vpopmail, open_smtp_relay and non-PLAIN auth mechs

Jim Jagielski jimjag at gmail.com
Fri Oct 31 10:04:43 UTC 2014

Agreed... Ideally, there would be some sort of post-auth-verified callback
that mechanisms could register; that would completely compartmentalize
these sorts of things.

Jim Jagielski

On Fri, Oct 31, 2014 at 2:33 AM, Timo Sirainen <tss at iki.fi> wrote:

> On 30 Oct 2014, at 05:50, Jim Jagielski <jimjag at gmail.com> wrote:
> > I've noticed that if using the vpopmail auth setup, that the roaming-user
> > functionality
> > provided via open_smtp_relay() is only done if the auth mechanism is
> > For
> > example, if the client authenticates via DIGEST-MD5, the open relay file
> is
> > not updated, as it should be.
> >
> > This is due to the call to open_smtp_relay only being done
> > via vpopmail_verify_plain().
> > Instead, imo, that call should be done in auth_request_success() in the
> > auth-request.c
> > file, so that it is done however the authentication is done, as long as
> it
> > is successful.
> >
> > Attached is a patch for 2.2.15. Let me know if attachments are not the
> > preferred method
> > and I'll cut/paste.
> Well, your method works, and I'm not sure if there's really any other way
> to do it currently.. But I really don't want any vpopmail code outside
> *db-vpopmail.c, so I think if people want to do this they'll need to patch.
> And why are people still using pop3/imap-before-smtp instead of SMTP auth
> that everything supports nowadays? (And in general nowadays I think
> vpopmail should have been an external plugin since the beginning, but too
> much trouble for everybody to change it now.)

More information about the dovecot mailing list