Re: [jira] [Commented] (JAMES-1504) POP3 AUTHENTIFICATION

Mon, 29 Apr 2013 15:37:03 -0700 

Hi!
I'm telnet from the same host james running,but 127.0.0.1/8 is removed from 
authenticated address and a failed testing has being done,sorry for my poor 
english.

"Eric Charles (JIRA)" <server-dev@james.apache.org>编写:


    [ 
https://issues.apache.org/jira/browse/JAMES-1504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13644673#comment-13644673
 ]

Eric Charles commented on JAMES-1504:
-------------------------------------

Hi,
I have retested:

220 domU-12-31-39-0F-80-2F JAMES SMTP Server Server (JAMES SMTP Server ) ready
ehlo test
250-domU-12-31-39-0F-80-2F Hello test [82.28.174.1])
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
auth login
334 VXNlcm5hbWU6
e...@test.com
334 UGFzc3dvcmQ6
fakebase64==
535 Authentication Failed

The authentication fails.

Maybe you are telneting from the same host as James ? in which case the default 
config is (if I remember) well more persmissive, in the sense that no 
authentication is required.

Thx, Eric


> POP3 AUTHENTIFICATION
> ---------------------
>
>                 Key: JAMES-1504
>                 URL: https://issues.apache.org/jira/browse/JAMES-1504
>             Project: James Server
>          Issue Type: Bug
>          Components: SMTPServer
>    Affects Versions: 3.0.0-beta5
>         Environment: Windows 7,JDK7
>            Reporter: 杨勐
>            Assignee: Eric Charles
>            Priority: Critical
>              Labels: security
>             Fix For: 3.0.0-beta5
>
>         Attachments: screenshot-1.jpg, screenshot-2.jpg, telnet.jpg
>
>
> Telnet mysmtpserver 25 may login with part match base64 encoded password.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to