Bug#611674: cyrus-clients-2.4: smtptest falsely claims user is authenticated

brian m. carlson sandals at crustytoothpaste.net
Mon Jan 31 20:51:49 UTC 2011 

Package: cyrus-clients-2.4
Version: 2.4.5-1
Severity: normal
File: /usr/bin/smtptest

If I use smtptest with the -a and -u options but without -m, it claims
that I am authenticated when I am not.  It does not even try to issue an
AUTH command.  I am certain that bk2204 at example.com is not an authorized
user at the domain I've specified (since I administer that server).
imtest does not do this; it tries to use LOGIN and prompts for a
password, which I believe is similar to what smtptest did in earlier
versions (except I think it used PLAIN).

Transcript:

  lakeview ok % smtptest -t "" -p 587 -a bk2204 at example.com -u bk2204 at example.com castro.crustytoothpaste.net
  S: 220 castro.crustytoothpaste.net ESMTP Sendmail 8.14.4/8.14.4/Debian-2; Mon, 31 Jan 2011 20:47:34 GMT; (No UCE/UBE) logging access from: [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e](FAIL)-[IPv6:2001:470:1f05:79:216:d3ff:feb3:801e]
  C: EHLO smtptest
  S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
  S: 250-ENHANCEDSTATUSCODES
  S: 250-PIPELINING
  S: 250-EXPN
  S: 250-VERB
  S: 250-8BITMIME
  S: 250-SIZE
  S: 250-DSN
  S: 250-ETRN
  S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5
  S: 250-STARTTLS
  S: 250-DELIVERBY
  S: 250 HELP
  C: STARTTLS
  S: 220 2.0.0 Ready to start TLS
  verify error:num=18:self signed certificate
  TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
  C: EHLO smtptest
  S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
  S: 250-ENHANCEDSTATUSCODES
  S: 250-PIPELINING
  S: 250-EXPN
  S: 250-VERB
  S: 250-8BITMIME
  S: 250-SIZE
  S: 250-DSN
  S: 250-ETRN
  S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN
  S: 250-DELIVERBY
  S: 250 HELP
  Authenticated.
  Security strength factor: 256
  QUIT
  221 2.0.0 castro.crustytoothpaste.net closing connection
  Connection closed.


-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cyrus-clients-2.4 depends on:
ii  libc6                   2.11.2-10        Embedded GNU C Library: Shared lib
ii  libdb4.8                4.8.30-3         Berkeley v4.8 Database Libraries [
ii  libsasl2-2              2.1.23.dfsg1-7   Cyrus SASL - authentication abstra
ii  libssl0.9.8             0.9.8o-4         SSL shared libraries
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

cyrus-clients-2.4 recommends no packages.

cyrus-clients-2.4 suggests no packages.

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20110131/088df1b5/attachment.pgp>

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list