Hi All,
Im new to the list, but Ive been using James for a while and Ive just started using
2.0a2. The first thing I tried was SMTP authentication since Id built my own smtp
authentication hack into 1.2, but that required users put their login and password
into a header to be stripped out.
Anyway, 2.0a2 doesnt work as is. After James and the client have finished their
authentication dialogue and James is happy, the client always seems to send a RSET
command which removes the fact that the user is authenticated from the email dialogue
state. Remembering the authenticated user in SMTPHandler.resetState() seems to fix it
private void resetState() {
String user = (String) state.get(AUTH);
state.clear();
state.put(SERVER_NAME, this.helloName);
state.put(SERVER_TYPE, this.softwaretype);
state.put(REMOTE_NAME, remoteHost);
state.put(REMOTE_IP, remoteIP);
state.put(SMTP_ID, smtpID);
// seems that after authenticating an smtp client sends
// a RSET, so we need to remember that they are authenticated
if(user != null){
state.put(AUTH, user);
}
}
Once this was working it lead to another bug, if the server requires SMTP
authentication it should only challenge requests for hosts outside its local network,
and this is tested in SMTPHandler.doRCPT which tests the destination host with
James.isLocalServer(String). The bug here is that the server strings comparison is not
case-sensitive, so that if I send an email to [EMAIL PROTECTED] from outside the local
network without SMTP authentication and the domain is defined as Open-IQ.com in the
xml config then the mail is rejected as unauthorised. Heres one solution.
public boolean isLocalServer(final String serverName) {
Iterator eachName = serverNames.iterator();
while (eachName.hasNext()) {
String thisName = (String) eachName.next();
if (thisName.compareToIgnoreCase(serverName) == 0) {
return true;
}
}
return false;
}
bye,
Kevin.
