Re: Sasl client SMTP AUTH PLAIN syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 1/6/20 2:37 AM, Tom Hans wrote:
Hello there,

I have a tricky issue and cannot find any solution for it.
The issue looks like the following:
I have a postfix server which relays all emails to another mail server.
The postfix server have to use AUTH PLAIN for authorization, TLS is enforfec for security.
Therefore I configured postfix with cyrus sasl.

I can see that my configuration is working and cyrus generates the correct base64 string for authorization and postfix uses this too by sending the following line:

AUTH PLAIN AG5zc0RTaFRYL2krc25jdjA=

The receiving server response with: 500 syntax error
Because of this I tested the communication manually using openssl and I was able to find the main issue, the receiving server needs to have the following dialog: (C: Postix, S: receiving instance):
C: AUTH PLAIN
S: 334
C: AG5zc0RTaFRYL2krc25jdjA=


First off, the receiving SMTP server is buggy if it doesn't support the initial response after the SASL mechanism name, per RFC 4954.



Is it possible to use this longer syntax by doing some changes in cyrus?


It is up to the client application (Postfix) to tell determine whether the protocol (SMTP) and/or the SASL mechanism (PLAIN) supports an initial client response and call sasl_client_start() with the appropriate clientout parameter.  For this buggy SMTP server, Postfix should either use a NULL value for clientout, or NOT send the generated value with the AUTH command and wait for an empty server challenge.

The bottom line is that Cyrus SASL knows nothing about the application protocol and simply does what the application asks it to do.


--

Ken Murchison
Cyrus Development Team
Fastmail US LLC




[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux