timo, here is an bizarre bug for you:

i had (foolishly, it turns out) configured dovecot-auth to do ldap authentication binding with a prefect userdb (configs at end of message). everything worked fine, although with huge numbers of pop logins per second we started to see some pileup in the pop3-login processes as they were all waiting for ldap responses on the single ldap connection. the auth caching was never getting hit (some interaction with the prefetch, i assume), but everything worked fine. or so i thought.

we had complaints from a user saying they would occasionally pop another user's mail. after much digging, it turned out that if two or more users: then one of the users would occasionally end up with the other users'

• were logged/logging in at the same time
• had the same password
• got "lucky"

homedir/maildir. it didn't happen often (maybe once every 500-1000 login attempts), but it did happen. (i ended up writing a script that would pound the pop3 server with logins and look for the wrong number of messages in the inbox. it was not easy to trigger).

i'd already realized that having the auth bind do a search and return that to prefetch was a bad idea (since it used a single ldap connection) and had already built a new config that used auth binding and userdb ldap - when we switched over to that config we were unable to replicate the problem again. so, it's not an issue for us right now. i've confirmed that the ldap server never returns the wrong homedir, so it must have been getting mixed up somehow in dovecot-auth.

but it did seem like something you might want to dig into a bit, as it might indicate that something could be amiss somewhere in the auth code. that the problem only occured when the users had the same password seemed truly bizarre.. sorry i can't provide more details, it was very difficult to reproduce (and i was reproducing in a production environment and couldn't turn debug up).

the auth section from the poorly behaving dovecot.conf: auth default { mechanisms = plain login passdb ldap { args = /opt/dovecot-1.0.3/etc/dovecot-ldap.conf } userdb prefetch { } user = mail }

the poorly behaving dovecot-ldap.conf: hosts = ldap ldap_version = 3 auth_bind = yes base = uid=%u,o=imap user_global_uid = 8 user_global_gid = 8 dn = uid=imap@dovecot,o=imap dnpass = ****** pass_filter = (&(proto=%s)(remoteip=%r)(localip=%l)(mech=%m)(pid=%p)) pass_attrs = home=userdb_home,quota=userdb_quota,nologin=nologin,reason=reason,user=user

note: the ldap server does some custom processing based on the filter - the filter was the easiest way to get them passed to it. (in case that looks a little wierd :)