why is dovecot "Allowing any password"

mj lists at merit.unu.edu
Thu Mar 22 10:55:07 EET 2018

On 03/22/2018 09:34 AM, Aki Tuomi wrote:
> I have no idea*WHY*  it is required by SOGo. It does not make sense.

Well, the thing is: SOGo has this ability to behave like a *real* 
exchange server, as if it's running on a windows server. And this 
enables Outlook to connect to it like it would to an exchange server. 
(so: not in imap mode, and not using regular username/password 

Normally, SOGo simply reuses the provided username/password to connect 
to the imap server, but in the above scenario, these are not available.

The same goes for a SAML2 authenticated SOGo webmail logon.

In these scenarios, SOGo uses the connection, to logon to 
imap. Since it does know the username.

I guess a better solution would be for SOGo to be able to do 
'transformations' to the username/password, to change the regular 
username/unknownpassword into username*master/masterpassword, and get 
rid of the passwordless listener.


But SOGo doesn't do that. (afaik)


More information about the dovecot mailing list