> On 28/09/2020 23:46 Felipe Gasper <felipe at felipegasper.com> wrote:
>
>
> Hi all,
>
> We have Exim using Dovecot for authentication. Dovecot, in turn, consults
a custom internal server that answers Dovecot?s userdb queries.
>
> When IMAP connections arrive, for some users we want to forward those
connections--without authentication--to an external IMAP server. For these
users, we return ?proxy_maybe? and ?nopassword? in the authn response from our
userdb server. This tells Dovecot to proxy the connection to a new server
without trying to authenticate.
>
> Exim, though, doesn?t grok ?proxy_maybe?, so it just sees ?nopassword?. In
response, it just skips SMTP authentication entirely.
>
> We could address this if our custom service could know whether the authn
is for Exim or not. Exim does send a ?service=smtp? in its request to
/var/run/dovecot/auth-client, but thus far I don?t see that that?s being passed
on to the userdb server.
>
> Is there any way I can configure Dovecot so that our userdb server can
detect when it?s Exim doing the authentication? Alternatively we could just
authenticate on the proxy (i.e., stop sending ?nopassword?), but that will
entail a new requirements for passwords to be in sync; ideally we?d like to
avoid that.
>
> Any insight from this group would be much appreciated. Thank you!
>
> cheers,
> -Felipe Gasper
You can use %s to expand into protocol, which i think in this case would be
'smtp'. See
https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Aki