Skip to content

pop3 proxy: Sanitize input username/password#1559

Open
mbettini-ox wants to merge 1 commit into
dovecot:mainfrom
mbettini-ox:DOV-9033
Open

pop3 proxy: Sanitize input username/password#1559
mbettini-ox wants to merge 1 commit into
dovecot:mainfrom
mbettini-ox:DOV-9033

Conversation

@mbettini-ox

@mbettini-ox mbettini-ox commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

No description provided.

slusarz
slusarz requested changes Jun 23, 2026
View reviewed changes
Comment thread data/events.js Outdated
| \`connection_limit\` | Client reached [[setting,mail_max_userip_connections]] limit. |
| \`internal_failure\` | Internal failure. The error log has more details. |
| \`invalid_base64\` | Client sent invalid base64 in SASL response. |
| \`invalid_credentials\` | The credentials are not valid (as ill specified, not as not matching). |

@slusarz slusarz Jun 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is more succinct as "The credential syntax is not valid." That clearly describes this as a technical issue, not a user checking problem.

Comment thread data/events.js Outdated
| \`cleartext_auth_disabled\` | Cleartext authentication is not enabled, use TLS. |
| \`anonymous_auth_disabled\` | Anonymous authentication is not enabled. |
| \`auth_nologin_referral\` | Authentication returned auth referral to redirect the client to another server. This is normally configured to be sent only when the client is a Dovecot proxy, which handles the redirection. For example site1-proxy1 connects to site2-proxy2, and site2-proxy2 decides to ask site1-proxy1 to connect to site3 instead. See also \`proxy_dest_redirected\` code, which is used when the proxy itself does the redirection. |
| \`invalid_credentials\` | The credentials are not valid (as ill specified, not as not matching). This normally happens when credentials (user/pass) containing control codes need to be transferred unencoded through cleartext protocols. |

@slusarz slusarz Jun 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above: replace first sentence with "The credential syntax is not valid." The rest is fine.

@mbettini-ox mbettini-ox Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thing is, those credentials's syntax is not generally invalid, they happen to be invalid on the specific channel/protocol where they are attempted to be used. What do you think about ""The credentias are not usable "" ?

@slusarz slusarz Jun 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"not usable" doesn't give a clue as to what the problem is. Maybe: "The credentials are invalid due to formatting issues, not a mismatch." or "The credentials are invalid due to improper formatting."

@slusarz

slusarz commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Also, fix typo in commit message: "coden" -> "code"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slusarz slusarz slusarz requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbettini-ox @slusarz