Description

Implemented fix as proposed at: #3801 (comment)

• Additional test coverage added for OAuth2 (SMTP Auth + use curl for IMAP Auth test as well)
• plain login is used since this is intended for a bug fix release. In future we should probably drop login support.

fix: Dovecot PassDB should restrict allowed auth mechanisms:

• This prevents PassDBs incompatible with certain auth mechanisms from logging failures which accidentally triggers Fail2Ban.
• Instead only allow the PassDB to be authenticated against when it's compatible with the auth mechanism used.

tests: Use curl for OAuth2 login test-cases instead of netcat:

• curl provides this capability for both IMAP and SMTP authentication with a bearer token. It supports both XOAUTH2 and OAUTHBEARER mechanisms, as these updated test-cases demonstrate.

Fixes #3801

Type of change

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• If necessary I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have added information about changes made in this PR to CHANGELOG.md