Open rawhide-kobayashi opened 3 years ago
jasonmunro
commented
3 years ago I cannot reproduce this yet. Seems to be doing the right thing in selecting only the first supported mech in my tests. Thanks for the report and I will try to reproduce again and let you know!
marclaporte
commented
2 years ago @rawhide-kobayashi Any chance you could join us on https://gitter.im/cypht-org/community to help reproduce this?
Thanks!
marclaporte
commented
6 months ago @rawhide-kobayashi
Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0
marclaporte
commented
1 month ago @rawhide-kobayashi Last call :-)
Please test latest stable: https://github.com/cypht-org/cypht/releases/
Maybe a bit less of a bug, more of a design oversight, but anyway.
Cypht will fail to authenticate, despite valid authentication methods being available, if the first one listed is not supported by Cypht. For example, this authentication message works with Thunderbird and Roundcube, but not with Cypht.
Does not work: 250-AUTH GSSAPI PLAIN Works: 250-AUTH PLAIN GSSAPI
Receiving the first string causes Cypht to immediately drop the connection with no further information provided to the SMTP server. Receiving the second causes it to proceed with PLAIN auth, as would normally be expected in both cases.
Steps to reproduce
For me, this is "solved" by changing the order of authentication methods in saslauthd's smtp mech_list config line from "GSSAPI PLAIN to "PLAIN GSSAPI". However, the way AUTH is parsed appears to be fundamentally flawed. I'm no PHP wiz, but I believe the problem area is likely here: https://github.com/jasonmunro/cypht/blob/master/modules/smtp/hm-smtp.php#L316