From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 2 Feb 2026 09:51:03 +0000 (+0200)
Subject: imap-login: Add internal, external and trusted fields to imap_id_received event
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbe233b137f07ccc65ddc52d482f7c4304d92092;p=thirdparty%2Fdovecot%2Fcore.git

imap-login: Add internal, external and trusted fields to imap_id_received event
---

diff --git a/src/imap-login/imap-login-client.h b/src/imap-login/imap-login-client.h
index a62d30445a..cf7fb2be50 100644
--- a/src/imap-login/imap-login-client.h
+++ b/src/imap-login/imap-login-client.h
@@ -49,6 +49,12 @@ struct imap_client_cmd_id {
 	struct event *params_event;
 	struct imap_id_params *params;
 	string_t *log_reply;
+	/* ID contained internal x-* keys containing IPs/session/etc */
+	bool seen_internal_keys;
+	/* ID contained non-internal keys, i.e. the end user client had sent
+	   an ID command with some parameters. Note that Dovecot proxy can
+	   send an ID command with both internal and external keys. */
+	bool seen_external_keys;
 };
 
 struct imap_client {
diff --git a/src/imap-login/imap-login-cmd-id.c b/src/imap-login/imap-login-cmd-id.c
index 645f7c1aa9..5c97b84f59 100644
--- a/src/imap-login/imap-login-cmd-id.c
+++ b/src/imap-login/imap-login-cmd-id.c
@@ -183,6 +183,11 @@ static bool cmd_id_handle_keyvalue(struct imap_client *client,
 		imap_id_param_handler_find(key);
 	bool is_login_id_param = handler != NULL;
 
+	if (is_login_id_param)
+		client->cmd_id->seen_internal_keys = TRUE;
+	else
+		client->cmd_id->seen_external_keys = TRUE;
+
 	if (!is_login_id_param) {
 		/* not an internal key */
 	} else if (client->id_logged) {
@@ -293,8 +298,22 @@ static void cmd_id_finish(struct imap_client *client)
 	if (!client->id_logged) {
 		client->id_logged = TRUE;
 
-		e_debug(client->cmd_id->params_event,
-			"Pre-login ID sent: %s",
+		if (client->cmd_id->seen_internal_keys)
+			event_add_str(client->cmd_id->params_event, "internal", "yes");
+		if (client->cmd_id->seen_external_keys)
+			event_add_str(client->cmd_id->params_event, "external", "yes");
+		if (client->common.connection_trusted)
+			event_add_str(client->cmd_id->params_event, "trusted", "yes");
+
+		const char *prefix;
+		if (!client->cmd_id->seen_internal_keys)
+			prefix = "Pre-login ID sent";
+		else if (client->common.connection_trusted) {
+			prefix = "Pre-login internal ID sent from trusted client";
+		} else {
+			prefix = "Pre-login internal ID sent from untrusted client - ignoring";
+		}
+		e_debug(client->cmd_id->params_event, "%s: %s", prefix,
 			str_sanitize(str_c(client->cmd_id->log_reply),
 				     IMAP_ID_PARAMS_LOG_MAX_LEN));
 	}