Hi Michael, My question is, how to know the exact CAPABILITY after a user logged in, he'd have been able to know the CAPABILITY he really has. Simply, what should be followed as the CAPABILITY after a user logged in?

-----Original Message----- From: dovecot-bounces+tao.6.yang=nokia.com@dovecot.org [mailto:dovecot-bounces+tao.6.yang=nokia.com@dovecot.org] On Behalf Of ext Michael M. Slusarz Sent: 28 March 2009 01:46 To: dovecot@dovecot.org Subject: Re: [Dovecot] [Help] How get the complete CAPABILITY list?

Quoting tao.6.yang@nokia.com:

A Login user1 A CAPABILITY

I expect to get the list that contains the following - AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5

But actually I did not get the above content, I only get a short list as below,

CAPABILITY IMAP4rev1 SASL -IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS A OK Capability completed

Why did I miss the AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5??

Once you login, the list of available authentication methods is
irrelevant. The RFC allows the CAPABILITY string to be different in
unauthenticated vs. authenticated state.

michael

Michael, I think you are referring to the list returned by CAPABILITY command to be seen as the list of CAPABILITIES AFTER usr1 login. To my surprise, the PLAIN are supported for a email user account even if it is not listed, but PLAIN is natually supported if you don't specify "use secure authentication" at your email client.

However, there can be the following error for specific user created, like this when doing the connection from email client to Dovecot Email server It's like the following in the log of Email server log,

imap(user1): stat(/home/user1/Maildir/cur) failed: Permission denied

However, when creating user1 and related Maildir, it is given 766 access right already like the following, sudo cp -r /etc/skel/Maildir /home/myuser/ sudo chown -R myuser:usergroup /home/myuser/Maildir sudo chmod -R 700 /home/myuser/Maildir

so what's the problem? Why do I still get a Permission denied?

-----Original Message----- From: ext Michael M. Slusarz [mailto:slusarz@curecanti.org] Sent: 30 March 2009 13:39 To: Yang Tao.6 (Nokia-D/Beijing); dovecot@dovecot.org Subject: Re: [Dovecot] [Help] How get the complete CAPABILITY list?

Whatever is returned by the CAPABILITY command. I guess I am not
understanding your question.

When in an unauthenticated state, the server doesn't need to broadcast
the capabilities of commands/features that the client *can't* use yet.
i.e. knowing the server supports UIDPLUS at the authentication stage
is pointless. Same thing after authenticating - the client could care
less what authentication options are available after logged in.

RFC 3501 states that the list of capabilities can change after the
STARTTLS or AUTHENTICATE/LOGIN commands are successful. Thus, the
only way to ensure that you have the correct list of capabilities is
to re-issue the command after each of these events, although recent
IMAP servers (i.e. Dovecot 1.2) will automatically list capabilities
in the response codes after these events so that the client doesn't
need to send an explicit CAPABILITY command. I believe this behavior
is suggested in the Lemonade profile.

michael

Sorry, that was a very stupid question. Fixed the chown and chmod, and it passed the connection for user1. Thanks guys.

-----Original Message----- From: dovecot-bounces+tao.6.yang=nokia.com@dovecot.org [mailto:dovecot-bounces+tao.6.yang=nokia.com@dovecot.org] On Behalf Of Yang Tao.6 (Nokia-D/Beijing) Sent: 30 March 2009 16:38 To: slusarz@curecanti.org; dovecot@dovecot.org Subject: Re: [Dovecot] [Help] How get the complete CAPABILITY list? Importance: High

Michael, I think you are referring to the list returned by CAPABILITY command to be seen as the list of CAPABILITIES AFTER usr1 login. To my surprise, the PLAIN are supported for a email user account even if it is not listed, but PLAIN is natually supported if you don't specify "use secure authentication" at your email client.

However, there can be the following error for specific user created, like this when doing the connection from email client to Dovecot Email server It's like the following in the log of Email server log,

imap(user1): stat(/home/user1/Maildir/cur) failed: Permission denied

However, when creating user1 and related Maildir, it is given 766 access right already like the following, sudo cp -r /etc/skel/Maildir /home/myuser/ sudo chown -R myuser:usergroup /home/myuser/Maildir sudo chmod -R 700 /home/myuser/Maildir

so what's the problem? Why do I still get a Permission denied?

-----Original Message----- From: ext Michael M. Slusarz [mailto:slusarz@curecanti.org] Sent: 30 March 2009 13:39 To: Yang Tao.6 (Nokia-D/Beijing); dovecot@dovecot.org Subject: Re: [Dovecot] [Help] How get the complete CAPABILITY list?

Whatever is returned by the CAPABILITY command. I guess I am not
understanding your question.

When in an unauthenticated state, the server doesn't need to broadcast
the capabilities of commands/features that the client *can't* use yet.
i.e. knowing the server supports UIDPLUS at the authentication stage
is pointless. Same thing after authenticating - the client could care
less what authentication options are available after logged in.

RFC 3501 states that the list of capabilities can change after the
STARTTLS or AUTHENTICATE/LOGIN commands are successful. Thus, the
only way to ensure that you have the correct list of capabilities is
to re-issue the command after each of these events, although recent
IMAP servers (i.e. Dovecot 1.2) will automatically list capabilities
in the response codes after these events so that the client doesn't
need to send an explicit CAPABILITY command. I believe this behavior
is suggested in the Lemonade profile.

michael