Hi,
although dovecot is great and almost exactly solving my problems and
fitting my requirements, there is an odd detail that causes me problems:
The %c variable. (See http://wiki2.dovecot.org/Variables )
I'm managing an IMAP server for an association, which is connected to an
LDAP server. Users can connect in three ways: IMAPS from the internet,
IMAP from local acccounts, and IMAP through a Web->IMAP interface, which
is protected through additional one-time-passwords.
The web gateway is intended to be used from untrusted computers as well,
so the IMAP password entered through the Web site must not be the same
as the password used on IMAPS.
I have solved this problem by using %s%c as part of the LDAP
user_filter. When people connect over IMAPS, this becomes imapsecured
(%s=imap, %c=secured), while an unencrypted connect becomes imap
(%s=imap, %c=)
Unfortunately, this works only, if the web interface and the IMAP server
are located on different (virtual) machines.
But if the web gateway and dovecot are no the /same/ machine, this does
not work anymore, since %c becomes "secured" on localhost, even if
unencrypted. It causes a lot of trouble and headache.
Please add a configuration variable to configure, whether %c should
become "secured" for unencrypted traffic on the loopback device
(localhost).
regards
Hadmut