[
https://issues.apache.org/jira/browse/JAMES-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix updated JAMES-4207:
-------------------------
Summary: ManageSieve sends capabilities after every AUTH (was: ManageSieve
sends AUTHENTICATE)
> ManageSieve sends capabilities after every AUTH
> -----------------------------------------------
>
> Key: JAMES-4207
> URL: https://issues.apache.org/jira/browse/JAMES-4207
> Project: James Server
> Issue Type: Bug
> Affects Versions: master
> Reporter: Felix
> Priority: Major
> Fix For: master
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> James sends ManageSieve capabilities after every successful AUTHENTICATE
> command.
> This was introduced with
> [https://github.com/apache/james-project/commit/1819fddf13c88476a0766ccc91c81d66d14da682].
>
> However, the relevant RFC (5804, section 4) states:
> {code:java}
> response-authenticate = *(string CRLF)
> ((response-ok [response-capability]) /
> response-nobye)
> ;; <response-capability> is REQUIRED if a
> ;; SASL security layer was negotiated and
> ;; MUST be omitted otherwise.{code}
> I think that all authentication mechanisms supported by James (PLAIN, LOGIN,
> XOAUTH2, OAUTHBEARER) do not negotiate a SASL layer.
> The server must therefore omit the capabilities.
> There was a similar discussion here:
> [https://github.com/thsmi/sieve/issues/480]
> I can confirm that the Roundcube webmail client does not expect capabilities
> and fails to use managesieve with James.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
