<HTML>
<HEAD>
<TITLE>Case sensitive nightmare</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana"><SPAN STYLE='font-size:12.0px'>It took me 4 days to figure this out and I sure hope someone can help me solve it.<BR>
<BR>
My Setup: Postfix + MySQL + dovecot<BR>
<BR>
dovecot.conf:<BR>
<BR>
default_mail_env = maildir:/var/spool/vmail/%d/%n/Maildir<BR>
password_query = SELECT password FROM mailbox WHERE username='%u'<BR>
user_query = SELECT maildir, 108 AS uid, 108 AS gid FROM mailbox WHERE username='%u'<BR>
<BR>
The virtual host schema is postfix.admin compatible but I’m not using it (phpMyAdmin is actually easier to use).<BR>
<BR>
When foo@domain.tld, abrand new account, logs in using an IMAP client (any client; squirrelmail, OE, tbird, Apple...) a maildir is created named ‘domain.tld/foo/Maildir’ and everything is good. Now I login as Foo@domain.tld and then as fOo@domain.tld and then as foO@domain.tld then so on for every case variation. Each of these accounts can login correctly, they are seen as being the same account by dovecot. On the other hand they are not seen as being the same mailbox! When I check my mail spool I see one maildir for every case variation (domain.tld/foo/Maildir, domain.tld/FOO/Maildir, etc.) <BR>
<BR>
It would seem to me that the queries above would fail for the different variations of the name but they don’t seem to. Is dovecot converting %u to lower case for the query on the virtual users table but then using it unconverted when looking up the Mairdir for the account? If the username column has the value ‘foo@domain.tld’ how does SELECT * FROM table WHERE username=’FOO@domain.tld’ match the row?<BR>
<BR>
Also puzzling is that I select a column named maildir which has the path to the mailbox in it (using the correct case). Even if SELECT ‘pigs fly’ AS when WHERE ‘FoO’=’foo’ the maildir path for the account is being returned which is ‘domain.tld/foo/Maildir’ so how does ‘domain.tld/FoO/Maildir’ get created?<BR>
<BR>
This is both a pain in the nuts support nightmare but also a security problem (albeit fairly limited). An account named “barneyrubble” could generate a significant number of maildir directories if you logged in with every variation thereof.<BR>
<BR>
Any assistance would be greatly appreciated.<BR>
Thanks</SPAN></FONT>
</BODY>
</HTML>