Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated
Anthony Prades
toony.debian at chezouam.net
Wed Feb 2 14:24:20 UTC 2011
On 02/02/2011 02:38 PM, Henrique de Moraes Holschuh wrote:
> On Wed, 02 Feb 2011, brian m. carlson wrote:
>> Please feel free to test against my server on port 587. Since you are
>> obviously not authorized to relay mail through my server, smtptest
>> should not claim you are authenticated.
> I might try that. But if one of the other maintainers could jump in and
> test it, I'd be grateful.
Hi,
I got the same from my french provider (see attach logs).
smtptest said that I'm authenticated.
Anthony
>>> Did you, perchance, try to do something that requires one to be
>>> authenticated to work?
>> Not originally, but over IPv6 everyone except localhost must be
>> authenticated. I've demonstrated something that requires authentication
>> (and fails) in the transcript, which I've included below:
> Good, so we have confirmed that it is some sort of stupid bug in the SASL
> client (smtptest), and not anything more dangerous.
>
>> S: 250 HELP
>> Authenticated.
>> Security strength factor: 256
> I hate when that happens. It logged a lot of useless trash, but not what
> was really important. Either that, or smtptest/SASL thinks it got external
> authentication going (where the TLS layer suceeding implies you're already
> autenticated), so there was nothing to capture in the first place.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smtptest_-_castro.crustytoothpaste.net.log
Type: text/x-log
Size: 14390 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20110202/b63c6d34/attachment.bin>
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list