Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated

Tue, 01 Feb 2011 20:48:17 -0800 

On 01/02/11 22:49 -0200, Henrique de Moraes Holschuh wrote:

On Mon, 31 Jan 2011, brian m. carlson wrote:

If I use smtptest with the -a and -u options but without -m, it claims
that I am authenticated when I am not.  It does not even try to issue an
AUTH command.  I am certain that bk2...@example.com is not an authorized
user at the domain I've specified (since I administer that server).


...


  S: 220 2.0.0 Ready to start TLS
  verify error:num=18:self signed certificate
  TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 
bits)
  C: EHLO smtptest
  S: 250-castro.crustytoothpaste.net Hello 
[IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
  S: 250-ENHANCEDSTATUSCODES
  S: 250-PIPELINING
  S: 250-EXPN
  S: 250-VERB
  S: 250-8BITMIME
  S: 250-SIZE
  S: 250-DSN
  S: 250-ETRN
  S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN
  S: 250-DELIVERBY
  S: 250 HELP
  Authenticated.
  Security strength factor: 256


We need the full telemetry to see what SASL is doing.  Please run it in
verbose mode.  If it autenticated through GSSAPI, for example, it might not
require a password.

Did you, perchance, try to do something that requires one to be
authenticated to work?


This does not appear to be related specifically to smtptest, but possibly
to several of the *test binaries using the imtest.c source.

To simplify things, this works like so using 2.2.13:

$ smtptest mail.olp.net
S: 220 pinky.olp.net ESMTP Postfix (Debian/GNU)
C: EHLO example.com
S: 250-pinky.olp.net
S: 250-PIPELINING
S: 250-SIZE 23405714
S: 250-VRFY
S: 250-ETRN
S: 250-STARTTLS
S: 250-AUTH GSSAPI OTP LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: 250-AUTH=GSSAPI OTP LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: 250-ENHANCEDSTATUSCODES
S: 250-8BITMIME
S: 250 DSN
C: AUTH DIGEST-MD5
<output cut>
Authentication failed. generic failure


and


$ lmtptest -p 2004 neo.olp.net
S: 220 neo Cyrus LMTP Murder v2.3.12-Debian-2.3.12-1-5 server ready
C: LHLO example.com
S: 250-neo
S: 250-8BITMIME
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-SIZE
S: 250-STARTTLS
S: 250-AUTH CRAM-MD5 PLAIN GSSAPI OTP DIGEST-MD5 LOGIN
S: 250 IGNOREQUOTA
C: AUTH DIGEST-MD5
<output removed>
S: 501 5.5.4 undefined error!
Authentication failed. generic failure


However, using an upstream 2.4.6 installation (not installed from a Debian
package):

$ smtptest mail.olp.net
S: 220 pinky.olp.net ESMTP Postfix (Debian/GNU)
C: EHLO smtptest
S: 250-pinky.olp.net
S: 250-PIPELINING
S: 250-SIZE 23405714
S: 250-VRFY
S: 250-ETRN
S: 250-STARTTLS
S: 250-AUTH GSSAPI OTP LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: 250-AUTH=GSSAPI OTP LOGIN PLAIN DIGEST-MD5 CRAM-MD5
S: 250-ENHANCEDSTATUSCODES
S: 250-8BITMIME
S: 250 DSN
Authenticated.
Security strength factor: 0

# lmtptest -p 2004 neo.olp.net
S: 220 neo Cyrus LMTP Murder v2.3.12-Debian-2.3.12-1-5 server ready
C: LHLO lmtptest
S: 250-neo
S: 250-8BITMIME
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-SIZE
S: 250-STARTTLS
S: 250-AUTH CRAM-MD5 PLAIN GSSAPI OTP DIGEST-MD5 LOGIN
S: 250 IGNOREQUOTA
Authenticated.
Security strength factor: 0

Only if I specify a -m option does the client attempt to authenticate.

--
Dan White



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org























					Reply via email to