auth_policy_server vs client_id and x-originating-ip

[Sami Ketola]

> On 31. May 2020, at 15.47, Zdeněk Zámečník <diego at dixy.cz> wrote:
> 
> I run into troubles when trying to set up auth_policy_server in Dovecot 2.3.10.1. It works almost as expected but I cannot get client ID in this process.
> 
> By setting up "imap_id_log=*" I see in log that Dovecot gets details about mail client like name and version:
> 
> May 31 14:20:58 mail dovecot: imap(xxx at example.xxx)<24796><ft7ytfCmjdZWMSZQ>: ID sent: name=Thunderbird, version=68.8.1
> 
> 
> But the auth_policy_server is getting all details except this ID, it's empty:
> 
> May 31 14:20:58 mail auth-policy[10357]: {
> May 31 14:20:58 mail auth-policy[10357]:   device_id: '',
> May 31 14:20:58 mail auth-policy[10357]:   login: 'xxx at example.xxx',
> May 31 14:20:58 mail auth-policy[10357]:   protocol: 'imap',
> May 31 14:20:58 mail auth-policy[10357]:   pwhash: '097a',
> May 31 14:20:58 mail auth-policy[10357]:   remote: '1.2.3.4',
> May 31 14:20:58 mail auth-policy[10357]:   tls: true
> May 31 14:20:58 mail auth-policy[10357]: }
> 
> 
> However in some cases I see that client_id is passed to auth_policy_server:
> 
> May 31 14:27:41 mail auth-policy[10357]: {
> May 31 14:27:41 mail auth-policy[10357]:   device_id: '"name" "Outlook-iOS-Android" "version" "2.0"',
> May 31 14:27:41 mail auth-policy[10357]:   login: 'yyy at example.xxx',
> May 31 14:27:41 mail auth-policy[10357]:   protocol: 'imap',
> May 31 14:27:41 mail auth-policy[10357]:   pwhash: '0b63',
> May 31 14:27:41 mail auth-policy[10357]:   remote: '3.4.5.6',
> May 31 14:27:41 mail auth-policy[10357]:   tls: true
> May 31 14:27:41 mail auth-policy[10357]: }
> 


This completely depends on the imap client. Some clients send IMAP ID pre-login and in that case it can be relayed to auth policy server.
Some clients send IMAP ID post-login and then auth policy stuff is already completed without the information.

Sami