Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated
Henrique de Moraes Holschuh
hmh at debian.org
Wed Feb 2 00:49:44 UTC 2011
On Mon, 31 Jan 2011, brian m. carlson wrote:
> If I use smtptest with the -a and -u options but without -m, it claims
> that I am authenticated when I am not. It does not even try to issue an
> AUTH command. I am certain that bk2204 at example.com is not an authorized
> user at the domain I've specified (since I administer that server).
...
> S: 220 2.0.0 Ready to start TLS
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> C: EHLO smtptest
> S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
> S: 250-ENHANCEDSTATUSCODES
> S: 250-PIPELINING
> S: 250-EXPN
> S: 250-VERB
> S: 250-8BITMIME
> S: 250-SIZE
> S: 250-DSN
> S: 250-ETRN
> S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN
> S: 250-DELIVERBY
> S: 250 HELP
> Authenticated.
> Security strength factor: 256
We need the full telemetry to see what SASL is doing. Please run it in
verbose mode. If it autenticated through GSSAPI, for example, it might not
require a password.
Did you, perchance, try to do something that requires one to be
authenticated to work?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list