For the life of me, I can't figure out what's wrong here.
Here's the symptom:
My client connects, and EHLO's.
The response includes "STARTTLS" which is good.
The response includes "AUTH PLAIN" which is bad.
The client does STARTTLS. It is successful, but gives the result:
503 STARTTLS command used when not advertised
There are two problems, which are probably just symptoms of a single
screw-up somewhere.
#1 It is advertising AUTH PLAIN before it should. (should only advertise
on encrypted connection)
#2 It is claiming STARTTLS was not advertised for some reason... I don't
know why. Because it *was* advertised.
In the "Main" section of my config file, I have:
tls_advertise_hosts = *
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
In the "Authentication" section of my config file, I have:
PLAIN:
driver = plaintext
server_set_id = $auth2
server_condition = ${run{/bin/gmail-auth.py $2 $3}{Yes}{No}}
#server_advertise_condition = ${if def:tls_cipher }
I thought maybe the server_advertise_condition was my problem, so I
commented it out, but same behavior.
Can somebody please tell me why AUTH is being advertised too soon? And if
there's anything else here I'm obviously doing wrong?
Thanks...
