Re: [exim] Authenticate to saslauthd

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Daniel Aquino
CC: exim-users
Subject: Re: [exim] Authenticate to saslauthd
On 2008-01-14 at 20:23 -0500, Daniel Aquino wrote:
> How come when I turn off the advertising, does authentication always pass.


It doesn't.

> Even though the AUTH command doesn't work cause its not advertised???
>
> Here is my output of smtptest without advertising:


smtptest is a program which ships with Cyrus IMAP and which speaks imap,
pop3, nttp, lmtp, smtp, mupdate, sieve or csync depending upon how it
was invoked. Somehow, I find myself lacking confidence that it is
always the most solid indicator of protocol compliance.

Indeed, reading the code xmtp_do_auth() returns IMTEST_OK unless there's
a mechanism or mechanism list to authenticate with. "If the server
doesn't ask for authentication, we're anonymous and have passed
authentication".

Try Tony Finch's "smtpc" from:
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/src/smtpc/
or John Jetmore's "swaks" from:
http://jetmore.org/john/code/#swaks

> S: 220 mockingbird.bayshorenetworks.com ESMTP Exim 4.68 Mon, 14 Jan
> 2008 19:36:18 -0500
> C: EHLO example.com
> S: 250-mockingbird.bayshorenetworks.com Hello localhost [127.0.0.1]
> S: 250-SIZE 52428800
> S: 250-PIPELINING
> S: 250-STARTTLS
> S: 250 HELP
> Authenticated.


Clearly, either there was no authentication or the diagnostic tool you
chose suddently decided to stop showing what was going on for the
duration of the authentication.

> Is that just a smtptest oddity ?


"Oddity", that word covers so many meanings. Yes, I believe that you
are seeing an smtptest oddity.

-Phil