RFC 2221 (rfc2221) - Page 3 of 5
IMAP4 Login Referrals
Alternative Format: Original Text Document
RFC 2221 IMAP4 Login Referrals October 1997 Example: C: A001 LOGIN MATTHEW PASSWORD S: A001 OK [REFERRAL IMAP://MATTHEW@SERVER2/] Specified user's personal mailboxes located on Server2, but public mailboxes are available. Example: C: A001 AUTHENTICATE GSSAPIS: A001 NO [REFERRAL IMAP://user;AUTH=GSSAPI@SERVER2/] Specified user is invalid on this server. Try SERVER2. 4.2. BYE at connection startup referral An IMAP4 server MAY respond with an untagged BYE and a REFERRAL response code that contains an IMAP URL to a home server if it is not willing to accept connections and wishes to direct the client to another IMAP4 server. Example: S: * BYE [REFERRAL IMAP://user;AUTH=*@SERVER2/] Server not accepting connections. Try SERVER2 5. Formal Syntax The following syntax specification uses the augmented Backus-Naur Form (BNF) as described in [ABNF]. This amends the "resp_text_code" element of the IMAP4 grammar described in [RFC-2060] resp_text_code =/ "REFERRAL" SPACE ; See [IMAP-URL] for definition of ; See [RFC-2060] for base definition of resp_text_code 6. Security Considerations The IMAP4 login referral mechanism makes use of IMAP URLs, and as such, have the same security considerations as general internet URLs [RFC-1738], and in particular IMAP URLs [IMAP-URL]. A server MUST NOT give a login referral if authentication for that user fails. This is to avoid revealing information about the user's account to an unauthorized user. With the LOGIN-REFERRALS capability, it is potentially easier to write a rogue 'password catching' server that collects login data and then refers the client to their actual IMAP4 server. Although referrals reduce the effort to write such a server, the referral response makes detection of the intrusion easier. Gahrns Standards Track
