> On 03 Dec 2015, at 17:20, sb <serbr at runbox.com> wrote:
>
> On 12/3/15 2:49 PM, Timo Sirainen wrote:
>
>> There is no code that can be disabled on Dovecot side.
>> I think you need to read how LOGIN-REFERRALs actually work.
>
> This is an excerpt from the RFC:
>
>> A home server referral may be returned in response to an AUTHENTICATE
>> or LOGIN command, or it may appear in the connection startup banner.
>> If a server returns a home server referral in a tagged NO response,
>> that server does not contain any mailboxes that are accessible to the
>> user. If a server returns a home server referral in a tagged OK
>> response, it indicates that the user's personal mailboxes are
>> elsewhere, but the server contains public mailboxes which are
>> readable by the user. After receiving a home server referral, the
>> client can not make any assumptions as to whether this was a
>> permanent or temporary move of the user.
> The client and the server exchange relevant messages.
Client doesn't send anything to Dovecot regarding the use of
LOGIN-REFERRALS. It simply does a regular authentication and if Dovecot is
configured to send a login-referral then Dovecot responds so to the LOGIN or
AUTHENTICATE command. The client can't request a referral in any way.
> If dovecot cannot disable
> the relevant code then either dovecot does not implement the RFC or it does
it
> so well that it cannot be disabled without rewriting dovecot's code. In
either case,
> we want to disable LOGIN-REFERRAL, and have evidence that it has been
disabled.
> Removing the keyword from the banner is not sufficient, and the
documentation
> PasswordDatabase.ExtraFields.Host.txt is far from useful.
Dovecot never sends a login referral unless you have explicitly configured
passdb to send it. There are no commands, requests or anything related to
LOGIN-REFERRALS that can be sent by IMAP client to Dovecot. If you haven't
configured a passdb to return a host field, there is zero code that can ever be
executed that is in any way related to LOGIN-REFERRALS.