacock
-
Peter Hessler