Do we have a bug filed for this? Would be good to keep track of it. Aaron
On Tue, Aug 2, 2005, Jesse Norell <[EMAIL PROTECTED]> said: > I ran across exactly the same issue mentioned in > http://twister.fastxs.net/pipermail/dbmail-dev/2004-May/003852.html > recently, while setting up an openwebmail installation, > so I did a bit of looking into it. > >>From rfc 1734: > > If the requested > authentication mechanism is not supported, the server > should reject the AUTH command by sending a negative > response. > > dbmail-pop3d doesn't support any AUTH mechanisms, so any requested > should return some -ERR (which 2.0.x and 2.1.x do, but not 1.2.x). > Nowhere does it allow an "AUTH" command without naming a mechanism, > so doing so should also return an -ERR. So in pop3.c, this section: > > case POP3_AUTH: > { > if (session->state != POP3_AUTHORIZATION_STATE) > return pop3_error(session, stream, > "-ERR wrong command mode, > sir\r\n"); > /* if we get anything but the naked "auth" command, > * we return an error */ > if (value != NULL) > return pop3_error(session, stream, > "-ERR unknown authorization > mechanism\r\n"); > > fprintf((FILE *) stream, > "+OK List of supported mechanisms\r\n" > "X-NONE-SO-USE-APOP\r\n.\r\n"); > return 1; > } > > should change to something more like: > > case POP3_AUTH: > { > if (session->state != POP3_AUTHORIZATION_STATE) > return pop3_error(session, stream, > "-ERR wrong command mode, > sir\r\n"); > fprintf((FILE *) stream, > "-ERR AUTH command not supported.\r\n"); > return 1; > } > > > 1.2.x source is almost that already, just need to change the > +OK message to the above -ERR message. That should fix > openwebmail and probably some others. > > -- > Jesse Norell - [EMAIL PROTECTED] > Kentec Communications, Inc. > > _______________________________________________ > Dbmail-dev mailing list > Dbmail-dev@dbmail.org > http://twister.fastxs.net/mailman/listinfo/dbmail-dev > --
