> On 03 Dec 2015, at 17:20, sb <se...@runbox.com> wrote: > > On 12/3/15 2:49 PM, Timo Sirainen wrote: > >> There is no code that can be disabled on Dovecot side. >> I think you need to read how LOGIN-REFERRALs actually work. > > This is an excerpt from the RFC: > >> A home server referral may be returned in response to an AUTHENTICATE >> or LOGIN command, or it may appear in the connection startup banner. >> If a server returns a home server referral in a tagged NO response, >> that server does not contain any mailboxes that are accessible to the >> user. If a server returns a home server referral in a tagged OK >> response, it indicates that the user's personal mailboxes are >> elsewhere, but the server contains public mailboxes which are >> readable by the user. After receiving a home server referral, the >> client can not make any assumptions as to whether this was a >> permanent or temporary move of the user. > The client and the server exchange relevant messages.
Client doesn't send anything to Dovecot regarding the use of LOGIN-REFERRALS. It simply does a regular authentication and if Dovecot is configured to send a login-referral then Dovecot responds so to the LOGIN or AUTHENTICATE command. The client can't request a referral in any way. > If dovecot cannot disable > the relevant code then either dovecot does not implement the RFC or it does it > so well that it cannot be disabled without rewriting dovecot's code. In > either case, > we want to disable LOGIN-REFERRAL, and have evidence that it has been > disabled. > Removing the keyword from the banner is not sufficient, and the documentation > PasswordDatabase.ExtraFields.Host.txt is far from useful. Dovecot never sends a login referral unless you have explicitly configured passdb to send it. There are no commands, requests or anything related to LOGIN-REFERRALS that can be sent by IMAP client to Dovecot. If you haven't configured a passdb to return a host field, there is zero code that can ever be executed that is in any way related to LOGIN-REFERRALS.
