Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated
Henrique de Moraes Holschuh
hmh at debian.org
Wed Feb 2 13:38:34 UTC 2011
On Wed, 02 Feb 2011, brian m. carlson wrote:
> Please feel free to test against my server on port 587. Since you are
> obviously not authorized to relay mail through my server, smtptest
> should not claim you are authenticated.
I might try that. But if one of the other maintainers could jump in and
test it, I'd be grateful.
> > Did you, perchance, try to do something that requires one to be
> > authenticated to work?
>
> Not originally, but over IPv6 everyone except localhost must be
> authenticated. I've demonstrated something that requires authentication
> (and fails) in the transcript, which I've included below:
Good, so we have confirmed that it is some sort of stupid bug in the SASL
client (smtptest), and not anything more dangerous.
> S: 250 HELP
> Authenticated.
> Security strength factor: 256
I hate when that happens. It logged a lot of useless trash, but not what
was really important. Either that, or smtptest/SASL thinks it got external
authentication going (where the TLS layer suceeding implies you're already
autenticated), so there was nothing to capture in the first place.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list