Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated
brian m. carlson
sandals at crustytoothpaste.net
Mon Jan 31 20:51:49 UTC 2011
Package: cyrus-clients-2.4
Version: 2.4.5-1
Severity: normal
File: /usr/bin/smtptest
If I use smtptest with the -a and -u options but without -m, it claims
that I am authenticated when I am not. It does not even try to issue an
AUTH command. I am certain that bk2204 at example.com is not an authorized
user at the domain I've specified (since I administer that server).
imtest does not do this; it tries to use LOGIN and prompts for a
password, which I believe is similar to what smtptest did in earlier
versions (except I think it used PLAIN).
Transcript:
lakeview ok % smtptest -t "" -p 587 -a bk2204 at example.com -u bk2204 at example.com castro.crustytoothpaste.net
S: 220 castro.crustytoothpaste.net ESMTP Sendmail 8.14.4/8.14.4/Debian-2; Mon, 31 Jan 2011 20:47:34 GMT; (No UCE/UBE) logging access from: [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e](FAIL)-[IPv6:2001:470:1f05:79:216:d3ff:feb3:801e]
C: EHLO smtptest
S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250-ETRN
S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5
S: 250-STARTTLS
S: 250-DELIVERBY
S: 250 HELP
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: EHLO smtptest
S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250-ETRN
S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN
S: 250-DELIVERBY
S: 250 HELP
Authenticated.
Security strength factor: 256
QUIT
221 2.0.0 castro.crustytoothpaste.net closing connection
Connection closed.
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cyrus-clients-2.4 depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-3 Berkeley v4.8 Database Libraries [
ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra
ii libssl0.9.8 0.9.8o-4 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
cyrus-clients-2.4 recommends no packages.
cyrus-clients-2.4 suggests no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20110131/088df1b5/attachment.pgp>
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list