Login process proxying¶
Proxying using login processes is done for IMAP, POP3, Submission and ManageSieve protocols. LMTP and doveadm protocols implement their own proxying, but they try to be mostly compatible.
Proxying states¶
If login fails, the error message shows the connection state when the
disconnection or timeout happened. For example timed out in
state=login/banner
with IMAP means that connection timed out while waiting
for LOGIN command reply.
IMAP states¶
IMAP states are a bit more complicated. They describe both what commands
the proxy has sent towards the backend and also what was the last received
reply from the backend. The proxy can also send multiple commands pipelined,
which are listed in the state. For example the state could be
capability+login/banner
to mean that CAPABILITY and LOGIN commands have been
sent, but only the IMAP banner reply has been received so far.
The list of sending states (left side of /
):
id: ID command used to send session ID and original IMAP client IP/port
starttls: STARTTLS command
capability: CAPABILITY command. Only used if backend doesn’t send it automatically
login: LOGIN command.
authenticate: AUTHENTICATE command. Sent if LOGIN command couldn’t be used, e.g. because using master user login or non-plaintext authentication.
auth-continue: SASL continuation sent for AUTHENTICATE command
The list of received states (right side of /
):
none: Nothing has been received so far
banner: IMAP banner received (
* OK Dovecot ready
)id: ID command reply received
starttls: STARTTLS command reply received
capability: CAPABILITY command reply received
auth-continue: AUTHENTICATE command asked for continuation (
+
reply)login: LOGIN or AUTHENTICATE command reply received
Changed in version v2.3.8: Earlier versions had a bug and could have added
multiple +
characters to the state, for example
authenticate++/capability
. The extra +
characters
should be just ignored.
POP3 states¶
POP3 states work a bit differently than IMAP states:
banner: Nothing has been received so far (banner has NOT been received)
starttls: STLS command has been sent.
xclient: XCLIENT command has been sent.
login1: USER command has been sent.
login2: PASS or AUTH command has been sent.
Submission states¶
Submission states are similar to POP3:
banner: Nothing has been received so far (banner has NOT been received)
ehlo: EHLO command has been sent.
starttls: STLS command has been sent.
tls-ehlo: EHLO command after STLS has been sent.
xclient: XCLIENT command has been sent.
authenticate: AUTH command has been sent.
ManageSieve states¶
none: Nothing has been received so far
tls-start: STARTTLS command has been sent.
tls-ready: STARTTLS command was accepted. TLS handshake was started.
xclient: XCLIENT command has been sent.
auth: AUTHENTICATE command has been sent.